Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ScreenConnect.ClientSetup (1).exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientSetup (1).exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Config.Msi\6ed328.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\Client.en-US.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\Client.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsAuthenticationPackage.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsBackstageShell.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsCredentialProvider.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsFileManager.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\app.config
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\system.config
|
XML 1.0 document, ASCII text, with very long lines (480), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x45e336a3, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\CustomAction.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\Microsoft.Deployment.Compression.Cab.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\Microsoft.Deployment.Compression.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\Microsoft.Deployment.WindowsInstaller.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\ScreenConnect.InstallerActions.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSICF5E.tmp-\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ScreenConnect\ccf23f1afa8af061\setup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug
13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\6ed327.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug
13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\6ed329.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}, Create Time/Date: Tue Aug 13 23:22:20 2024, Last Saved Time/Date: Tue Aug
13 23:22:20 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSID52B.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSID53B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSID7CD.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}\DefaultIcon
|
MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 4 bits/pixel, 32x32
with PNG image data, 32 x 32, 1-bit colormap, non-interlaced, 4 bits/pixel
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\4mlziiez.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\5im4yx0k.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\fnbyy2ll.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\hldinm0o.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\ledwk0ar.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\ndtrnucs.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\nhkn5cft.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\ou2zxzr5.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\snbxiz2y.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (ccf23f1afa8af061)\user.config (copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF1C8E99E63545DD09.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF37F34072B0149A5B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF3BD3E6D47F5DADCA.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF4D375C5AF091B163.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF565E6EC348A37150.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF656821DCA6CB9E3B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA871CDFCC1757634.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC1239B7D2C0D35B7.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFCB2574F80E1CAEF6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD88D20DBC440ACAD.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE2FA5B54689649C6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFEFAF8787C3EE109D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 56 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ScreenConnect.ClientSetup (1).exe
|
"C:\Users\user\Desktop\ScreenConnect.ClientSetup (1).exe"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.ClientService.exe
|
"C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-f13iq7-relay.screenconnect.com&p=443&s=8c4565db-ac67-42c5-9630-9aa3f157ab83&k=BgIAAACkAABSU0ExAAgAAAEAAQC1MY9w4B1kmCI8rrVVcN3Qv2pF2incNEaC5%2f57%2frQys%2fxWV8jitTHxen5sI4Wll36RpM9KV99bb78RmSViUCckbjE5KmpupWzSRQPRoXSxvLn2bqJ43r%2b0c1Xzj6wxUS%2bGCdb3y5osDTbAX4izwcSX%2fWd5MibcXFXyV0GDsYs7uPqQNXSNtw1v5PTrV4hH6KEn7iG8xD119OfXklw0j4quXgapgwpI4dZ5E20CIMcRqfPC5dqnBzSKD%2bnQ0l48Ao%2fzM5ObrNV%2f8giwIObi%2f%2b9H0BQvztiy4rypOySEqrH3oVDeR1OWmdV0FGCTguAa5uyNJoKXRLqK4n1ztMQHr%2f%2bi&c=Van%20Buren%20Telephone%20Company&c=&c=&c=&c=&c=&c=&c="
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsClient.exe
|
"C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\ScreenConnect.WindowsClient.exe" "RunRole" "45494334-b96f-4a01-b0ee-df000a95fbae"
"User"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\ccf23f1afa8af061\setup.msi"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding BC108F69163DAA59A6F9981178743870 C
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Local\Temp\MSICF5E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7262203 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding CCDB78175ACA179D0D189E42F6A15F79
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 644E16E75658CB40C644CEA9BB61A5D0 E Global\MSI0000
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://instance-f13iq7-relay.screenconnect.com:443/d
|
unknown
|
||
|
http://wixtoolset.org/releases/
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://wixtoolset.org/news/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://instance-f13iq7-relay.screenconnect.com:443/O
|
unknown
|
||
|
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
|
unknown
|
||
|
https://feedback.screenconnect.com/Feedback.axd
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-support
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
instance-f13iq7-relay.screenconnect.com
|
unknown
|
|
|
|
server-nix282c8ff2-relay.screenconnect.com
|
147.28.146.148
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.28.146.148
|
server-nix282c8ff2-relay.screenconnect.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
|
Authentication Packages
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6ed328.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6ed328.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33384CD759CCBFD5E5F24C42DE783B4C
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7D0D907E6EC12B4BD3CE91DF20B45BC
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\198FD63303851F1F9AE7C4843464BD5C
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79E3B4E73A8C3AB473D93461498EEB7B
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A67A7ECAD5C61D2FA43E323704F6B299
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDEE39608887779B849BDD4D231EB1D9
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BAF63B5C4EF90FDD4AC8862F62EF43A
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\ScreenConnect Client (ccf23f1afa8af061)\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-ccf23f1afa8af061
|
URL Protocol
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-ccf23f1afa8af061
|
UseOriginalUrlEncoding
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-ccf23f1afa8af061\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (ccf23f1afa8af061)
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-D730-25198DD1B472}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-D730-25198DD1B472}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-D730-25198DD1B472}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\777804392AB04500CC2FF3A1AFA80F16
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\189291C7AF00A6F4CCD5D8B3A09D66AA
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\Features
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{7C192981-00FA-4F6A-CC5D-8D3B0AD966AA}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\777804392AB04500CC2FF3A1AFA80F16
|
189291C7AF00A6F4CCD5D8B3A09D66AA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\189291C7AF00A6F4CCD5D8B3A09D66AA\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
|
AutoBackupLogFiles
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
|
EventMessageFile
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ccf23f1afa8af061)
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 104 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B10000
|
heap
|
page read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
7FFD34470000
|
trusted library allocation
|
page read and write
|
||
|
1C72000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34698000
|
trusted library allocation
|
page read and write
|
||
|
4862000
|
unkown
|
page readonly
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
1B66E000
|
heap
|
page read and write
|
||
|
7FEF000
|
trusted library allocation
|
page read and write
|
||
|
256C000
|
trusted library allocation
|
page read and write
|
||
|
1BED7000
|
stack
|
page read and write
|
||
|
1C82000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
237C000
|
trusted library allocation
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
2B4427E000
|
unkown
|
page readonly
|
||
|
137E000
|
stack
|
page read and write
|
||
|
46C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34460000
|
trusted library allocation
|
page read and write
|
||
|
161B9502000
|
heap
|
page read and write
|
||
|
1ADAC000
|
stack
|
page read and write
|
||
|
23A5000
|
trusted library allocation
|
page read and write
|
||
|
5CC0000
|
trusted library section
|
page read and write
|
||
|
1662000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
heap
|
page read and write
|
||
|
5A50000
|
trusted library section
|
page read and write
|
||
|
7FB18000
|
trusted library allocation
|
page execute and read and write
|
||
|
50F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
161BEAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
3387000
|
heap
|
page read and write
|
||
|
12821000
|
trusted library allocation
|
page read and write
|
||
|
4872000
|
unkown
|
page readonly
|
||
|
E57000
|
stack
|
page read and write
|
||
|
1B8E5000
|
unkown
|
page readonly
|
||
|
1B750000
|
heap
|
page execute and read and write
|
||
|
4E0D000
|
stack
|
page read and write
|
||
|
620000
|
unkown
|
page readonly
|
||
|
1B653000
|
heap
|
page read and write
|
||
|
15E4000
|
trusted library allocation
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
1B490000
|
heap
|
page execute and read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
1B672000
|
heap
|
page read and write
|
||
|
F25000
|
heap
|
page read and write
|
||
|
8F4A000
|
trusted library allocation
|
page read and write
|
||
|
1B8CC000
|
unkown
|
page readonly
|
||
|
1C120000
|
heap
|
page read and write
|
||
|
161B94FE000
|
heap
|
page read and write
|
||
|
4F8F000
|
stack
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
7FFD343E4000
|
trusted library allocation
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
161B9D1A000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
trusted library allocation
|
page read and write
|
||
|
2B4357E000
|
unkown
|
page readonly
|
||
|
150D000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
1B630000
|
heap
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
E1B000
|
stack
|
page read and write
|
||
|
161BEC20000
|
trusted library allocation
|
page read and write
|
||
|
7556000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
trusted library section
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
1B28E000
|
stack
|
page read and write
|
||
|
100000
|
unkown
|
page readonly
|
||
|
24DD000
|
trusted library allocation
|
page read and write
|
||
|
1B38F000
|
stack
|
page read and write
|
||
|
5E7C000
|
trusted library section
|
page read and write
|
||
|
4874000
|
unkown
|
page readonly
|
||
|
164D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2588000
|
trusted library allocation
|
page read and write
|
||
|
2B434FE000
|
stack
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
2401000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
4DAD000
|
stack
|
page read and write
|
||
|
14D8000
|
heap
|
page read and write
|
||
|
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
|
726C000
|
stack
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
11000
|
unkown
|
page execute read
|
||
|
1B8F3000
|
unkown
|
page readonly
|
||
|
2B4397B000
|
stack
|
page read and write
|
||
|
161B9400000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
1E70000
|
trusted library allocation
|
page read and write
|
||
|
223C000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
6410000
|
heap
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
||
|
1B8DD000
|
unkown
|
page readonly
|
||
|
24CF000
|
trusted library allocation
|
page read and write
|
||
|
242F000
|
trusted library allocation
|
page read and write
|
||
|
1C0D0000
|
heap
|
page read and write
|
||
|
7FF47DC90000
|
trusted library allocation
|
page execute and read and write
|
||
|
483B000
|
unkown
|
page readonly
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
167B000
|
trusted library allocation
|
page execute and read and write
|
||
|
161BF000000
|
heap
|
page read and write
|
||
|
428000
|
unkown
|
page readonly
|
||
|
2510000
|
trusted library allocation
|
page read and write
|
||
|
161B9390000
|
heap
|
page read and write
|
||
|
6EEE000
|
stack
|
page read and write
|
||
|
2B43A7E000
|
unkown
|
page readonly
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
8D92000
|
trusted library allocation
|
page read and write
|
||
|
45A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3454A000
|
trusted library allocation
|
page read and write
|
||
|
588E000
|
trusted library allocation
|
page read and write
|
||
|
161BE9AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
1677000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E6000
|
trusted library allocation
|
page read and write
|
||
|
1C76000
|
trusted library allocation
|
page execute and read and write
|
||
|
61EF000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
C09000
|
heap
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
484E000
|
unkown
|
page readonly
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
5A9D000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
6DAF000
|
stack
|
page read and write
|
||
|
2384000
|
trusted library allocation
|
page read and write
|
||
|
4435000
|
trusted library allocation
|
page read and write
|
||
|
161B9C02000
|
heap
|
page read and write
|
||
|
2B42B7E000
|
unkown
|
page readonly
|
||
|
161BE951000
|
trusted library allocation
|
page read and write
|
||
|
7E76000
|
trusted library allocation
|
page read and write
|
||
|
161BEAC1000
|
heap
|
page read and write
|
||
|
45D0000
|
trusted library allocation
|
page read and write
|
||
|
FD9000
|
stack
|
page read and write
|
||
|
7FFD344D0000
|
trusted library allocation
|
page read and write
|
||
|
5474000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
1B8F1000
|
unkown
|
page readonly
|
||
|
3057000
|
trusted library allocation
|
page read and write
|
||
|
672E000
|
stack
|
page read and write
|
||
|
4868000
|
unkown
|
page readonly
|
||
|
137A000
|
heap
|
page read and write
|
||
|
2598000
|
trusted library allocation
|
page read and write
|
||
|
1C87000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF5000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
7FFD344F0000
|
trusted library allocation
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
8B44000
|
trusted library allocation
|
page read and write
|
||
|
161BA520000
|
trusted library section
|
page readonly
|
||
|
8F44000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
63F0000
|
heap
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
1B8EF000
|
unkown
|
page readonly
|
||
|
161B9478000
|
heap
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
161BECF0000
|
remote allocation
|
page read and write
|
||
|
5CC4000
|
trusted library section
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
2B43079000
|
stack
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
161BEC20000
|
trusted library allocation
|
page read and write
|
||
|
2B4317E000
|
unkown
|
page readonly
|
||
|
161BEB0A000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
33E1000
|
heap
|
page read and write
|
||
|
622000
|
unkown
|
page readonly
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
1666000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B48E000
|
stack
|
page read and write
|
||
|
161BE994000
|
trusted library allocation
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
1643000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
447A000
|
trusted library allocation
|
page read and write
|
||
|
BAB000
|
heap
|
page read and write
|
||
|
1215000
|
heap
|
page read and write
|
||
|
15E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5110000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B4347E000
|
unkown
|
page readonly
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
1B760000
|
unkown
|
page readonly
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
1C0CD000
|
stack
|
page read and write
|
||
|
7FEC000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
12830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34455000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
161B9513000
|
heap
|
page read and write
|
||
|
74F4000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
5E76000
|
trusted library section
|
page read and write
|
||
|
43CB000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
24E1000
|
trusted library allocation
|
page read and write
|
||
|
4854000
|
unkown
|
page readonly
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD345A0000
|
trusted library allocation
|
page read and write
|
||
|
50DD000
|
stack
|
page read and write
|
||
|
1B500000
|
heap
|
page read and write
|
||
|
15C0000
|
trusted library section
|
page read and write
|
||
|
7FFD341B4000
|
trusted library allocation
|
page read and write
|
||
|
8B33000
|
trusted library allocation
|
page read and write
|
||
|
2594000
|
trusted library allocation
|
page read and write
|
||
|
4D62000
|
trusted library allocation
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
161BECA0000
|
trusted library allocation
|
page read and write
|
||
|
1D000
|
unkown
|
page readonly
|
||
|
24B2000
|
trusted library allocation
|
page read and write
|
||
|
161B942B000
|
heap
|
page read and write
|
||
|
1B8ED000
|
unkown
|
page readonly
|
||
|
5191000
|
trusted library allocation
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
1C119000
|
heap
|
page read and write
|
||
|
1E2C000
|
stack
|
page read and write
|
||
|
5465000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
46D0000
|
unkown
|
page readonly
|
||
|
4860000
|
unkown
|
page readonly
|
||
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
||
|
1B5B3000
|
heap
|
page read and write
|
||
|
1B8FB000
|
unkown
|
page readonly
|
||
|
10D000
|
unkown
|
page readonly
|
||
|
7FFD34450000
|
trusted library allocation
|
page read and write
|
||
|
165D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34367000
|
trusted library allocation
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
1B8F7000
|
unkown
|
page readonly
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page read and write
|
||
|
1B8FF000
|
unkown
|
page readonly
|
||
|
5C30000
|
trusted library allocation
|
page read and write
|
||
|
1266000
|
heap
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
161B948F000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library section
|
page read and write
|
||
|
161BEA61000
|
heap
|
page read and write
|
||
|
161BEAA0000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
161BEA2E000
|
heap
|
page read and write
|
||
|
2214000
|
trusted library allocation
|
page read and write
|
||
|
1B8E9000
|
unkown
|
page readonly
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page read and write
|
||
|
15ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
1386000
|
heap
|
page read and write
|
||
|
161BEA58000
|
heap
|
page read and write
|
||
|
43C9000
|
trusted library allocation
|
page read and write
|
||
|
1455000
|
heap
|
page read and write
|
||
|
22CA000
|
trusted library allocation
|
page read and write
|
||
|
2B9E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3426C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B4407E000
|
unkown
|
page readonly
|
||
|
58A5000
|
trusted library allocation
|
page read and write
|
||
|
43F0000
|
heap
|
page execute and read and write
|
||
|
1C80000
|
trusted library allocation
|
page read and write
|
||
|
591B000
|
stack
|
page read and write
|
||
|
2B42A7E000
|
stack
|
page read and write
|
||
|
22C2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
|
5B9C000
|
stack
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
1B64A000
|
heap
|
page read and write
|
||
|
2B4377E000
|
unkown
|
page readonly
|
||
|
1B681000
|
heap
|
page read and write
|
||
|
161B9D02000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
1D000
|
unkown
|
page readonly
|
||
|
24ED000
|
trusted library allocation
|
page read and write
|
||
|
161BE940000
|
trusted library allocation
|
page read and write
|
||
|
15FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
161B9D13000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
161BE990000
|
trusted library allocation
|
page read and write
|
||
|
1B8FD000
|
unkown
|
page readonly
|
||
|
161B9422000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
5C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B436FE000
|
stack
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
7511000
|
trusted library allocation
|
page read and write
|
||
|
161B9474000
|
heap
|
page read and write
|
||
|
1B8E3000
|
unkown
|
page readonly
|
||
|
1D2A0000
|
heap
|
page read and write
|
||
|
4402000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
116000
|
unkown
|
page readonly
|
||
|
5CDB000
|
stack
|
page read and write
|
||
|
7554000
|
trusted library allocation
|
page read and write
|
||
|
46B0000
|
trusted library allocation
|
page read and write
|
||
|
4876000
|
unkown
|
page readonly
|
||
|
B40000
|
heap
|
page read and write
|
||
|
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
|
4864000
|
unkown
|
page readonly
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
2204000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
2B447FE000
|
stack
|
page read and write
|
||
|
7FF1000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
161BECF0000
|
remote allocation
|
page read and write
|
||
|
1B5B0000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
161BE980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
7FFD346BB000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
trusted library section
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
2B4487E000
|
unkown
|
page readonly
|
||
|
161BEC80000
|
trusted library allocation
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
161B949F000
|
heap
|
page read and write
|
||
|
101000
|
unkown
|
page execute read
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page execute and read and write
|
||
|
157C000
|
stack
|
page read and write
|
||
|
A591000
|
trusted library allocation
|
page read and write
|
||
|
3381000
|
heap
|
page read and write
|
||
|
2B4287E000
|
unkown
|
page readonly
|
||
|
2275000
|
trusted library allocation
|
page read and write
|
||
|
2435000
|
trusted library allocation
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
4480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34266000
|
trusted library allocation
|
page read and write
|
||
|
161BE8D0000
|
trusted library allocation
|
page read and write
|
||
|
54F000
|
unkown
|
page readonly
|
||
|
2549000
|
trusted library allocation
|
page read and write
|
||
|
4406000
|
trusted library allocation
|
page read and write
|
||
|
1C70000
|
trusted library allocation
|
page read and write
|
||
|
7525000
|
trusted library allocation
|
page read and write
|
||
|
2B4367E000
|
unkown
|
page readonly
|
||
|
2B42E7C000
|
stack
|
page read and write
|
||
|
161B9F01000
|
trusted library allocation
|
page read and write
|
||
|
2051000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page execute and read and write
|
||
|
161BE950000
|
trusted library allocation
|
page read and write
|
||
|
1B150000
|
unkown
|
page readonly
|
||
|
161BA550000
|
trusted library section
|
page readonly
|
||
|
7FFD344B0000
|
trusted library allocation
|
page read and write
|
||
|
1B762000
|
unkown
|
page readonly
|
||
|
1B8E1000
|
unkown
|
page readonly
|
||
|
7FFD34423000
|
trusted library allocation
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
161B9528000
|
heap
|
page read and write
|
||
|
5494000
|
heap
|
page read and write
|
||
|
161B9429000
|
heap
|
page read and write
|
||
|
7FFD343A5000
|
trusted library allocation
|
page read and write
|
||
|
161BEABB000
|
heap
|
page read and write
|
||
|
7FFD346B1000
|
trusted library allocation
|
page read and write
|
||
|
547D000
|
heap
|
page read and write
|
||
|
4630000
|
unkown
|
page readonly
|
||
|
7FFD344A0000
|
trusted library allocation
|
page read and write
|
||
|
161BA8C0000
|
trusted library allocation
|
page read and write
|
||
|
22EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34692000
|
trusted library allocation
|
page read and write
|
||
|
161BEC30000
|
trusted library allocation
|
page read and write
|
||
|
161B9C00000
|
heap
|
page read and write
|
||
|
32FC000
|
trusted library allocation
|
page read and write
|
||
|
2B421EB000
|
stack
|
page read and write
|
||
|
1B901000
|
unkown
|
page readonly
|
||
|
1448000
|
heap
|
page read and write
|
||
|
19ED000
|
stack
|
page read and write
|
||
|
32D0000
|
trusted library section
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
5A5C000
|
stack
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
595D000
|
stack
|
page read and write
|
||
|
1B8EB000
|
unkown
|
page readonly
|
||
|
517A000
|
trusted library allocation
|
page read and write
|
||
|
1B903000
|
unkown
|
page readonly
|
||
|
50F9000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2C94000
|
trusted library allocation
|
page read and write
|
||
|
4F83000
|
heap
|
page read and write
|
||
|
7B11000
|
trusted library allocation
|
page read and write
|
||
|
4866000
|
unkown
|
page readonly
|
||
|
161BEA00000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
1237000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
1B905000
|
unkown
|
page readonly
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
161B9494000
|
heap
|
page read and write
|
||
|
7FFD34480000
|
trusted library allocation
|
page read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
43C0000
|
trusted library allocation
|
page read and write
|
||
|
161BE980000
|
trusted library allocation
|
page read and write
|
||
|
1DEF000
|
stack
|
page read and write
|
||
|
161BEA41000
|
heap
|
page read and write
|
||
|
5090000
|
heap
|
page execute and read and write
|
||
|
33FD000
|
heap
|
page read and write
|
||
|
1B648000
|
heap
|
page read and write
|
||
|
242D000
|
trusted library allocation
|
page read and write
|
||
|
716B000
|
stack
|
page read and write
|
||
|
6191000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
unkown
|
page readonly
|
||
|
58B0000
|
heap
|
page execute and read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
161BEA85000
|
heap
|
page read and write
|
||
|
483D000
|
unkown
|
page readonly
|
||
|
2B437FE000
|
stack
|
page read and write
|
||
|
1B8DF000
|
unkown
|
page readonly
|
||
|
7FFD34535000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341C3000
|
trusted library allocation
|
page read and write
|
||
|
161B93D0000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
1B5BC000
|
heap
|
page read and write
|
||
|
1B183000
|
heap
|
page read and write
|
||
|
1E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD345D0000
|
trusted library allocation
|
page read and write
|
||
|
1B520000
|
unkown
|
page readonly
|
||
|
114000
|
unkown
|
page write copy
|
||
|
1294E000
|
trusted library allocation
|
page read and write
|
||
|
221A000
|
trusted library allocation
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
2030000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
trusted library section
|
page read and write
|
||
|
7E98000
|
trusted library allocation
|
page read and write
|
||
|
34FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEE000
|
stack
|
page read and write
|
||
|
7F1000
|
stack
|
page read and write
|
||
|
544E000
|
heap
|
page read and write
|
||
|
1B5F2000
|
heap
|
page read and write
|
||
|
161B9C15000
|
heap
|
page read and write
|
||
|
4858000
|
unkown
|
page readonly
|
||
|
34F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
485E000
|
unkown
|
page readonly
|
||
|
1672000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34537000
|
trusted library allocation
|
page read and write
|
||
|
339A000
|
heap
|
page read and write
|
||
|
14B9000
|
heap
|
page read and write
|
||
|
45B7000
|
trusted library allocation
|
page read and write
|
||
|
2020000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
1B8E7000
|
unkown
|
page readonly
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
2B42C7C000
|
stack
|
page read and write
|
||
|
161BEAF1000
|
heap
|
page read and write
|
||
|
4E03000
|
heap
|
page read and write
|
||
|
161B94B8000
|
heap
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
1B152000
|
unkown
|
page readonly
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
2B435FE000
|
stack
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
||
|
161B948D000
|
heap
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
2D2E000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
7FFD34490000
|
trusted library allocation
|
page read and write
|
||
|
2B4417D000
|
stack
|
page read and write
|
||
|
10D000
|
unkown
|
page readonly
|
||
|
7FFD343DE000
|
trusted library allocation
|
page read and write
|
||
|
4490000
|
unkown
|
page readonly
|
||
|
651E000
|
stack
|
page read and write
|
||
|
440C000
|
trusted library allocation
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
161BEAEC000
|
heap
|
page read and write
|
||
|
2572000
|
trusted library allocation
|
page read and write
|
||
|
7FBD000
|
trusted library allocation
|
page read and write
|
||
|
114000
|
unkown
|
page read and write
|
||
|
5084000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
161BA510000
|
trusted library section
|
page readonly
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
7FFD34694000
|
trusted library allocation
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
441E000
|
trusted library allocation
|
page read and write
|
||
|
5891000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
2B433FE000
|
stack
|
page read and write
|
||
|
4470000
|
trusted library allocation
|
page read and write
|
||
|
2B43AFE000
|
stack
|
page read and write
|
||
|
215E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3420C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B4337E000
|
unkown
|
page readonly
|
||
|
1B180000
|
heap
|
page read and write
|
||
|
2160000
|
trusted library allocation
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
7FFD343D7000
|
trusted library allocation
|
page read and write
|
||
|
1C85000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C4000
|
trusted library allocation
|
page read and write
|
||
|
2369000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341D0000
|
trusted library allocation
|
page read and write
|
||
|
3530000
|
heap
|
page readonly
|
||
|
1B0F0000
|
unkown
|
page readonly
|
||
|
587C000
|
trusted library allocation
|
page read and write
|
||
|
24000
|
unkown
|
page write copy
|
||
|
7FB00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD341B0000
|
trusted library allocation
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
2B42D7E000
|
unkown
|
page readonly
|
||
|
161BE970000
|
trusted library allocation
|
page read and write
|
||
|
14CB000
|
heap
|
page read and write
|
||
|
EDC000
|
stack
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B63E000
|
heap
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
259A000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
19F0000
|
heap
|
page read and write
|
||
|
7FFD34449000
|
trusted library allocation
|
page read and write
|
||
|
EF3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346A0000
|
trusted library allocation
|
page read and write
|
||
|
1BDD6000
|
stack
|
page read and write
|
||
|
7FFD34533000
|
trusted library allocation
|
page read and write
|
||
|
161BA500000
|
trusted library section
|
page readonly
|
||
|
200E000
|
stack
|
page read and write
|
||
|
237A000
|
trusted library allocation
|
page read and write
|
||
|
485A000
|
unkown
|
page readonly
|
||
|
1708000
|
stack
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
24DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34420000
|
trusted library allocation
|
page read and write
|
||
|
34B0000
|
heap
|
page execute and read and write
|
||
|
24000
|
unkown
|
page read and write
|
||
|
1B164000
|
unkown
|
page readonly
|
||
|
7FFD341DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B0000
|
trusted library allocation
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
161B93E0000
|
trusted library section
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
2349000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
486E000
|
unkown
|
page readonly
|
||
|
1B730000
|
trusted library section
|
page readonly
|
||
|
608D000
|
stack
|
page read and write
|
||
|
34B0000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
34C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6195000
|
trusted library allocation
|
page read and write
|
||
|
161B945B000
|
heap
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
161BA240000
|
trusted library allocation
|
page read and write
|
||
|
5172000
|
trusted library allocation
|
page read and write
|
||
|
2B43B7E000
|
unkown
|
page readonly
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
161BEAF6000
|
heap
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
5C10000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
161B9D1B000
|
heap
|
page read and write
|
||
|
74EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34441000
|
trusted library allocation
|
page read and write
|
||
|
161B9370000
|
heap
|
page read and write
|
||
|
1644000
|
trusted library allocation
|
page read and write
|
||
|
33EC000
|
heap
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
161B946F000
|
heap
|
page read and write
|
||
|
7E92000
|
trusted library allocation
|
page read and write
|
||
|
55DA000
|
stack
|
page read and write
|
||
|
161B93A0000
|
heap
|
page read and write
|
||
|
23DE000
|
trusted library allocation
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
486C000
|
unkown
|
page readonly
|
||
|
105D000
|
stack
|
page read and write
|
||
|
4870000
|
unkown
|
page readonly
|
||
|
161BA530000
|
trusted library section
|
page readonly
|
||
|
6310000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
338B000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
7565000
|
trusted library allocation
|
page read and write
|
||
|
24E9000
|
trusted library allocation
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
2409000
|
trusted library allocation
|
page read and write
|
||
|
5C18000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page read and write
|
||
|
5432000
|
heap
|
page read and write
|
||
|
161BEAFA000
|
heap
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
5E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
161BECF0000
|
remote allocation
|
page read and write
|
||
|
1E78000
|
trusted library allocation
|
page read and write
|
||
|
2218000
|
trusted library allocation
|
page read and write
|
||
|
34C4000
|
trusted library allocation
|
page read and write
|
||
|
485C000
|
unkown
|
page readonly
|
||
|
2376000
|
trusted library allocation
|
page read and write
|
||
|
115D000
|
stack
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
1B4C0000
|
trusted library allocation
|
page read and write
|
||
|
4683000
|
trusted library allocation
|
page read and write
|
||
|
1C110000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
2164000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34296000
|
trusted library allocation
|
page execute and read and write
|
||
|
7554000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
2B43E7E000
|
unkown
|
page readonly
|
||
|
4850000
|
unkown
|
page readonly
|
||
|
C07000
|
heap
|
page read and write
|
||
|
5D1E000
|
stack
|
page read and write
|
||
|
2166000
|
trusted library allocation
|
page read and write
|
||
|
33FF000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34260000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
2B43CFE000
|
stack
|
page read and write
|
||
|
2B4327B000
|
stack
|
page read and write
|
||
|
4856000
|
unkown
|
page readonly
|
||
|
9072000
|
trusted library allocation
|
page read and write
|
||
|
24E7000
|
trusted library allocation
|
page read and write
|
||
|
4460000
|
trusted library allocation
|
page read and write
|
||
|
161B94A5000
|
heap
|
page read and write
|
||
|
4689000
|
trusted library allocation
|
page read and write
|
||
|
65ED000
|
stack
|
page read and write
|
||
|
7FFD34270000
|
trusted library allocation
|
page execute and read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
339A000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
33DB000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
7FFD345C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
161B948B000
|
heap
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
161BEC90000
|
trusted library allocation
|
page read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
161BEA4E000
|
heap
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
486A000
|
unkown
|
page readonly
|
||
|
7FFD344E0000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page read and write
|
||
|
2B43F7B000
|
stack
|
page read and write
|
||
|
21EC000
|
trusted library allocation
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
252D000
|
trusted library allocation
|
page read and write
|
||
|
5876000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
7FFD344C0000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page execute and read and write
|
||
|
2040000
|
heap
|
page execute and read and write
|
||
|
161BEA54000
|
heap
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B43C7D000
|
stack
|
page read and write
|
||
|
345A000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34520000
|
trusted library allocation
|
page read and write
|
||
|
22C8000
|
trusted library allocation
|
page read and write
|
||
|
161B9413000
|
heap
|
page read and write
|
||
|
74F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
24B8000
|
trusted library allocation
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
2457000
|
trusted library allocation
|
page read and write
|
||
|
161BA8A1000
|
trusted library allocation
|
page read and write
|
||
|
1B8F5000
|
unkown
|
page readonly
|
||
|
24E5000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
1C131000
|
heap
|
page read and write
|
||
|
5487000
|
heap
|
page read and write
|
||
|
50FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
5469000
|
heap
|
page read and write
|
||
|
147D000
|
heap
|
page read and write
|
||
|
2B4387E000
|
unkown
|
page readonly
|
||
|
161B9440000
|
heap
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
421000
|
unkown
|
page readonly
|
||
|
161BEA21000
|
heap
|
page read and write
|
||
|
161B94BC000
|
heap
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
1B0F2000
|
unkown
|
page readonly
|
||
|
7FFD344D7000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
1B753000
|
heap
|
page execute and read and write
|
||
|
7FFD34590000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346B4000
|
trusted library allocation
|
page read and write
|
||
|
1B8F9000
|
unkown
|
page readonly
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
161BA420000
|
trusted library allocation
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
4390000
|
unkown
|
page readonly
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
2431000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34500000
|
trusted library allocation
|
page read and write
|
||
|
1282E000
|
trusted library allocation
|
page read and write
|
||
|
134B000
|
heap
|
page read and write
|
||
|
1E40000
|
trusted library allocation
|
page read and write
|
||
|
1C8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
166A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD341D4000
|
trusted library allocation
|
page read and write
|
||
|
161BEB02000
|
heap
|
page read and write
|
||
|
348B000
|
trusted library allocation
|
page read and write
|
||
|
1675000
|
trusted library allocation
|
page execute and read and write
|
||
|
338C000
|
heap
|
page read and write
|
||
|
5E1D000
|
stack
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD000
|
trusted library allocation
|
page read and write
|
||
|
339A000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
161B9D00000
|
heap
|
page read and write
|
||
|
215C000
|
trusted library allocation
|
page read and write
|
||
|
161BE8C0000
|
trusted library allocation
|
page read and write
|
||
|
34E2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34510000
|
trusted library allocation
|
page read and write
|
||
|
161BE950000
|
trusted library allocation
|
page read and write
|
||
|
1BCD8000
|
stack
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD341B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20B2000
|
trusted library allocation
|
page read and write
|
||
|
2B42F7E000
|
unkown
|
page readonly
|
||
|
2B42777000
|
stack
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
1B522000
|
unkown
|
page readonly
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345B0000
|
trusted library allocation
|
page read and write
|
||
|
161BE930000
|
trusted library allocation
|
page read and write
|
||
|
2B43DFE000
|
unkown
|
page readonly
|
||
|
26000
|
unkown
|
page readonly
|
||
|
4852000
|
unkown
|
page readonly
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
5E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
234F000
|
trusted library allocation
|
page read and write
|
||
|
2596000
|
trusted library allocation
|
page read and write
|
||
|
161BA540000
|
trusted library section
|
page readonly
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
There are 780 hidden memdumps, click here to show them.