IOC Report
Qjq85KfhBC.exe

loading gif

Files

File Path
Type
Category
Malicious
Qjq85KfhBC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Qjq85KfhBC.exe_daf3d5c713be60c31f28bdc3a763cd41c962bc7d_fd58a4f4_8a4be26c-4141-4233-baf7-0c752d32c8e0\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x5f1e8a73, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FBC.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Oct 25 17:27:15 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91B1.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91E1.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91EF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER924D.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\zb0m0p4i.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\3Q2U6NXT.log
Unicode text, UTF-16, little-endian text, with very long lines (621), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\AV4P72YG.WNT\QWOXXCB2.CR6\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\WPJ32R11.A7J\XJ32B99D.HLB.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
modified
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 68 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Qjq85KfhBC.exe
"C:\Users\user\Desktop\Qjq85KfhBC.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=%2f&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q3JDG51V.APM\A1EBH2Z2.XZ4\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "bd7f42b5-0144-4d3f-871e-9605118ce260" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7648 -ip 7648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 748
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe7
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdng
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application9
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationng
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application.
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.185
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
unknown
https://secure.stansup.com
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application89O
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.apdr
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exek
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationg
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604fg:Complet
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationXZ4
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/scken
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationX
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601roofManage
unknown
http://Passport.NET/tb_
unknown
https://login.live
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exeo
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.Cli
unknown
http://ns.adobe.c
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.a
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.185
https://account.live.com/msangcwam
unknown
https://login.microsoftonline.com/MSARS
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationp
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.185
http://www.w3.or
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationtm
unknown
http://crl.ver)
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
unknown
http://passport.net/tb
unknown
https://secure.staP
unknown
https://account.live.com/Wizard/Password/Change?id=80601Auth
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd04/01
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605teAccountC
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windo
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or
unknown
https://g.live.com/odclientsettings/Prod-C:
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.dll
79.110.49.185
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dllL
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
unknown
https://login.microsoftonline.com/MSARSEnte
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dll
79.110.49.185
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/ws/2004/09/policysrf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://Passport.NET/STS
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configHW
unknown
http://docs.oasis-open.org/wss/2
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603rf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicat
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.configrW6z
unknown
http://www.w3.o
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dll
79.110.49.185
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifest
79.110.49.185
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlepk
unknown
https://signup.live.com/signup.aspx
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe
79.110.49.185
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe:U
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://secure.stansup.com/Bin/ScreenConnect.Core.dll
79.110.49.185
http://ocsp.digi
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsCl
unknown
https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
unknown
http://upx.sf.net
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application89G
unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Mic
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf(
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
secure.stansup.com
79.110.49.185
kjh231a.zapto.org
79.110.49.185
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.21
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
79.110.49.185
secure.stansup.com
Germany

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)
NULL
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!010000004094730b3c1e0000281f000000000000000000002f3cd852b628db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!1000000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0e00000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0c00000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0a00000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!0800000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!0600000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!0400000002dc950b3c1e0000281f00000000000000000000ad60f18dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!1100000012dc950b3c1e0000281f0000000000000000000049c3f38dbb28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
ProgramId
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
FileId
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
LowerCaseLongPath
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
LongPathHash
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Name
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
OriginalFileName
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Publisher
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Version
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
BinFileVersion
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
BinaryType
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
ProductName
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
ProductVersion
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
LinkDate
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
BinProductVersion
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
AppxPackageFullName
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
AppxPackageRelativeId
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Size
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Language
\REGISTRY\A\{65f525f6-3040-03ad-06bb-ad10c2518ab0}\Root\InventoryApplicationFile\qjq85kfhbc.exe|f43e64d35ee099ff
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!0e000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0c000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0a000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!08000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!06000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!04000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!02000000b81f500084100000080900000000000000000000944c3c380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!1c000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!1a000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!18000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!16000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!14000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!12000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!10000000d71f500084100000080900000000000000000000651141380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!1d000000e61f500084100000080900000000000000000000827443380327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_98134c89f0fa827c
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_503889a8656f441d
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)
ImagePath
There are 184 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6C88AF3000
stack
page read and write
1B086000
heap
page read and write
7FF7BFFC0000
trusted library allocation
page read and write
7FF7C02C0000
trusted library allocation
page read and write
194BF410000
unkown
page read and write
2074568E000
heap
page read and write
1E11B955000
heap
page read and write
7F0000
heap
page read and write
11D000
unkown
page readonly
1E11BEB0000
heap
page read and write
31A0000
heap
page read and write
21CEA980000
heap
page read and write
C7B000
stack
page read and write
21CEC731000
heap
page read and write
21CEA322000
trusted library allocation
page read and write
21CEC74C000
heap
page read and write
21CD02A8000
trusted library allocation
page read and write
21CE03F0000
trusted library allocation
page read and write
556517B000
stack
page read and write
7FF7C00C0000
trusted library allocation
page read and write
1E11B0E2000
heap
page read and write
190000
heap
page read and write
1E11B97E000
heap
page read and write
4F1000
stack
page read and write
1E11B92B000
heap
page read and write
7FF7BFF95000
trusted library allocation
page read and write
921000
unkown
page read and write
21CCE6E0000
heap
page read and write
11E0000
heap
page read and write
7FF7BFDD4000
trusted library allocation
page read and write
607000
heap
page read and write
2074AAE0000
trusted library allocation
page read and write
1E11BF02000
heap
page read and write
21CEC664000
heap
page read and write
1C770000
heap
page execute and read and write
1E11B082000
heap
page read and write
6C890F8000
stack
page read and write
4100000
heap
page execute and read and write
1E11BEC9000
heap
page read and write
21CE8A8E000
heap
page read and write
15AD000
heap
page read and write
1E11B937000
heap
page read and write
7FF7BFFB0000
trusted library allocation
page read and write
1E11B958000
heap
page read and write
1B074000
heap
page read and write
C20000
heap
page read and write
530000
trusted library allocation
page read and write
DAB000
heap
page read and write
585000
heap
page read and write
1E11B92C000
heap
page read and write
1B000000
heap
page read and write
1BC9B000
heap
page read and write
1E11B03F000
heap
page read and write
21CEA969000
heap
page read and write
109C000
heap
page read and write
1E11B92C000
heap
page read and write
18D0000
trusted library allocation
page read and write
1BC20000
heap
page read and write
7FF7BFFA6000
trusted library allocation
page read and write
20745C80000
trusted library allocation
page read and write
1E11AFE0000
trusted library allocation
page read and write
1E11B957000
heap
page read and write
1E20000
trusted library allocation
page read and write
6C89D7F000
stack
page read and write
3130000
heap
page read and write
363DAFB000
stack
page read and write
194BF713000
heap
page read and write
1E11B959000
heap
page read and write
7FF7BFDC0000
trusted library allocation
page read and write
1E11B12C000
heap
page read and write
7FF7C0282000
trusted library allocation
page read and write
7FF7BFF50000
trusted library allocation
page read and write
1E11B959000
heap
page read and write
2074AE00000
trusted library allocation
page read and write
21CE90ED000
heap
page read and write
1C36000
trusted library allocation
page read and write
1E11BE36000
heap
page read and write
1E11B956000
heap
page read and write
556407E000
stack
page read and write
7FF7C0170000
trusted library allocation
page read and write
1BC30000
heap
page read and write
626D5FE000
stack
page read and write
1069000
heap
page read and write
12BE000
stack
page read and write
7FF7C00A0000
trusted library allocation
page read and write
1AEFE000
stack
page read and write
C40000
heap
page read and write
1E11B11A000
heap
page read and write
21CD081A000
trusted library allocation
page read and write
111000
unkown
page execute read
1E11B08E000
heap
page read and write
1595000
heap
page read and write
1E11B977000
heap
page read and write
21CEA947000
heap
page read and write
20745E00000
heap
page read and write
A40000
unkown
page readonly
556557E000
unkown
page readonly
2074ACC5000
heap
page read and write
1BCFE000
heap
page read and write
1B80D000
stack
page read and write
7FF7BFFA0000
trusted library allocation
page read and write
7FF7C02D3000
trusted library allocation
page read and write
1E11B974000
heap
page read and write
21CEA91A000
heap
page read and write
2074ACC7000
heap
page read and write
AB0000
heap
page execute and read and write
175E000
stack
page read and write
4070000
trusted library allocation
page read and write
13281000
trusted library allocation
page read and write
21CE90A0000
heap
page read and write
18D2000
trusted library allocation
page read and write
21CE0221000
trusted library allocation
page read and write
91B000
unkown
page readonly
1900000
trusted library allocation
page read and write
20746590000
trusted library allocation
page read and write
7FF7C0020000
trusted library allocation
page read and write
7FF7C0110000
trusted library allocation
page read and write
1BABD000
stack
page read and write
20745F00000
heap
page read and write
1E11B12B000
heap
page read and write
7FF7BFFCE000
trusted library allocation
page read and write
1E11B952000
heap
page read and write
1E11BF15000
heap
page read and write
21CEA8E0000
heap
page read and write
6C8987E000
stack
page read and write
21CE8A79000
heap
page read and write
1940000
heap
page execute and read and write
363D9FE000
unkown
page readonly
556467B000
stack
page read and write
1C8F000
trusted library allocation
page read and write
3080000
heap
page read and write
7FF7BFE70000
trusted library allocation
page execute and read and write
FC4000
trusted library allocation
page read and write
921000
unkown
page write copy
1BC6C000
heap
page read and write
FD0000
heap
page read and write
3190000
unkown
page readonly
2074AE70000
remote allocation
page read and write
1CD0000
trusted library allocation
page read and write
1E11BE0C000
heap
page read and write
FD4000
trusted library allocation
page read and write
2074ACE8000
heap
page read and write
363E1FC000
stack
page read and write
207456FF000
heap
page read and write
7FF7BFF70000
trusted library allocation
page read and write
18D6000
trusted library allocation
page execute and read and write
1E11B102000
heap
page read and write
11D000
unkown
page readonly
21CCE74C000
heap
page read and write
21CEA9F6000
heap
page read and write
1E11B952000
heap
page read and write
21CEA955000
heap
page read and write
48A0000
trusted library allocation
page read and write
7FF7C0045000
trusted library allocation
page read and write
21CE8A5A000
heap
page read and write
40D0000
trusted library allocation
page execute and read and write
1553000
heap
page read and write
1622000
heap
page read and write
1E11BEA8000
heap
page read and write
1E11B97A000
heap
page read and write
20745676000
heap
page read and write
110000
unkown
page readonly
21CE9010000
heap
page read and write
1B4F0000
heap
page read and write
2074ACF7000
heap
page read and write
923000
unkown
page readonly
18E2000
trusted library allocation
page read and write
21CEC6EF000
heap
page read and write
7FF7BFE5C000
trusted library allocation
page execute and read and write
1E11B07C000
heap
page read and write
2980000
trusted library allocation
page read and write
20745713000
heap
page read and write
20746680000
trusted library section
page readonly
21CE04E6000
trusted library allocation
page read and write
2074ABA0000
trusted library allocation
page read and write
5F8D000
stack
page read and write
3270000
heap
page read and write
E3E000
stack
page read and write
E50000
heap
page read and write
7FF7C0013000
trusted library allocation
page read and write
1B6C3000
heap
page execute and read and write
15ED000
heap
page read and write
21CCE5E0000
heap
page read and write
1E11B954000
heap
page read and write
6C89A7C000
stack
page read and write
1E11BE9A000
heap
page read and write
18A0000
trusted library allocation
page read and write
21CE8FA0000
heap
page read and write
7FF7C01D0000
trusted library allocation
page execute and read and write
20746690000
trusted library section
page readonly
1E11B930000
heap
page read and write
20745729000
heap
page read and write
F77000
heap
page read and write
2074AC00000
heap
page read and write
1E11BD40000
remote allocation
page read and write
1E11B96B000
heap
page read and write
1E11BECB000
heap
page read and write
194BF448000
heap
page read and write
1E11B980000
heap
page read and write
2B4F000
trusted library allocation
page read and write
7FF7C0031000
trusted library allocation
page read and write
5565CFE000
stack
page read and write
18B3000
trusted library allocation
page execute and read and write
7FF7BFF55000
trusted library allocation
page read and write
1BC5F000
heap
page read and write
21CCE850000
heap
page read and write
7FF7BFDB4000
trusted library allocation
page read and write
15C3000
heap
page read and write
28B0000
unkown
page readonly
21CE8FA5000
heap
page read and write
7FF7C0090000
trusted library allocation
page read and write
3FD0000
trusted library allocation
page read and write
55652FE000
stack
page read and write
1E11B959000
heap
page read and write
1E11BF00000
heap
page read and write
1BCE1000
heap
page read and write
1190000
heap
page read and write
3192000
unkown
page readonly
1E11AEB0000
heap
page read and write
7FF7C0160000
trusted library allocation
page read and write
1E11B92A000
heap
page read and write
21CEC68B000
heap
page read and write
21CEC676000
heap
page read and write
1E11BE46000
heap
page read and write
5564FFE000
stack
page read and write
194BF702000
heap
page read and write
1BBDA000
heap
page read and write
1637000
heap
page read and write
1BC8B000
heap
page read and write
7FF7C0126000
trusted library allocation
page read and write
187F000
stack
page read and write
1E11B0AA000
heap
page read and write
124000
unkown
page read and write
7FF7C0100000
trusted library allocation
page read and write
207456AD000
heap
page read and write
7FF7BFF80000
trusted library allocation
page read and write
21CE8AA7000
heap
page read and write
1E11B13B000
heap
page read and write
1E11B077000
heap
page read and write
7FF7C0010000
trusted library allocation
page read and write
20745679000
heap
page read and write
1E1A000
trusted library allocation
page read and write
194BF300000
heap
page read and write
7FF7C00E0000
trusted library allocation
page read and write
1E11B954000
heap
page read and write
20745F5A000
heap
page read and write
7FF7BFDDD000
trusted library allocation
page execute and read and write
1A8FD000
stack
page read and write
1E11B956000
heap
page read and write
15EB000
heap
page read and write
1E11B930000
heap
page read and write
7FF7BFFD4000
trusted library allocation
page read and write
FFB000
trusted library allocation
page execute and read and write
7FF7C02E0000
trusted library allocation
page read and write
7FF7BFF70000
trusted library allocation
page read and write
21CE8EC3000
heap
page read and write
21CD046A000
trusted library allocation
page read and write
1E11B95D000
heap
page read and write
7FF7BFFC6000
trusted library allocation
page read and write
5564E79000
stack
page read and write
1E11BE74000
heap
page read and write
20745F1A000
heap
page read and write
2074AB00000
trusted library allocation
page read and write
1E11B900000
heap
page read and write
1BBB0000
heap
page read and write
1E11BE02000
heap
page read and write
2074ACE8000
heap
page read and write
FF7000
trusted library allocation
page execute and read and write
1020000
heap
page read and write
1652000
heap
page read and write
1E11B93B000
heap
page read and write
1E11BE9B000
heap
page read and write
21CCE737000
heap
page read and write
1E11B07C000
heap
page read and write
7FF7C02AE000
trusted library allocation
page read and write
DF0000
heap
page read and write
57D000
heap
page read and write
1500000
trusted library allocation
page read and write
1C1BE000
stack
page read and write
1C272000
unkown
page readonly
21CE8ECB000
heap
page read and write
556457E000
unkown
page readonly
2074AE70000
remote allocation
page read and write
1E11B096000
heap
page read and write
2074AAD0000
trusted library allocation
page read and write
556427B000
stack
page read and write
FAE000
stack
page read and write
7FF7C0260000
trusted library allocation
page read and write
585D000
heap
page read and write
614F000
stack
page read and write
2074AC90000
heap
page read and write
1E11B092000
heap
page read and write
6C89C7D000
stack
page read and write
7FF7BFDC0000
trusted library allocation
page read and write
7FF7C01A0000
trusted library allocation
page execute and read and write
AA0000
trusted library section
page readonly
1E11BEA8000
heap
page read and write
1E11B957000
heap
page read and write
21CD0869000
trusted library allocation
page read and write
3230000
heap
page execute and read and write
11C0000
heap
page read and write
1E11B972000
heap
page read and write
1E11B95B000
heap
page read and write
6C8947E000
stack
page read and write
DC2000
heap
page read and write
7FF7BFF51000
trusted library allocation
page read and write
4AA0000
trusted library allocation
page read and write
21CEA9DE000
heap
page read and write
21CD0010000
trusted library allocation
page read and write
1E11AFB0000
heap
page read and write
106E000
stack
page read and write
18E5000
trusted library allocation
page execute and read and write
7FF7BFFE0000
trusted library allocation
page read and write
2990000
heap
page read and write
1E11BE7D000
heap
page read and write
21CCE74A000
heap
page read and write
1E11BE6C000
heap
page read and write
1E11BE4B000
heap
page read and write
1920000
trusted library allocation
page read and write
15AF000
heap
page read and write
1328F000
trusted library allocation
page read and write
7FF7BFED0000
trusted library allocation
page execute and read and write
FC8000
heap
page read and write
1047000
heap
page read and write
1E11B956000
heap
page read and write
21CEA9BF000
heap
page read and write
1E11B12B000
heap
page read and write
21CEA98F000
heap
page read and write
21CEAA91000
heap
page read and write
2074ACDD000
heap
page read and write
21CD0080000
trusted library allocation
page read and write
1E11B92C000
heap
page read and write
626D8F9000
stack
page read and write
100A000
heap
page read and write
556497E000
unkown
page readonly
7FF7C00F0000
trusted library allocation
page read and write
1E11BE9A000
heap
page read and write
1E11B94D000
heap
page read and write
2074AE77000
trusted library allocation
page read and write
1237E000
trusted library allocation
page read and write
5564F7E000
unkown
page readonly
1E11BE60000
heap
page read and write
21CD05F0000
trusted library allocation
page read and write
4330000
trusted library allocation
page read and write
21CE03E4000
trusted library allocation
page read and write
57A000
heap
page read and write
21CEC779000
heap
page read and write
20746340000
trusted library allocation
page read and write
7FF7BFDCD000
trusted library allocation
page execute and read and write
7FF7BFFA0000
trusted library allocation
page execute and read and write
28C4000
unkown
page readonly
D70000
heap
page read and write
2074AE20000
trusted library allocation
page read and write
2074AE7A000
trusted library allocation
page read and write
55A0000
trusted library allocation
page read and write
21CE8A6F000
heap
page read and write
7E0000
heap
page read and write
1E11B957000
heap
page read and write
7FF7BFF5C000
trusted library allocation
page read and write
1E11BEAD000
heap
page read and write
E55000
heap
page read and write
7FF7C01C0000
trusted library allocation
page read and write
1E11B930000
heap
page read and write
21CEA933000
heap
page read and write
7FF7C0020000
trusted library allocation
page read and write
2074AE10000
trusted library allocation
page read and write
1E11B930000
heap
page read and write
D7C000
stack
page read and write
7FF7BFF50000
trusted library allocation
page read and write
DBC000
heap
page read and write
BAD000
stack
page read and write
1E11B802000
heap
page read and write
21CEA99E000
heap
page read and write
7FF7BFE60000
trusted library allocation
page read and write
4F70000
unkown
page readonly
199E000
stack
page read and write
1E11B930000
heap
page read and write
4840000
trusted library allocation
page read and write
1AFFF000
stack
page read and write
7FF7BFF40000
trusted library allocation
page read and write
318E000
stack
page read and write
5080000
heap
page execute and read and write
20745600000
heap
page read and write
1E11B0F5000
heap
page read and write
363D1F9000
stack
page read and write
7FF7C0280000
trusted library allocation
page read and write
1E11BE78000
heap
page read and write
556507E000
unkown
page readonly
1ADF3000
heap
page read and write
5866000
heap
page read and write
33AF000
stack
page read and write
1E11BEAE000
heap
page read and write
1AD3E000
stack
page read and write
1E11B913000
heap
page read and write
1E11BE00000
heap
page read and write
7FF7C0030000
trusted library allocation
page read and write
5565D7E000
unkown
page readonly
363D2FE000
unkown
page readonly
7FF7BFE86000
trusted library allocation
page execute and read and write
1E11BEB9000
heap
page read and write
207456BC000
heap
page read and write
158F000
heap
page read and write
2074569E000
heap
page read and write
7FF7BFFB0000
trusted library allocation
page read and write
7FF7BFE56000
trusted library allocation
page read and write
363DBFE000
unkown
page readonly
2AA7000
trusted library allocation
page read and write
FC3000
trusted library allocation
page execute and read and write
20746670000
trusted library section
page readonly
4A00000
heap
page read and write
483E000
stack
page read and write
2074565B000
heap
page read and write
626D19D000
stack
page read and write
D4E000
stack
page read and write
7FF7C0190000
trusted library allocation
page read and write
AC0000
heap
page read and write
21CCE76C000
heap
page read and write
21CD02B0000
trusted library allocation
page read and write
1E11BE57000
heap
page read and write
1E11B07F000
heap
page read and write
1E11B95D000
heap
page read and write
1E11BE92000
heap
page read and write
4060000
trusted library allocation
page read and write
124000
unkown
page write copy
1E11B14D000
heap
page read and write
1B05A000
heap
page read and write
194BF713000
heap
page read and write
21CE0448000
trusted library allocation
page read and write
18C0000
trusted library allocation
page read and write
1E11B987000
heap
page read and write
7FF7C01B0000
trusted library allocation
page read and write
7FF7C0060000
trusted library allocation
page read and write
1E11B92A000
heap
page read and write
7FF7BFFD0000
trusted library allocation
page read and write
1BCD8000
heap
page read and write
2074ACF4000
heap
page read and write
5563E77000
stack
page read and write
1550000
heap
page read and write
7FF7BFF90000
trusted library allocation
page read and write
21CEAAA7000
heap
page read and write
4EE0000
trusted library allocation
page read and write
7FF7BFF57000
trusted library allocation
page read and write
4890000
trusted library allocation
page read and write
1E11BD50000
remote allocation
page read and write
21CE03F6000
trusted library allocation
page read and write
207456B1000
heap
page read and write
7FF7BFDA3000
trusted library allocation
page execute and read and write
7FF7BFDC3000
trusted library allocation
page read and write
1BBA0000
heap
page read and write
6C8957A000
stack
page read and write
1E11B085000
heap
page read and write
D96000
heap
page read and write
7FF7BFDDD000
trusted library allocation
page execute and read and write
7FF7BFDA0000
trusted library allocation
page read and write
7FF7BFDD0000
trusted library allocation
page read and write
F10000
heap
page read and write
7FF7BFF63000
trusted library allocation
page read and write
2074C000000
heap
page read and write
2AA1000
trusted library allocation
page read and write
FE6000
trusted library allocation
page execute and read and write
7FF7C0039000
trusted library allocation
page read and write
4010000
trusted library allocation
page read and write
4000000
trusted library allocation
page read and write
21CEA93A000
heap
page read and write
20745628000
heap
page read and write
21CD029D000
trusted library allocation
page read and write
540000
heap
page read and write
911000
unkown
page execute read
363D5FE000
unkown
page readonly
91B000
unkown
page readonly
5853000
heap
page read and write
21CE8E90000
heap
page read and write
2074ABA0000
trusted library allocation
page read and write
7FF7BFFB6000
trusted library allocation
page read and write
18BD000
trusted library allocation
page execute and read and write
1E11BE9C000
heap
page read and write
7FF7C00D0000
trusted library allocation
page read and write
7FF7BFF8D000
trusted library allocation
page read and write
20745640000
heap
page read and write
7FF7BFFE0000
trusted library allocation
page read and write
1E11BE9B000
heap
page read and write
363DFFE000
unkown
page readonly
21CEA930000
heap
page read and write
21CD041A000
trusted library allocation
page read and write
7FF7BFDB0000
trusted library allocation
page read and write
1A0000
heap
page read and write
7FF7BFDC4000
trusted library allocation
page read and write
FB3000
heap
page read and write
1E11BEB9000
heap
page read and write
1BCF5000
heap
page read and write
2074AB10000
trusted library allocation
page read and write
55647FE000
stack
page read and write
55649FE000
stack
page read and write
21CD00F0000
heap
page read and write
473E000
stack
page read and write
21CCE793000
heap
page read and write
FC0000
trusted library allocation
page read and write
1B5B0000
heap
page read and write
194BF600000
heap
page read and write
21CE0312000
trusted library allocation
page read and write
21CE8EB9000
heap
page read and write
105C000
heap
page read and write
21CD0489000
trusted library allocation
page read and write
4069000
trusted library allocation
page read and write
1024000
heap
page read and write
7FF7BFE0C000
trusted library allocation
page execute and read and write
D7B000
heap
page read and write
1E11B14D000
heap
page read and write
1E11B92B000
heap
page read and write
AF8000
stack
page read and write
21CEAA36000
heap
page read and write
FCD000
trusted library allocation
page execute and read and write
1E11B095000
heap
page read and write
21CEC660000
heap
page read and write
1E11B0BA000
heap
page read and write
1E11B929000
heap
page read and write
1B6C0000
heap
page execute and read and write
7FF7C02F0000
trusted library allocation
page read and write
7FF7BFE66000
trusted library allocation
page read and write
7FF7C0140000
trusted library allocation
page read and write
21CD0461000
trusted library allocation
page read and write
2074AD02000
heap
page read and write
7FF7BFFD7000
trusted library allocation
page read and write
1E11BF12000
heap
page read and write
7FF7C0000000
trusted library allocation
page read and write
363D7FE000
unkown
page readonly
21CEAA28000
heap
page read and write
6C88EFB000
stack
page read and write
1E11B910000
heap
page read and write
4860000
trusted library allocation
page read and write
1144000
stack
page read and write
2074AD00000
heap
page read and write
40F7000
trusted library allocation
page read and write
1B590000
heap
page read and write
1BF2F000
stack
page read and write
1E11BE13000
heap
page read and write
7FF7BFFCB000
trusted library allocation
page read and write
21CCE855000
heap
page read and write
1E11B000000
heap
page read and write
18EB000
trusted library allocation
page execute and read and write
18B0000
trusted library allocation
page read and write
1E11B932000
heap
page read and write
18C7000
trusted library allocation
page read and write
242F000
trusted library allocation
page read and write
7FF7BFF67000
trusted library allocation
page read and write
403E000
trusted library allocation
page read and write
1E11BE4B000
heap
page read and write
4B9E000
stack
page read and write
21CEA95D000
heap
page read and write
4850000
trusted library allocation
page read and write
1E11BE42000
heap
page read and write
21CE8B60000
heap
page read and write
5E8E000
stack
page read and write
4022000
trusted library allocation
page read and write
1000000
heap
page read and write
27FF000
trusted library allocation
page read and write
7FF7BFDDB000
trusted library allocation
page execute and read and write
20745702000
heap
page read and write
177E000
stack
page read and write
1E410000
trusted library allocation
page read and write
7FF7BFE0C000
trusted library allocation
page execute and read and write
1AA1000
trusted library allocation
page read and write
17E0000
heap
page read and write
1E11B987000
heap
page read and write
1E11AED0000
heap
page read and write
1E11B95B000
heap
page read and write
2074AAE0000
trusted library allocation
page read and write
48C0000
trusted library allocation
page execute and read and write
2074ACE4000
heap
page read and write
5850000
heap
page read and write
21CEC688000
heap
page read and write
1E11B0C5000
heap
page read and write
21CE03F3000
trusted library allocation
page read and write
2A9F000
stack
page read and write
1E11BE3F000
heap
page read and write
5720000
trusted library allocation
page execute and read and write
21CEA9D1000
heap
page read and write
42B0000
unkown
page readonly
1E11B92C000
heap
page read and write
21CE8B00000
heap
page execute and read and write
207466B0000
trusted library section
page readonly
21CD023A000
trusted library allocation
page read and write
7FF7BFE70000
trusted library allocation
page execute and read and write
21CE8B50000
trusted library section
page readonly
40C0000
trusted library allocation
page read and write
1E11B95F000
heap
page read and write
1310000
heap
page read and write
1BCC7000
heap
page read and write
7FF7C0150000
trusted library allocation
page read and write
556547E000
stack
page read and write
923000
unkown
page readonly
1E11B0F3000
heap
page read and write
363D4FC000
stack
page read and write
126000
unkown
page readonly
21CD051A000
trusted library allocation
page read and write
20746A11000
trusted library allocation
page read and write
28B2000
unkown
page readonly
288E000
stack
page read and write
1E11B978000
heap
page read and write
1E11B954000
heap
page read and write
1E11BE4D000
heap
page read and write
15A7000
heap
page read and write
20746A40000
trusted library allocation
page read and write
1C0000
heap
page read and write
7FF7C028A000
trusted library allocation
page read and write
1E11B932000
heap
page read and write
1E11B985000
heap
page read and write
194BF413000
unkown
page read and write
1BC89000
heap
page read and write
18E7000
trusted library allocation
page execute and read and write
194BF2E0000
heap
page read and write
C46000
heap
page read and write
21CE85A2000
heap
page read and write
FF2000
trusted library allocation
page read and write
7FF7BFFC0000
trusted library allocation
page read and write
21CCE705000
heap
page read and write
2074568C000
heap
page read and write
7FF7C0130000
trusted library allocation
page read and write
1BE2E000
stack
page read and write
4870000
trusted library allocation
page execute and read and write
DE0000
heap
page read and write
7FF7BFEC0000
trusted library allocation
page execute and read and write
21CEC760000
heap
page read and write
21CE8EA0000
heap
page read and write
1070000
trusted library allocation
page execute and read and write
34AE000
stack
page read and write
7FF7BFE66000
trusted library allocation
page read and write
363DDFE000
unkown
page readonly
1E11B957000
heap
page read and write
21CD0221000
trusted library allocation
page read and write
20746001000
trusted library allocation
page read and write
1C50000
trusted library allocation
page read and write
194BF442000
heap
page read and write
2074567B000
heap
page read and write
5740000
trusted library allocation
page execute and read and write
48D0000
trusted library allocation
page read and write
12380000
trusted library allocation
page read and write
21CD083D000
trusted library allocation
page read and write
20745510000
heap
page read and write
7FF7C02A0000
trusted library allocation
page read and write
1E11B0C0000
heap
page read and write
21CE9210000
heap
page read and write
1E11B07F000
heap
page read and write
7FF7BFE60000
trusted library allocation
page execute and read and write
307E000
stack
page read and write
1E11B933000
heap
page read and write
1E11B0F6000
heap
page read and write
10A0000
heap
page read and write
AAD000
stack
page read and write
207455F0000
heap
page read and write
6C88DFF000
stack
page read and write
910000
unkown
page readonly
7FF7C0010000
trusted library allocation
page read and write
7FF7BFDD0000
trusted library allocation
page read and write
4880000
trusted library allocation
page read and write
1E11B97E000
heap
page read and write
1E11BEAB000
heap
page read and write
1E11B902000
heap
page read and write
8FF000
stack
page read and write
21CE8A7F000
heap
page read and write
2074AA50000
trusted library allocation
page read and write
194BF423000
unkown
page read and write
F72000
unkown
page readonly
46FE000
stack
page read and write
12FE000
stack
page read and write
1910000
trusted library allocation
page execute and read and write
5564A7E000
unkown
page readonly
1E11BE79000
heap
page read and write
7FF7BFDD4000
trusted library allocation
page read and write
207466A0000
trusted library section
page readonly
F5D000
stack
page read and write
207454F0000
heap
page read and write
2074AD0A000
heap
page read and write
7FF7BFFC7000
trusted library allocation
page read and write
21CD08F3000
trusted library allocation
page read and write
1BBC1000
heap
page read and write
1E11B95A000
heap
page read and write
1E11B96E000
heap
page read and write
1E11BE0A000
heap
page read and write
E10000
heap
page read and write
26ED000
trusted library allocation
page read and write
194BF602000
heap
page read and write
207456A0000
heap
page read and write
21CE8220000
trusted library allocation
page read and write
328F000
trusted library allocation
page read and write
4055000
trusted library allocation
page read and write
7FF7BFFD0000
trusted library allocation
page read and write
1E11BE6D000
heap
page read and write
1E11B11A000
heap
page read and write
6C8977E000
stack
page read and write
7FF7BFDCB000
trusted library allocation
page execute and read and write
7FF7BFDDB000
trusted library allocation
page execute and read and write
7FF7C013A000
trusted library allocation
page read and write
2074AD13000
heap
page read and write
18EF000
stack
page read and write
7FF7C0124000
trusted library allocation
page read and write
21CCE734000
heap
page read and write
21CEA966000
heap
page read and write
1E11B013000
heap
page read and write
7FF7C0250000
trusted library allocation
page read and write
1E11B958000
heap
page read and write
1E11B984000
heap
page read and write
1080000
trusted library allocation
page read and write
4340000
trusted library allocation
page read and write
5864000
heap
page read and write
FE0000
trusted library allocation
page read and write
3020000
heap
page read and write
1B069000
heap
page read and write
6C8997D000
stack
page read and write
1C46000
trusted library allocation
page read and write
EAE000
stack
page read and write
1E11BE8F000
heap
page read and write
FDD000
trusted library allocation
page execute and read and write
21CD029F000
trusted library allocation
page read and write
21CCE74E000
heap
page read and write
5564CFE000
stack
page read and write
F6E000
stack
page read and write
EF0000
heap
page read and write
432E000
stack
page read and write
20745F02000
heap
page read and write
1E11B07F000
heap
page read and write
363DCFE000
stack
page read and write
21CEA961000
heap
page read and write
363D3FE000
unkown
page readonly
18CD000
trusted library allocation
page execute and read and write
6C8923E000
stack
page read and write
7FF7BFFB0000
trusted library allocation
page execute and read and write
1E11B972000
heap
page read and write
40CA000
trusted library allocation
page read and write
1E18000
trusted library allocation
page read and write
1E11BE6F000
heap
page read and write
1E0000
heap
page read and write
556527E000
unkown
page readonly
194BF500000
trusted library allocation
page read and write
7FF7BFED0000
trusted library allocation
page execute and read and write
21CEC72F000
heap
page read and write
277E000
trusted library allocation
page read and write
7F5000
heap
page read and write
156D000
heap
page read and write
15F0000
heap
page read and write
2074AD06000
heap
page read and write
2074AA40000
trusted library allocation
page read and write
55648FE000
stack
page read and write
3C7E000
stack
page read and write
7FF4FC440000
trusted library allocation
page execute and read and write
7FF7C0180000
trusted library allocation
page read and write
556437E000
unkown
page readonly
55C0000
trusted library allocation
page read and write
21CEC679000
heap
page read and write
21CE03C0000
trusted library allocation
page read and write
21CCE700000
heap
page read and write
21CEC771000
heap
page read and write
556567E000
stack
page read and write
1E11BD50000
remote allocation
page read and write
3210000
heap
page read and write
1E11B815000
heap
page read and write
1950000
heap
page read and write
7FF7BFE96000
trusted library allocation
page execute and read and write
1BC4A000
heap
page read and write
1C02F000
stack
page read and write
21CD0924000
trusted library allocation
page read and write
7FF7BFE60000
trusted library allocation
page read and write
7FF7C0122000
trusted library allocation
page read and write
40E0000
trusted library allocation
page read and write
363CE7C000
stack
page read and write
7FF7BFE6C000
trusted library allocation
page execute and read and write
21CE03B1000
trusted library allocation
page read and write
1E11B934000
heap
page read and write
1E11BEAE000
heap
page read and write
1E11B13B000
heap
page read and write
21CD02AC000
trusted library allocation
page read and write
21CD0465000
trusted library allocation
page read and write
FEA000
trusted library allocation
page execute and read and write
1B06C000
heap
page read and write
1E11B957000
heap
page read and write
1072000
heap
page read and write
FF5000
trusted library allocation
page execute and read and write
406B000
trusted library allocation
page read and write
100E000
heap
page read and write
18B4000
trusted library allocation
page read and write
1BCEE000
heap
page read and write
1E11B952000
heap
page read and write
4350000
unkown
page readonly
2074AE70000
remote allocation
page read and write
3281000
trusted library allocation
page read and write
1880000
heap
page read and write
7FF7C0000000
trusted library allocation
page read and write
7FF7C0050000
trusted library allocation
page read and write
77C000
stack
page read and write
581000
heap
page read and write
1E11B113000
heap
page read and write
1E11B97C000
heap
page read and write
FB0000
trusted library allocation
page read and write
1BBA9000
heap
page read and write
194BF3E0000
trusted library allocation
page read and write
7FF7C0270000
trusted library allocation
page execute and read and write
7FF7BFE96000
trusted library allocation
page execute and read and write
20745D90000
trusted library section
page read and write
1E11BEBB000
heap
page read and write
21CE8EEE000
heap
page read and write
21CEC766000
heap
page read and write
1B8CE000
stack
page read and write
5564C7E000
unkown
page readonly
21CE90C7000
heap
page read and write
207466C0000
trusted library section
page readonly
7FF7C02D0000
trusted library allocation
page read and write
7FF7BFDBD000
trusted library allocation
page execute and read and write
1B07D000
heap
page read and write
1E11BE6C000
heap
page read and write
7FF7BFF87000
trusted library allocation
page read and write
7FF7BFF59000
trusted library allocation
page read and write
2074AB00000
trusted library allocation
page read and write
7FF7BFDFC000
trusted library allocation
page execute and read and write
1E11BEA4000
heap
page read and write
3B7C000
stack
page read and write
27FD000
trusted library allocation
page read and write
156A000
heap
page read and write
1520000
trusted library allocation
page read and write
21CCE710000
heap
page read and write
194BF400000
unkown
page read and write
2074AC4E000
heap
page read and write
1E11B0AA000
heap
page read and write
21CD08A4000
trusted library allocation
page read and write
21CCE6C0000
heap
page read and write
556447B000
stack
page read and write
21CD0459000
trusted library allocation
page read and write
28A0000
trusted library allocation
page read and write
FC0000
heap
page read and write
194BF702000
heap
page read and write
21CE8EE7000
heap
page read and write
1E11B800000
heap
page read and write
1E11B940000
heap
page read and write
1E11B04E000
heap
page read and write
1E11BE12000
heap
page read and write
21CEA9A5000
heap
page read and write
21CCE80C000
heap
page read and write
20745F13000
heap
page read and write
1E11B952000
heap
page read and write
1E11BD50000
remote allocation
page read and write
20745613000
heap
page read and write
363D6F8000
stack
page read and write
1C030000
unkown
page readonly
720000
trusted library allocation
page read and write
45FE000
stack
page read and write
7FF7BFDB3000
trusted library allocation
page execute and read and write
7FF7BFFE0000
trusted library allocation
page read and write
7FF7BFDA4000
trusted library allocation
page read and write
1E11B932000
heap
page read and write
1E11B935000
heap
page read and write
1BC73000
heap
page read and write
7FF7C0010000
trusted library allocation
page read and write
7FF7BFDB2000
trusted library allocation
page read and write
55638EB000
stack
page read and write
1E11BDC0000
remote allocation
page read and write
7FF7BFF70000
trusted library allocation
page read and write
21CD0210000
heap
page read and write
9FE000
stack
page read and write
7FF7C0070000
trusted library allocation
page read and write
6C89B7D000
stack
page read and write
21CD046E000
trusted library allocation
page read and write
7FF7BFF60000
trusted library allocation
page read and write
1C3F000
trusted library allocation
page read and write
7FF7BFF60000
trusted library allocation
page read and write
59D000
heap
page read and write
21CD0472000
trusted library allocation
page read and write
102D000
heap
page read and write
106D000
heap
page read and write
7FF7BFDCD000
trusted library allocation
page execute and read and write
425E000
stack
page read and write
1E11B932000
heap
page read and write
194BF502000
trusted library allocation
page read and write
1E11B976000
heap
page read and write
7FF7C00B0000
trusted library allocation
page read and write
21CCE758000
heap
page read and write
55D0000
trusted library allocation
page read and write
21CCE752000
heap
page read and write
1E11B963000
heap
page read and write
1E11BE97000
heap
page read and write
1ADF0000
heap
page read and write
F70000
unkown
page readonly
21CD0476000
trusted library allocation
page read and write
7FF7BFDC2000
trusted library allocation
page read and write
21CE90D8000
heap
page read and write
1E15000
trusted library allocation
page read and write
1BCF3000
heap
page read and write
28D0000
heap
page execute and read and write
7FF7BFDC0000
trusted library allocation
page read and write
7D0000
heap
page read and write
1E11B929000
heap
page read and write
589000
heap
page read and write
1E11B953000
heap
page read and write
7FF7C0080000
trusted library allocation
page read and write
32AF000
stack
page read and write
7FF7BFDB3000
trusted library allocation
page execute and read and write
7FF7BFFC0000
trusted library allocation
page read and write
2074ABB0000
trusted library allocation
page read and write
1CB5000
trusted library allocation
page read and write
1E11B933000
heap
page read and write
194BF700000
heap
page read and write
7FF7BFDB4000
trusted library allocation
page read and write
1E11B0C7000
heap
page read and write
7FF7BFF6E000
trusted library allocation
page read and write
1560000
heap
page read and write
7FF7BFFF0000
trusted library allocation
page execute and read and write
1E11B0D5000
heap
page read and write
2074AAD0000
trusted library allocation
page read and write
117F000
stack
page read and write
7FF7BFDBD000
trusted library allocation
page execute and read and write
21CE89F0000
heap
page read and write
FE2000
trusted library allocation
page read and write
21CE8E83000
heap
page read and write
7FF7BFFF0000
trusted library allocation
page read and write
556417E000
unkown
page readonly
1E11B029000
heap
page read and write
158C000
heap
page read and write
4080000
trusted library allocation
page read and write
20745671000
heap
page read and write
6C88FFE000
stack
page read and write
2074AE00000
trusted library allocation
page read and write
5C4000
heap
page read and write
556487E000
unkown
page readonly
194BF613000
heap
page read and write
2074AAE1000
trusted library allocation
page read and write
1E11B05E000
heap
page read and write
21CE8E80000
heap
page read and write
1BC44000
heap
page read and write
1E11B952000
heap
page read and write
7FF7BFFF0000
trusted library allocation
page read and write
363D8FB000
stack
page read and write
1E11B02F000
heap
page read and write
21CCE810000
heap
page read and write
1B06F000
heap
page read and write
1E11B982000
heap
page read and write
21CEAAC1000
heap
page read and write
11FF000
stack
page read and write
20745E15000
heap
page read and write
FD0000
trusted library allocation
page read and write
1BC80000
heap
page read and write
1E11B952000
heap
page read and write
21CD05F2000
trusted library allocation
page read and write
21CEA9D4000
heap
page read and write
21CD0110000
heap
page execute and read and write
173F000
stack
page read and write
7FF7BFFD0000
trusted library allocation
page read and write
21CD0030000
trusted library allocation
page read and write
1E11B07A000
heap
page read and write
1E11BE72000
heap
page read and write
6C8937F000
stack
page read and write
163C000
heap
page read and write
A00000
trusted library section
page read and write
3AA1000
trusted library allocation
page read and write
1E11B952000
heap
page read and write
AC5000
heap
page read and write
4F72000
unkown
page readonly
2074AC54000
heap
page read and write
1E11B102000
heap
page read and write
7FF7BFE6C000
trusted library allocation
page execute and read and write
2074AAB0000
trusted library allocation
page read and write
FA5000
heap
page read and write
1BC7D000
heap
page read and write
1E11B102000
heap
page read and write
21CD00C0000
heap
page execute and read and write
4041000
trusted library allocation
page read and write
7FF7C02B0000
trusted library allocation
page read and write
5869000
heap
page read and write
7FF7BFDBD000
trusted library allocation
page execute and read and write
7FF7C0290000
trusted library allocation
page read and write
2074AE6F000
trusted library allocation
page read and write
5563F7E000
unkown
page readonly
20745E02000
heap
page read and write
2AA1000
trusted library allocation
page read and write
21CEAACB000
heap
page read and write
556477E000
unkown
page readonly
FAE000
stack
page read and write
7FF7BFDB3000
trusted library allocation
page read and write
7FF7BFF99000
trusted library allocation
page read and write
1BD02000
heap
page read and write
310E000
stack
page read and write
194BF402000
unkown
page read and write
1A9E000
stack
page read and write
2371000
trusted library allocation
page read and write
11A0000
heap
page read and write
40B0000
trusted library allocation
page read and write
17E4000
heap
page read and write
F70000
heap
page read and write
21CE8250000
trusted library allocation
page read and write
5564D7E000
unkown
page readonly
1E11B953000
heap
page read and write
2074AB14000
trusted library allocation
page read and write
1E11B0B4000
heap
page read and write
124000
unkown
page read and write
911000
unkown
page execute read
566000
heap
page read and write
1E11BE8B000
heap
page read and write
236E000
stack
page read and write
1E11B980000
heap
page read and write
12371000
trusted library allocation
page read and write
4026000
trusted library allocation
page read and write
7FF7C028C000
trusted library allocation
page read and write
6C89334000
stack
page read and write
A60000
heap
page execute and read and write
363DEFC000
stack
page read and write
5750000
heap
page read and write
1E11B95D000
heap
page read and write
1E11B935000
heap
page read and write
1BC75000
heap
page read and write
7FF7C0000000
trusted library allocation
page read and write
1E11B92A000
heap
page read and write
7FF7BFF80000
trusted library allocation
page read and write
21CE8A5D000
heap
page read and write
363E2FE000
unkown
page readonly
1328D000
trusted library allocation
page read and write
2074ACD3000
heap
page read and write
21CD00C3000
heap
page execute and read and write
194BF42B000
heap
page read and write
48B0000
trusted library allocation
page read and write
5564BFE000
stack
page read and write
363D37E000
stack
page read and write
2074AC41000
heap
page read and write
1316000
heap
page read and write
2AB1000
trusted library allocation
page read and write
30CE000
stack
page read and write
21CE03FC000
trusted library allocation
page read and write
2074AAC0000
trusted library allocation
page read and write
7FF7BFDAD000
trusted library allocation
page execute and read and write
2074AC2C000
heap
page read and write
6C891FD000
stack
page read and write
21CD0417000
trusted library allocation
page read and write
556537E000
unkown
page readonly
21CD045E000
trusted library allocation
page read and write
21CE02B4000
trusted library allocation
page read and write
194BF524000
heap
page read and write
C0E000
stack
page read and write
7FF7C0040000
trusted library allocation
page read and write
18E0000
trusted library allocation
page read and write
2074562B000
heap
page read and write
F16000
heap
page read and write
1C270000
unkown
page readonly
1E11BE8B000
heap
page read and write
1E11B932000
heap
page read and write
D7E000
heap
page read and write
4F10000
trusted library allocation
page read and write
7FF7BFF9C000
trusted library allocation
page read and write
194BF700000
heap
page read and write
1E11B929000
heap
page read and write
15A3000
heap
page read and write
2074AC1F000
heap
page read and write
4A90000
trusted library allocation
page read and write
7FF7C0300000
trusted library allocation
page read and write
F80000
heap
page read and write
55B0000
heap
page read and write
1E1C000
trusted library allocation
page read and write
7FF7BFFA0000
trusted library allocation
page read and write
4211000
trusted library allocation
page read and write
194BF515000
trusted library allocation
page read and write
7FF7BFF90000
trusted library allocation
page read and write
604E000
stack
page read and write
11BE000
stack
page read and write
556577E000
unkown
page readonly
20745693000
heap
page read and write
1E11B955000
heap
page read and write
910000
unkown
page readonly
2074ACE3000
heap
page read and write
2074AC61000
heap
page read and write
F89000
heap
page read and write
7F0000
heap
page read and write
1010000
trusted library allocation
page read and write
7FF7BFDB0000
trusted library allocation
page read and write
F70000
unkown
page readonly
1E11B954000
heap
page read and write
7FF7BFE50000
trusted library allocation
page read and write
20745F1A000
heap
page read and write
21CEA922000
heap
page read and write
1BC56000
heap
page read and write
There are 1064 hidden memdumps, click here to show them.