Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Support.Client.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x477ec496, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Support.Client.e_194b467251df22b5388ca6e14a2fded071b9a86_6f85ab5c_7b8aff25-4b1d-4190-996d-8c3e7a62d1e6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER62F3.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sun Dec 22 11:46:58 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6565.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER65B4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER665E.tmp.csv
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER68A1.tmp.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
|
Certificate, Version=3
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
|
Certificate, Version=3
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\2p1jd0af.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\Client.Override.en-US.resources
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\Client.en-US.resources
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\Client.resources
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\app.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\user.config
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OX50X7XC.log
|
Unicode text, UTF-16, little-endian text, with very long lines (651), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\5NBJHH5W.M4X\XEDNGAA4.YCQ.application
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 65 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Support.Client.exe
|
"C:\Users\user\Desktop\Support.Client.exe"
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
|
"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe"
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
|
"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe"
"?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session"
"1"
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
|
"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe"
"?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session"
"1"
|
||
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
|
"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe"
"RunRole" "f96fdd58-b31b-40b0-b300-0e1ead05a7df" "User"
|
||
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.dll
|
104.168.134.232
|
||
http://www.fontbureau.com/designersG
|
unknown
|
||
http://www.fontbureau.com/designers/?
|
unknown
|
||
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
http://www.fontbureau.com/designers?
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exeD
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dll
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientSer8
|
unknown
|
||
http://www.tiro.com
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2
|
unknown
|
||
http://www.fontbureau.com/designers
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageSx
|
unknown
|
||
http://www.goodfont.co.kr
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adr
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2j
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.dll
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationxm
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifest
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
|
104.168.134.232
|
||
http://www.sajatypeworks.com
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windo
|
unknown
|
||
http://www.typography.netD
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.configT
|
unknown
|
||
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.config
|
104.168.134.232
|
||
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exe
|
104.168.134.232
|
||
http://www.xrml.org/schema/2001/11/xrml2coreS
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application%
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifestC
|
unknown
|
||
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
https://crea.alarmasdelsu
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dllPt
|
unknown
|
||
http://www.w3.o
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application
|
unknown
|
||
http://www.fonts.com
|
unknown
|
||
http://www.sandoll.co.kr
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.ex
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileMa
|
unknown
|
||
http://www.urwpp.deDPlease
|
unknown
|
||
https://crea.alarmasdelsur
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.
|
unknown
|
||
http://www.zhongyicts.com.cn
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://www.sakkal.com
|
unknown
|
||
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exeR
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
http://www.fontbureau.com
|
unknown
|
||
https://crea.alarmasdels
|
unknown
|
||
http://www.xrml.org/schema/2001/11/xrml2core
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dll
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.exe
|
104.168.134.232
|
||
http://www.w3.or
|
unknown
|
||
http://crl.ver)
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exex
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationx
|
unknown
|
||
https://crea.alarmasdelsureste.com
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application8j
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationDv
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/S2
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsCl8
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.config
|
104.168.134.232
|
||
http://www.carterandcone.coml
|
unknown
|
||
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
http://www.founder.com.cn/cn
|
unknown
|
||
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationgod&
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationestl
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configJ
|
unknown
|
||
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
https://feedback.screenconnect.com/Feedback.axd
|
unknown
|
||
http://www.fontbureau.com/designers8
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe
|
104.168.134.232
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationcd
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.C
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dllcw
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationX
|
unknown
|
||
http://crea.alarmasdelsureste.com
|
unknown
|
||
https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configW
|
unknown
|
There are 77 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
0bd0.adrsxpjm0rga0n.de
|
104.168.134.232
|
||
crea.alarmasdelsureste.com
|
104.168.134.232
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.168.134.232
|
0bd0.adrsxpjm0rga0n.de
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
|
Blob
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
|
Blob
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
|
ComponentStore_RandomString
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
|
ComponentStore_RandomString
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
|
StateStore_RandomString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
FileDirectory
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
|
Blob
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
|
NonCanonicalData
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
appid
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
lock!01000000d6cbe50db41d0000e01d00000000000000000000e272d2137756db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
|
NonCanonicalData
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
appid
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
appid
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
appid
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
appid
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
Transform
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_54d59b038afa39b7\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
Transform
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
|
ScreenConnect.Client.dll_fc1d7bd48553fcab
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
|
ScreenConnect.Client.dll_fc1d7bd48553fcab
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
Transform
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
|
ScreenConnect.ClientService.dll_e781b1c636f7bfae
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
|
ScreenConnect.ClientService.dll_e781b1c636f7bfae
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
Transform
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
|
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
|
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
|
ScreenConnect.WindowsClient.exe_6492277df2db17d2
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
|
ScreenConnect.WindowsClient.exe_6492277df2db17d2
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
SizeOfStronglyNamedComponent
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
DigestValue
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
Transform
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
DigestMethod
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
|
ScreenConnect.Core.dll_b96889d378047e27
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
|
ScreenConnect.Core.dll_b96889d378047e27
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
|
OnlineAppQuotaUsageEstimate
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
lock!10000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
lock!0e000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
lock!0c000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
lock!0a000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
lock!08000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
lock!06000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
lock!04000000d7a5180eb41d0000e01d00000000000000000000eb2241d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
identity
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
PreparedForExecution
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
lock!11000000e7a5180eb41d0000e01d00000000000000000000895444d67e56db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
|
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
|
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
|
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
|
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
|
ScreenConnect.Core.dll_963930cc5ced28c7
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
|
ScreenConnect.Client.dll_7b0ea606092ddbcb
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
SubstructureCreated
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
|
Blob
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
ProgramId
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
FileId
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
LowerCaseLongPath
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
LongPathHash
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Name
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
OriginalFileName
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Publisher
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Version
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
BinFileVersion
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
BinaryType
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
ProductName
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
ProductVersion
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
LinkDate
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
BinProductVersion
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
AppxPackageFullName
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Size
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Language
|
||
\REGISTRY\A\{bb80a68d-f37e-ed28-92ed-0072c7fc02fb}\Root\InventoryApplicationFile\support.client.e|fbc97aa933ae989
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
lock!0e0000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
lock!0c0000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
lock!0a0000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
lock!080000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
lock!060000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
lock!040000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
lock!020000000b106300c0040000a404000000000000000000006d90094f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
|
lock!1c0000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
|
lock!1a0000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
|
lock!180000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
|
lock!160000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
|
lock!140000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
|
lock!120000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
|
lock!100000001b106300c0040000a40400000000000000000000b7f20b4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
lock!1d0000002b106300c0040000a404000000000000000000001f550e4f6754db01
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_b729014a6d03efc9
|
LastRunVersion
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_6f4e3e68e178b16a
|
LastRunVersion
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
|
LastRunVersion
|
||
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf
|
HasRunBefore
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (12a62791-f49c-4806-9cc2-0b20f2ce6bb8)
|
NULL
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
|
AutoBackupLogFiles
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
|
EventMessageFile
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (12a62791-f49c-4806-9cc2-0b20f2ce6bb8)
|
ImagePath
|
There are 172 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
29911FE000
|
unkown
|
page readonly
|
||
1210000
|
trusted library allocation
|
page read and write
|
||
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
1BE0000
|
heap
|
page read and write
|
||
1632000
|
trusted library allocation
|
page read and write
|
||
1DEBA400000
|
heap
|
page read and write
|
||
2E70000
|
heap
|
page execute and read and write
|
||
1DEBFC6C000
|
trusted library allocation
|
page read and write
|
||
25140AB0000
|
trusted library allocation
|
page read and write
|
||
2515A6F5000
|
heap
|
page read and write
|
||
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
25140AD7000
|
trusted library allocation
|
page read and write
|
||
251406A3000
|
trusted library allocation
|
page read and write
|
||
2C9E000
|
stack
|
page read and write
|
||
2C60000
|
trusted library allocation
|
page read and write
|
||
1630000
|
trusted library allocation
|
page read and write
|
||
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
101E000
|
stack
|
page read and write
|
||
1DEBFAE6000
|
heap
|
page read and write
|
||
2515A604000
|
heap
|
page read and write
|
||
1635000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
2515A65E000
|
heap
|
page read and write
|
||
5D50000
|
heap
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
122D000
|
trusted library allocation
|
page execute and read and write
|
||
2515A5AB000
|
heap
|
page read and write
|
||
1B8A8000
|
heap
|
page read and write
|
||
FE9000
|
heap
|
page read and write
|
||
1DEBF8C0000
|
trusted library allocation
|
page read and write
|
||
F05000
|
heap
|
page read and write
|
||
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
1DEBB4E0000
|
trusted library section
|
page readonly
|
||
129F000
|
stack
|
page read and write
|
||
3E51000
|
trusted library allocation
|
page read and write
|
||
E7C000
|
heap
|
page read and write
|
||
1DEBFC10000
|
trusted library allocation
|
page read and write
|
||
1B864000
|
heap
|
page read and write
|
||
1DEBA2F0000
|
heap
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
565E000
|
stack
|
page read and write
|
||
15D7000
|
heap
|
page read and write
|
||
20F7A013000
|
heap
|
page read and write
|
||
25140220000
|
heap
|
page read and write
|
||
11FE000
|
stack
|
page read and write
|
||
1DEBFA00000
|
heap
|
page read and write
|
||
2DCE000
|
stack
|
page read and write
|
||
1DEBFAF6000
|
heap
|
page read and write
|
||
119E000
|
stack
|
page read and write
|
||
2515BEF3000
|
heap
|
page read and write
|
||
108F000
|
heap
|
page read and write
|
||
1DEBB140000
|
trusted library allocation
|
page read and write
|
||
C13000
|
unkown
|
page readonly
|
||
25140263000
|
heap
|
page read and write
|
||
12ABC000
|
trusted library allocation
|
page read and write
|
||
F6D000
|
stack
|
page read and write
|
||
10FE000
|
stack
|
page read and write
|
||
7FDAFFA000
|
stack
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
8DE000
|
heap
|
page read and write
|
||
299127E000
|
stack
|
page read and write
|
||
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
4BFD000
|
stack
|
page read and write
|
||
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
251405BB000
|
trusted library allocation
|
page read and write
|
||
47AF000
|
stack
|
page read and write
|
||
1DEBFD07000
|
trusted library allocation
|
page read and write
|
||
25158EF0000
|
heap
|
page read and write
|
||
4B70000
|
trusted library allocation
|
page read and write
|
||
4A40000
|
trusted library allocation
|
page read and write
|
||
2A9F000
|
stack
|
page read and write
|
||
E402E79000
|
stack
|
page read and write
|
||
1DEBFC8E000
|
trusted library allocation
|
page read and write
|
||
2515A6C7000
|
heap
|
page read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
1260000
|
trusted library allocation
|
page read and write
|
||
1424000
|
heap
|
page read and write
|
||
251402B8000
|
heap
|
page read and write
|
||
92B000
|
heap
|
page read and write
|
||
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
7FFD9B91E000
|
trusted library allocation
|
page read and write
|
||
2513EA35000
|
heap
|
page read and write
|
||
7FFD9B90F000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAE6000
|
trusted library allocation
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
1DEBFD1A000
|
trusted library allocation
|
page read and write
|
||
1236000
|
trusted library allocation
|
page execute and read and write
|
||
1622000
|
trusted library allocation
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
251402BB000
|
heap
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
15D0000
|
heap
|
page read and write
|
||
579E000
|
stack
|
page read and write
|
||
B60000
|
heap
|
page read and write
|
||
E4026DD000
|
stack
|
page read and write
|
||
29919F9000
|
stack
|
page read and write
|
||
25140340000
|
trusted library section
|
page readonly
|
||
7FDAEF4000
|
stack
|
page read and write
|
||
2515A0A0000
|
trusted library allocation
|
page read and write
|
||
A30000
|
unkown
|
page readonly
|
||
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
1BD2E000
|
stack
|
page read and write
|
||
1B40D000
|
stack
|
page read and write
|
||
1DEC0000000
|
heap
|
page read and write
|
||
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
13DE000
|
stack
|
page read and write
|
||
5ADE000
|
stack
|
page read and write
|
||
5BE0000
|
trusted library allocation
|
page read and write
|
||
42B0000
|
heap
|
page execute and read and write
|
||
7FDB3FD000
|
stack
|
page read and write
|
||
25158FC3000
|
heap
|
page read and write
|
||
DB6000
|
heap
|
page read and write
|
||
4A70000
|
trusted library allocation
|
page read and write
|
||
1B912000
|
heap
|
page read and write
|
||
7FFD9B94F000
|
trusted library allocation
|
page read and write
|
||
4C5E000
|
stack
|
page read and write
|
||
2513E5DB000
|
heap
|
page read and write
|
||
4240000
|
trusted library allocation
|
page read and write
|
||
2C5E000
|
stack
|
page read and write
|
||
15F0000
|
trusted library allocation
|
page read and write
|
||
2B1E000
|
stack
|
page read and write
|
||
29909FE000
|
unkown
|
page readonly
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
1DEBFA20000
|
heap
|
page read and write
|
||
2DBE000
|
stack
|
page read and write
|
||
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
25140612000
|
trusted library allocation
|
page read and write
|
||
25140606000
|
trusted library allocation
|
page read and write
|
||
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
20F7A000000
|
heap
|
page read and write
|
||
2515A796000
|
heap
|
page read and write
|
||
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
25140AD9000
|
trusted library allocation
|
page read and write
|
||
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
1005000
|
heap
|
page read and write
|
||
7FDB5FD000
|
stack
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
299027B000
|
stack
|
page read and write
|
||
12E8D000
|
trusted library allocation
|
page read and write
|
||
299187E000
|
stack
|
page read and write
|
||
59A0000
|
heap
|
page read and write
|
||
8D0000
|
heap
|
page read and write
|
||
47EE000
|
stack
|
page read and write
|
||
1C360000
|
heap
|
page read and write
|
||
1DEBF914000
|
trusted library allocation
|
page read and write
|
||
2515A6A0000
|
heap
|
page read and write
|
||
2515A5CE000
|
heap
|
page read and write
|
||
20F7A113000
|
heap
|
page read and write
|
||
7FDADFC000
|
stack
|
page read and write
|
||
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
68B000
|
stack
|
page read and write
|
||
E3E000
|
heap
|
page read and write
|
||
2062000
|
trusted library allocation
|
page read and write
|
||
25158F90000
|
heap
|
page read and write
|
||
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
25150594000
|
trusted library allocation
|
page read and write
|
||
20F7A113000
|
heap
|
page read and write
|
||
2515A4ED000
|
heap
|
page read and write
|
||
1BC2E000
|
stack
|
page read and write
|
||
1B849000
|
heap
|
page read and write
|
||
FCF000
|
heap
|
page read and write
|
||
1DEBAC02000
|
heap
|
page read and write
|
||
1B890000
|
heap
|
page read and write
|
||
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
12D3000
|
heap
|
page read and write
|
||
1DEBA4FE000
|
heap
|
page read and write
|
||
25140834000
|
trusted library allocation
|
page read and write
|
||
1DEBA413000
|
heap
|
page read and write
|
||
550C000
|
stack
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
1DEBA310000
|
heap
|
page read and write
|
||
F43000
|
heap
|
page read and write
|
||
1DEBFCFF000
|
trusted library allocation
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
C0B000
|
unkown
|
page readonly
|
||
A32000
|
unkown
|
page readonly
|
||
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
1370000
|
heap
|
page read and write
|
||
124B000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBFA55000
|
heap
|
page read and write
|
||
251403B0000
|
heap
|
page execute and read and write
|
||
13CE000
|
stack
|
page read and write
|
||
12AE000
|
heap
|
page read and write
|
||
1BA2E000
|
stack
|
page read and write
|
||
CF1000
|
stack
|
page read and write
|
||
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
1272000
|
unkown
|
page readonly
|
||
12ABE000
|
trusted library allocation
|
page read and write
|
||
E77000
|
heap
|
page read and write
|
||
1DEBAE01000
|
trusted library allocation
|
page read and write
|
||
FA9000
|
heap
|
page read and write
|
||
2513E5E0000
|
heap
|
page read and write
|
||
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
1DEBB4F0000
|
trusted library section
|
page readonly
|
||
20F79D15000
|
trusted library allocation
|
page read and write
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
2515A4D4000
|
heap
|
page read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
2E41000
|
trusted library allocation
|
page read and write
|
||
2515A73E000
|
heap
|
page read and write
|
||
87D000
|
stack
|
page read and write
|
||
7FDACF8000
|
stack
|
page read and write
|
||
1DEBB840000
|
trusted library allocation
|
page read and write
|
||
1EA0000
|
trusted library allocation
|
page read and write
|
||
1DEBA470000
|
heap
|
page read and write
|
||
E90000
|
trusted library allocation
|
page read and write
|
||
41D0000
|
trusted library allocation
|
page read and write
|
||
1056000
|
heap
|
page read and write
|
||
1DEBFC15000
|
trusted library allocation
|
page read and write
|
||
2514060E000
|
trusted library allocation
|
page read and write
|
||
4BBD000
|
stack
|
page read and write
|
||
7FFD9B917000
|
trusted library allocation
|
page read and write
|
||
EFD000
|
heap
|
page read and write
|
||
1DEBAD1A000
|
heap
|
page read and write
|
||
20F79C0E000
|
unkown
|
page read and write
|
||
12FE000
|
stack
|
page read and write
|
||
29905F7000
|
stack
|
page read and write
|
||
1B8E0000
|
heap
|
page read and write
|
||
7FDB6FD000
|
stack
|
page read and write
|
||
1DEBFCBA000
|
trusted library allocation
|
page read and write
|
||
2514097C000
|
trusted library allocation
|
page read and write
|
||
2515BFAF000
|
heap
|
page read and write
|
||
1B903000
|
heap
|
page read and write
|
||
1DEBA472000
|
heap
|
page read and write
|
||
1B8E1000
|
heap
|
page read and write
|
||
589D000
|
stack
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
830000
|
heap
|
page read and write
|
||
2CB0000
|
heap
|
page read and write
|
||
25140445000
|
trusted library allocation
|
page read and write
|
||
25158F95000
|
heap
|
page read and write
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
2515A67B000
|
heap
|
page read and write
|
||
1DEBF9A0000
|
trusted library allocation
|
page read and write
|
||
1B03D000
|
stack
|
page read and write
|
||
1DEBA46B000
|
heap
|
page read and write
|
||
20F7A102000
|
heap
|
page read and write
|
||
251408E9000
|
trusted library allocation
|
page read and write
|
||
211000
|
unkown
|
page execute read
|
||
11D9000
|
heap
|
page read and write
|
||
2515A5AD000
|
heap
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
1617000
|
trusted library allocation
|
page read and write
|
||
1426000
|
heap
|
page read and write
|
||
7FDB1FE000
|
stack
|
page read and write
|
||
2513EA30000
|
heap
|
page read and write
|
||
11AC000
|
stack
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
4C10000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBFA97000
|
heap
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
123A000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBF900000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
2515A5D5000
|
heap
|
page read and write
|
||
7FFD9B937000
|
trusted library allocation
|
page read and write
|
||
2070000
|
trusted library allocation
|
page read and write
|
||
10E3000
|
trusted library allocation
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
1B460000
|
heap
|
page read and write
|
||
58A0000
|
heap
|
page read and write
|
||
1DEBFAF2000
|
heap
|
page read and write
|
||
7FDB8FE000
|
stack
|
page read and write
|
||
7FFD9BA05000
|
trusted library allocation
|
page read and write
|
||
43E0000
|
trusted library allocation
|
page read and write
|
||
109B000
|
heap
|
page read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
2CA0000
|
heap
|
page read and write
|
||
2515A792000
|
heap
|
page read and write
|
||
2515BFB4000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
25140A4D000
|
trusted library allocation
|
page read and write
|
||
1DEBA48C000
|
heap
|
page read and write
|
||
EFB000
|
heap
|
page read and write
|
||
299147E000
|
stack
|
page read and write
|
||
126E000
|
stack
|
page read and write
|
||
11D0000
|
heap
|
page read and write
|
||
2515A60B000
|
heap
|
page read and write
|
||
1DEBAD00000
|
heap
|
page read and write
|
||
9CC000
|
stack
|
page read and write
|
||
1DEBFCA0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAFB000
|
trusted library allocation
|
page read and write
|
||
2DD0000
|
unkown
|
page readonly
|
||
7FFD9B909000
|
trusted library allocation
|
page read and write
|
||
1DEBB4D0000
|
trusted library section
|
page readonly
|
||
7FFD9B91B000
|
trusted library allocation
|
page read and write
|
||
1086000
|
heap
|
page read and write
|
||
25140363000
|
heap
|
page read and write
|
||
2D9E000
|
stack
|
page read and write
|
||
1DEBFC4D000
|
trusted library allocation
|
page read and write
|
||
7FFD9B905000
|
trusted library allocation
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
2515BEE0000
|
heap
|
page read and write
|
||
1DEBFAE6000
|
heap
|
page read and write
|
||
C11000
|
unkown
|
page write copy
|
||
7FFD9BB90000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B95C000
|
trusted library allocation
|
page read and write
|
||
1B8E000
|
stack
|
page read and write
|
||
1B76E000
|
stack
|
page read and write
|
||
251505E8000
|
trusted library allocation
|
page read and write
|
||
4A2F000
|
stack
|
page read and write
|
||
5610000
|
trusted library allocation
|
page read and write
|
||
F45000
|
heap
|
page read and write
|
||
7FFD9B998000
|
trusted library allocation
|
page read and write
|
||
44DE000
|
stack
|
page read and write
|
||
10E0000
|
trusted library allocation
|
page read and write
|
||
299207E000
|
stack
|
page read and write
|
||
20F7A100000
|
heap
|
page read and write
|
||
1DEBA502000
|
heap
|
page read and write
|
||
25158FA0000
|
heap
|
page read and write
|
||
1DEBFC00000
|
trusted library allocation
|
page read and write
|
||
2513E5A0000
|
heap
|
page read and write
|
||
128B000
|
heap
|
page read and write
|
||
CF8000
|
stack
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
25140209000
|
heap
|
page read and write
|
||
29908FE000
|
stack
|
page read and write
|
||
2515A733000
|
heap
|
page read and write
|
||
7FFD9BA87000
|
trusted library allocation
|
page read and write
|
||
835000
|
heap
|
page read and write
|
||
C13000
|
unkown
|
page readonly
|
||
25140984000
|
trusted library allocation
|
page read and write
|
||
2513E62E000
|
heap
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
2515A6AA000
|
heap
|
page read and write
|
||
10F5000
|
heap
|
page read and write
|
||
2990AFA000
|
stack
|
page read and write
|
||
207A000
|
trusted library allocation
|
page read and write
|
||
1DEBAD1A000
|
heap
|
page read and write
|
||
29914FE000
|
unkown
|
page readonly
|
||
1DEBB4B0000
|
trusted library section
|
page readonly
|
||
4215000
|
trusted library allocation
|
page read and write
|
||
5FDA000
|
stack
|
page read and write
|
||
25140988000
|
trusted library allocation
|
page read and write
|
||
251401C0000
|
heap
|
page read and write
|
||
2513E7E0000
|
trusted library allocation
|
page read and write
|
||
2513E5E8000
|
heap
|
page read and write
|
||
25158FEB000
|
heap
|
page read and write
|
||
2515A62F000
|
heap
|
page read and write
|
||
1DEBFC56000
|
trusted library allocation
|
page read and write
|
||
1BF70000
|
heap
|
page execute and read and write
|
||
1DEBAD02000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
2DB4000
|
unkown
|
page readonly
|
||
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
2513E823000
|
heap
|
page execute and read and write
|
||
2515BFAA000
|
heap
|
page read and write
|
||
D40000
|
heap
|
page read and write
|
||
FD0000
|
heap
|
page read and write
|
||
E30000
|
heap
|
page read and write
|
||
25140990000
|
trusted library allocation
|
page read and write
|
||
25140A4B000
|
trusted library allocation
|
page read and write
|
||
5EDD000
|
stack
|
page read and write
|
||
1BF73000
|
heap
|
page execute and read and write
|
||
10F0000
|
heap
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
BDE000
|
stack
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
C01000
|
unkown
|
page execute read
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
1DEBAB90000
|
trusted library section
|
page read and write
|
||
4290000
|
trusted library allocation
|
page execute and read and write
|
||
7FDB4FD000
|
stack
|
page read and write
|
||
2AA0000
|
heap
|
page read and write
|
||
4229000
|
trusted library allocation
|
page read and write
|
||
2513E820000
|
heap
|
page execute and read and write
|
||
1B440000
|
unkown
|
page readonly
|
||
D1E000
|
stack
|
page read and write
|
||
7FFD9B958000
|
trusted library allocation
|
page read and write
|
||
20F79C2B000
|
heap
|
page read and write
|
||
1B10000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBA513000
|
heap
|
page read and write
|
||
251405FE000
|
trusted library allocation
|
page read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
1020000
|
heap
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
2513E890000
|
heap
|
page read and write
|
||
1040000
|
trusted library section
|
page read and write
|
||
C01000
|
unkown
|
page execute read
|
||
5D40000
|
trusted library allocation
|
page read and write
|
||
EC8000
|
heap
|
page read and write
|
||
2B6F000
|
trusted library allocation
|
page read and write
|
||
A30000
|
unkown
|
page readonly
|
||
25140639000
|
trusted library allocation
|
page read and write
|
||
4270000
|
trusted library allocation
|
page read and write
|
||
25140970000
|
trusted library allocation
|
page read and write
|
||
8DA000
|
heap
|
page read and write
|
||
1DEBA458000
|
heap
|
page read and write
|
||
1600000
|
trusted library allocation
|
page read and write
|
||
25150454000
|
trusted library allocation
|
page read and write
|
||
560C000
|
stack
|
page read and write
|
||
2515A5F8000
|
heap
|
page read and write
|
||
1B40000
|
heap
|
page execute and read and write
|
||
4230000
|
trusted library allocation
|
page read and write
|
||
44E0000
|
trusted library allocation
|
page read and write
|
||
1B904000
|
heap
|
page read and write
|
||
102C000
|
heap
|
page read and write
|
||
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
1232000
|
trusted library allocation
|
page read and write
|
||
20F79C13000
|
unkown
|
page read and write
|
||
1DEBF850000
|
trusted library allocation
|
page read and write
|
||
7FDAAFB000
|
stack
|
page read and write
|
||
2990EFB000
|
stack
|
page read and write
|
||
F8A000
|
heap
|
page read and write
|
||
1214000
|
trusted library allocation
|
page read and write
|
||
BF0000
|
trusted library allocation
|
page read and write
|
||
251401D0000
|
heap
|
page read and write
|
||
B80000
|
heap
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
4460000
|
unkown
|
page readonly
|
||
2DA0000
|
unkown
|
page readonly
|
||
1B85D000
|
heap
|
page read and write
|
||
1200000
|
trusted library allocation
|
page read and write
|
||
7FFD9B986000
|
trusted library allocation
|
page read and write
|
||
25158FC9000
|
heap
|
page read and write
|
||
1BA0000
|
trusted library allocation
|
page read and write
|
||
1B8B6000
|
heap
|
page read and write
|
||
1031000
|
heap
|
page read and write
|
||
7FFD9B97B000
|
trusted library allocation
|
page read and write
|
||
1DEBAC00000
|
heap
|
page read and write
|
||
1DEBA497000
|
heap
|
page read and write
|
||
224000
|
unkown
|
page read and write
|
||
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
25140974000
|
trusted library allocation
|
page read and write
|
||
2515A6FF000
|
heap
|
page read and write
|
||
20F79D00000
|
trusted library allocation
|
page read and write
|
||
1DEBF8E0000
|
trusted library allocation
|
page read and write
|
||
12AC0000
|
trusted library allocation
|
page read and write
|
||
2515A6A6000
|
heap
|
page read and write
|
||
4A50000
|
trusted library allocation
|
page read and write
|
||
7FFD9B922000
|
trusted library allocation
|
page read and write
|
||
1DEBFAF2000
|
heap
|
page read and write
|
||
1667000
|
heap
|
page read and write
|
||
224000
|
unkown
|
page read and write
|
||
1DEBA4B4000
|
heap
|
page read and write
|
||
12A0000
|
heap
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
B9E000
|
stack
|
page read and write
|
||
10BE000
|
stack
|
page read and write
|
||
800000
|
heap
|
page read and write
|
||
2515A4D8000
|
heap
|
page read and write
|
||
10D0000
|
heap
|
page execute and read and write
|
||
4C00000
|
trusted library allocation
|
page read and write
|
||
1DEBA3F0000
|
heap
|
page read and write
|
||
7FFD9B93D000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
1660000
|
heap
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
29918FE000
|
unkown
|
page readonly
|
||
1BE78000
|
stack
|
page read and write
|
||
7FFD9B9F1000
|
trusted library allocation
|
page read and write
|
||
12AE000
|
stack
|
page read and write
|
||
2C1F000
|
stack
|
page read and write
|
||
1DEBFAC1000
|
heap
|
page read and write
|
||
D8E000
|
stack
|
page read and write
|
||
EF4000
|
stack
|
page read and write
|
||
1077000
|
heap
|
page read and write
|
||
251405B9000
|
trusted library allocation
|
page read and write
|
||
7FDA9FE000
|
stack
|
page read and write
|
||
25140288000
|
heap
|
page read and write
|
||
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
4500000
|
unkown
|
page readonly
|
||
20F79C11000
|
unkown
|
page read and write
|
||
160D000
|
trusted library allocation
|
page execute and read and write
|
||
2E81000
|
trusted library allocation
|
page read and write
|
||
2514042F000
|
trusted library allocation
|
page read and write
|
||
25140273000
|
heap
|
page read and write
|
||
25140BBC000
|
trusted library allocation
|
page read and write
|
||
7FF438CE0000
|
trusted library allocation
|
page execute and read and write
|
||
1B820000
|
heap
|
page read and write
|
||
1BDE2000
|
unkown
|
page readonly
|
||
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
7FFD9B915000
|
trusted library allocation
|
page read and write
|
||
1213000
|
trusted library allocation
|
page execute and read and write
|
||
29912FE000
|
unkown
|
page readonly
|
||
1360000
|
heap
|
page read and write
|
||
48EE000
|
stack
|
page read and write
|
||
4220000
|
trusted library allocation
|
page read and write
|
||
E6D000
|
stack
|
page read and write
|
||
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
2514098C000
|
trusted library allocation
|
page read and write
|
||
1DEBFB02000
|
heap
|
page read and write
|
||
2515A5A7000
|
heap
|
page read and write
|
||
29916FE000
|
unkown
|
page readonly
|
||
1BDE0000
|
unkown
|
page readonly
|
||
4A60000
|
trusted library allocation
|
page read and write
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
42A0000
|
trusted library allocation
|
page read and write
|
||
E40000
|
heap
|
page read and write
|
||
1B918000
|
heap
|
page read and write
|
||
2EBF000
|
stack
|
page read and write
|
||
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
25140978000
|
trusted library allocation
|
page read and write
|
||
1DEBFC70000
|
remote allocation
|
page read and write
|
||
C00000
|
unkown
|
page readonly
|
||
1DEBA42B000
|
heap
|
page read and write
|
||
FD1000
|
heap
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
29915FE000
|
unkown
|
page readonly
|
||
251583F0000
|
trusted library allocation
|
page read and write
|
||
1B898000
|
heap
|
page read and write
|
||
E69000
|
heap
|
page read and write
|
||
4201000
|
trusted library allocation
|
page read and write
|
||
1DEBFC70000
|
remote allocation
|
page read and write
|
||
2DA2000
|
unkown
|
page readonly
|
||
1DEBFC0E000
|
trusted library allocation
|
page read and write
|
||
1B8F8000
|
heap
|
page read and write
|
||
2515BF1D000
|
heap
|
page read and write
|
||
7FFD9B955000
|
trusted library allocation
|
page read and write
|
||
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
1DEBFACB000
|
heap
|
page read and write
|
||
2513E580000
|
heap
|
page read and write
|
||
251402D0000
|
heap
|
page execute and read and write
|
||
25140A2E000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
1247000
|
trusted library allocation
|
page execute and read and write
|
||
25150686000
|
trusted library allocation
|
page read and write
|
||
1DEBFA62000
|
heap
|
page read and write
|
||
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
1610000
|
trusted library allocation
|
page read and write
|
||
1BD0000
|
trusted library allocation
|
page read and write
|
||
EE6000
|
heap
|
page read and write
|
||
20F79B20000
|
heap
|
page read and write
|
||
1DEBB3C0000
|
trusted library allocation
|
page read and write
|
||
206A000
|
trusted library allocation
|
page read and write
|
||
1B84E000
|
heap
|
page read and write
|
||
2515A783000
|
heap
|
page read and write
|
||
2513E770000
|
heap
|
page read and write
|
||
1DEBA48E000
|
heap
|
page read and write
|
||
7FDA3DE000
|
stack
|
page read and write
|
||
12E8F000
|
trusted library allocation
|
page read and write
|
||
1E86000
|
trusted library allocation
|
page read and write
|
||
29906FE000
|
unkown
|
page readonly
|
||
4A6F000
|
trusted library allocation
|
page read and write
|
||
251503C1000
|
trusted library allocation
|
page read and write
|
||
15C8000
|
stack
|
page read and write
|
||
20F79C39000
|
heap
|
page read and write
|
||
25158FB0000
|
heap
|
page read and write
|
||
2CF1000
|
trusted library allocation
|
page read and write
|
||
1B810000
|
heap
|
page execute and read and write
|
||
540C000
|
stack
|
page read and write
|
||
25158D40000
|
heap
|
page read and write
|
||
2D30000
|
trusted library allocation
|
page read and write
|
||
1B400000
|
trusted library section
|
page read and write
|
||
C11000
|
unkown
|
page read and write
|
||
B50000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
44F0000
|
trusted library allocation
|
page read and write
|
||
1B879000
|
heap
|
page read and write
|
||
1DEBFC08000
|
trusted library allocation
|
page read and write
|
||
5240000
|
unkown
|
page readonly
|
||
1DEBFAF6000
|
heap
|
page read and write
|
||
7FFD9B9F9000
|
trusted library allocation
|
page read and write
|
||
25140390000
|
heap
|
page read and write
|
||
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
207E000
|
trusted library allocation
|
page read and write
|
||
41E6000
|
trusted library allocation
|
page read and write
|
||
43D0000
|
trusted library allocation
|
page read and write
|
||
1DEBA492000
|
heap
|
page read and write
|
||
1B0E000
|
stack
|
page read and write
|
||
2515A5E4000
|
heap
|
page read and write
|
||
121D000
|
trusted library allocation
|
page execute and read and write
|
||
25140268000
|
heap
|
page read and write
|
||
2513E790000
|
heap
|
page read and write
|
||
575B000
|
stack
|
page read and write
|
||
1245000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBAA80000
|
trusted library allocation
|
page read and write
|
||
1DEBFA42000
|
heap
|
page read and write
|
||
4280000
|
trusted library allocation
|
page read and write
|
||
2514077B000
|
trusted library allocation
|
page read and write
|
||
2DD0000
|
trusted library allocation
|
page read and write
|
||
1270000
|
unkown
|
page readonly
|
||
1DEBB4A0000
|
trusted library section
|
page readonly
|
||
1CEF000
|
stack
|
page read and write
|
||
1C076000
|
stack
|
page read and write
|
||
25140BC3000
|
trusted library allocation
|
page read and write
|
||
1E94000
|
trusted library allocation
|
page read and write
|
||
2AB1000
|
trusted library allocation
|
page read and write
|
||
12D0000
|
heap
|
page read and write
|
||
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
25140360000
|
heap
|
page read and write
|
||
12E81000
|
trusted library allocation
|
page read and write
|
||
25158FDA000
|
heap
|
page read and write
|
||
1DEBA4A4000
|
heap
|
page read and write
|
||
1C27D000
|
stack
|
page read and write
|
||
1DEBFB11000
|
heap
|
page read and write
|
||
1626000
|
trusted library allocation
|
page execute and read and write
|
||
2E8F000
|
trusted library allocation
|
page read and write
|
||
1DEBFCE5000
|
trusted library allocation
|
page read and write
|
||
1330000
|
heap
|
page read and write
|
||
1DEBA490000
|
heap
|
page read and write
|
||
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
1210000
|
heap
|
page read and write
|
||
7FFD9B956000
|
trusted library allocation
|
page read and write
|
||
2513E640000
|
heap
|
page read and write
|
||
1DEBB4C0000
|
trusted library section
|
page readonly
|
||
43F0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
2C90000
|
heap
|
page read and write
|
||
2514044D000
|
trusted library allocation
|
page read and write
|
||
F03000
|
heap
|
page read and write
|
||
1DEBF9B0000
|
trusted library allocation
|
page read and write
|
||
25140449000
|
trusted library allocation
|
page read and write
|
||
161D000
|
trusted library allocation
|
page execute and read and write
|
||
20F79E00000
|
trusted library allocation
|
page read and write
|
||
2990DFE000
|
unkown
|
page readonly
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
1B85F000
|
heap
|
page read and write
|
||
251504C1000
|
trusted library allocation
|
page read and write
|
||
2515BF03000
|
heap
|
page read and write
|
||
2990BFE000
|
unkown
|
page readonly
|
||
1DEBF8D0000
|
trusted library allocation
|
page read and write
|
||
1DEBFC72000
|
trusted library allocation
|
page read and write
|
||
107B000
|
heap
|
page read and write
|
||
2513E624000
|
heap
|
page read and write
|
||
1DEBAC15000
|
heap
|
page read and write
|
||
EC0000
|
heap
|
page read and write
|
||
2990FFE000
|
unkown
|
page readonly
|
||
F09000
|
heap
|
page read and write
|
||
DB0000
|
heap
|
page read and write
|
||
7FFD9B9CE000
|
trusted library allocation
|
page read and write
|
||
2DC0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
D30000
|
heap
|
page read and write
|
||
2514089A000
|
trusted library allocation
|
page read and write
|
||
7FFD9B94C000
|
trusted library allocation
|
page read and write
|
||
12D6000
|
heap
|
page read and write
|
||
2EB7000
|
trusted library allocation
|
page read and write
|
||
1230000
|
trusted library allocation
|
page read and write
|
||
11B0000
|
heap
|
page read and write
|
||
7FDABFF000
|
stack
|
page read and write
|
||
1B830000
|
heap
|
page read and write
|
||
1637000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
7FFD9B987000
|
trusted library allocation
|
page read and write
|
||
1DEBFC91000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
2515A739000
|
heap
|
page read and write
|
||
1DEBF8E1000
|
trusted library allocation
|
page read and write
|
||
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
2515A5A0000
|
heap
|
page read and write
|
||
226000
|
unkown
|
page readonly
|
||
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
25150560000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9D3000
|
trusted library allocation
|
page read and write
|
||
1DEBFAFB000
|
heap
|
page read and write
|
||
29920FE000
|
unkown
|
page readonly
|
||
1DEBFCF4000
|
trusted library allocation
|
page read and write
|
||
25140616000
|
trusted library allocation
|
page read and write
|
||
2D01000
|
trusted library allocation
|
page read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
2E40000
|
heap
|
page execute and read and write
|
||
1DEBFC6F000
|
trusted library allocation
|
page read and write
|
||
7FFD9B908000
|
trusted library allocation
|
page read and write
|
||
21D000
|
unkown
|
page readonly
|
||
1DEBFA2C000
|
heap
|
page read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
DFE000
|
stack
|
page read and write
|
||
10C0000
|
trusted library allocation
|
page read and write
|
||
1DEBFB0F000
|
heap
|
page read and write
|
||
12AB1000
|
trusted library allocation
|
page read and write
|
||
25140190000
|
heap
|
page read and write
|
||
EA0000
|
heap
|
page read and write
|
||
96B000
|
heap
|
page read and write
|
||
E3B000
|
heap
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
1BB2E000
|
stack
|
page read and write
|
||
20F79D24000
|
heap
|
page read and write
|
||
20F79C00000
|
unkown
|
page read and write
|
||
29910FB000
|
stack
|
page read and write
|
||
2513E800000
|
trusted library allocation
|
page read and write
|
||
29917FE000
|
unkown
|
page readonly
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
1DEBFB0A000
|
heap
|
page read and write
|
||
2515A4C7000
|
heap
|
page read and write
|
||
E20000
|
heap
|
page read and write
|
||
251405F6000
|
trusted library allocation
|
page read and write
|
||
2991AFE000
|
unkown
|
page readonly
|
||
5FE0000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBB2A1000
|
trusted library allocation
|
page read and write
|
||
2513E5FC000
|
heap
|
page read and write
|
||
2515A4A0000
|
heap
|
page read and write
|
||
21D000
|
unkown
|
page readonly
|
||
2513E570000
|
heap
|
page read and write
|
||
1DEBF840000
|
trusted library allocation
|
page read and write
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
2515A618000
|
heap
|
page read and write
|
||
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
1DEBFC00000
|
trusted library allocation
|
page read and write
|
||
124C000
|
heap
|
page read and write
|
||
25150550000
|
trusted library allocation
|
page read and write
|
||
20F79C02000
|
unkown
|
page read and write
|
||
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
1218000
|
heap
|
page read and write
|
||
12BE000
|
heap
|
page read and write
|
||
2CC0000
|
heap
|
page read and write
|
||
1DEBAD13000
|
heap
|
page read and write
|
||
1CF1000
|
trusted library allocation
|
page read and write
|
||
EA5000
|
heap
|
page read and write
|
||
25140052000
|
heap
|
page read and write
|
||
12BC000
|
heap
|
page read and write
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
2515A643000
|
heap
|
page read and write
|
||
1DEBFCA3000
|
trusted library allocation
|
page read and write
|
||
2990CFC000
|
stack
|
page read and write
|
||
2514085F000
|
trusted library allocation
|
page read and write
|
||
5BDB000
|
stack
|
page read and write
|
||
2B5E000
|
stack
|
page read and write
|
||
2513E664000
|
heap
|
page read and write
|
||
20F79C36000
|
heap
|
page read and write
|
||
7FFD9B913000
|
trusted library allocation
|
page read and write
|
||
2515BF21000
|
heap
|
page read and write
|
||
1B20000
|
trusted library allocation
|
page read and write
|
||
1DEBF900000
|
trusted library allocation
|
page read and write
|
||
1604000
|
trusted library allocation
|
page read and write
|
||
4ACD000
|
stack
|
page read and write
|
||
1420000
|
heap
|
page read and write
|
||
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
251403DA000
|
trusted library allocation
|
page read and write
|
||
8BE000
|
stack
|
page read and write
|
||
7FFD9B98E000
|
trusted library allocation
|
page read and write
|
||
1DEBFC64000
|
trusted library allocation
|
page read and write
|
||
25150584000
|
trusted library allocation
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
251405FA000
|
trusted library allocation
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
299177E000
|
stack
|
page read and write
|
||
20F7A100000
|
heap
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
2513E5EA000
|
heap
|
page read and write
|
||
1DEBFCC2000
|
trusted library allocation
|
page read and write
|
||
7FDA353000
|
stack
|
page read and write
|
||
1B874000
|
heap
|
page read and write
|
||
2514022D000
|
heap
|
page read and write
|
||
25150596000
|
trusted library allocation
|
page read and write
|
||
41FE000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
205E000
|
trusted library allocation
|
page read and write
|
||
1603000
|
trusted library allocation
|
page execute and read and write
|
||
1B9B0000
|
trusted library allocation
|
page read and write
|
||
1650000
|
trusted library allocation
|
page read and write
|
||
5242000
|
unkown
|
page readonly
|
||
5BF0000
|
trusted library allocation
|
page read and write
|
||
1DEBFAE2000
|
heap
|
page read and write
|
||
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
428A000
|
trusted library allocation
|
page read and write
|
||
2513E5C5000
|
heap
|
page read and write
|
||
3E8E000
|
stack
|
page read and write
|
||
C00000
|
unkown
|
page readonly
|
||
5230000
|
heap
|
page execute and read and write
|
||
1220000
|
trusted library allocation
|
page read and write
|
||
FE5000
|
heap
|
page read and write
|
||
2514043C000
|
trusted library allocation
|
page read and write
|
||
530A000
|
stack
|
page read and write
|
||
7FFD9B949000
|
trusted library allocation
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
163B000
|
trusted library allocation
|
page execute and read and write
|
||
1242000
|
trusted library allocation
|
page read and write
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
4400000
|
trusted library allocation
|
page read and write
|
||
2515BEEE000
|
heap
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
224000
|
unkown
|
page write copy
|
||
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
4A30000
|
trusted library allocation
|
page execute and read and write
|
||
2515A667000
|
heap
|
page read and write
|
||
25140994000
|
trusted library allocation
|
page read and write
|
||
1C350000
|
heap
|
page read and write
|
||
25140BAC000
|
trusted library allocation
|
page read and write
|
||
78C000
|
stack
|
page read and write
|
||
1B8E4000
|
heap
|
page read and write
|
||
1350000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
20F79B00000
|
heap
|
page read and write
|
||
1240000
|
trusted library allocation
|
page read and write
|
||
1B8FC000
|
heap
|
page read and write
|
||
20F7A002000
|
heap
|
page read and write
|
||
2DE0000
|
trusted library allocation
|
page read and write
|
||
2B90000
|
heap
|
page read and write
|
||
7FFD9B917000
|
trusted library allocation
|
page read and write
|
||
2515A731000
|
heap
|
page read and write
|
||
492E000
|
stack
|
page read and write
|
||
2CF7000
|
trusted library allocation
|
page read and write
|
||
251583C0000
|
trusted library allocation
|
page read and write
|
||
2074000
|
trusted library allocation
|
page read and write
|
||
41E2000
|
trusted library allocation
|
page read and write
|
||
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
C0B000
|
unkown
|
page readonly
|
||
299167E000
|
stack
|
page read and write
|
||
F1B000
|
heap
|
page read and write
|
||
F10000
|
trusted library allocation
|
page read and write
|
||
1B87F000
|
heap
|
page read and write
|
||
251405F2000
|
trusted library allocation
|
page read and write
|
||
1DEBFAE1000
|
heap
|
page read and write
|
||
1DEBFCE8000
|
trusted library allocation
|
page read and write
|
||
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
1DEBA4A2000
|
heap
|
page read and write
|
||
20F79D02000
|
trusted library allocation
|
page read and write
|
||
1DEBF8B0000
|
trusted library allocation
|
page read and write
|
||
1B901000
|
heap
|
page read and write
|
||
251401E1000
|
heap
|
page read and write
|
||
1DEBF9A0000
|
trusted library allocation
|
page read and write
|
||
FA0000
|
heap
|
page read and write
|
||
2513E895000
|
heap
|
page read and write
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
2515A60F000
|
heap
|
page read and write
|
||
251504B2000
|
trusted library allocation
|
page read and write
|
||
1B990000
|
heap
|
page execute and read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
115F000
|
stack
|
page read and write
|
||
4A80000
|
trusted library allocation
|
page execute and read and write
|
||
299137E000
|
stack
|
page read and write
|
||
7FDA39E000
|
stack
|
page read and write
|
||
25158FCD000
|
heap
|
page read and write
|
||
2515059E000
|
trusted library allocation
|
page read and write
|
||
422B000
|
trusted library allocation
|
page read and write
|
||
2076000
|
trusted library allocation
|
page read and write
|
||
1203000
|
heap
|
page read and write
|
||
7FDB7FD000
|
stack
|
page read and write
|
||
1DEBFCFC000
|
trusted library allocation
|
page read and write
|
||
25140980000
|
trusted library allocation
|
page read and write
|
||
1050000
|
heap
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
29913FE000
|
unkown
|
page readonly
|
||
7FFD9B913000
|
trusted library allocation
|
page read and write
|
||
1620000
|
trusted library allocation
|
page read and write
|
||
1DEBFA4F000
|
heap
|
page read and write
|
||
1DEBA42F000
|
heap
|
page read and write
|
||
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
1B56E000
|
stack
|
page read and write
|
||
251403C1000
|
trusted library allocation
|
page read and write
|
||
1DEBA4B0000
|
heap
|
page read and write
|
||
2E10000
|
trusted library allocation
|
page read and write
|
||
25140602000
|
trusted library allocation
|
page read and write
|
||
1DEBF8E0000
|
trusted library allocation
|
page read and write
|
||
251505A2000
|
trusted library allocation
|
page read and write
|
||
20F7A102000
|
heap
|
page read and write
|
||
2513E860000
|
trusted library allocation
|
page read and write
|
||
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
1C176000
|
stack
|
page read and write
|
||
1DEBFC20000
|
trusted library allocation
|
page read and write
|
||
1DEBA43F000
|
heap
|
page read and write
|
||
2514060A000
|
trusted library allocation
|
page read and write
|
||
FED000
|
heap
|
page read and write
|
||
2515A0C2000
|
trusted library allocation
|
page read and write
|
||
1DEBF910000
|
trusted library allocation
|
page read and write
|
||
E402AFE000
|
stack
|
page read and write
|
||
1B8CE000
|
heap
|
page read and write
|
||
1DEBFA5B000
|
heap
|
page read and write
|
||
210000
|
unkown
|
page readonly
|
||
1075000
|
heap
|
page read and write
|
||
43C7000
|
trusted library allocation
|
page read and write
|
||
2E51000
|
trusted library allocation
|
page read and write
|
||
6130000
|
heap
|
page read and write
|
||
1DEBFC70000
|
remote allocation
|
page read and write
|
||
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
7FDB2FE000
|
stack
|
page read and write
|
||
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
299157E000
|
stack
|
page read and write
|
||
25140919000
|
trusted library allocation
|
page read and write
|
||
1B886000
|
heap
|
page read and write
|
||
1E8B000
|
trusted library allocation
|
page read and write
|
||
1DEBFC18000
|
trusted library allocation
|
page read and write
|
||
1DEBF8D0000
|
trusted library allocation
|
page read and write
|
||
1DEBFCF1000
|
trusted library allocation
|
page read and write
|
||
1DEBFAC4000
|
heap
|
page read and write
|
There are 877 hidden memdumps, click here to show them.