Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INSPECAO-B01S.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {87BA6F17-ED48-2213-B0B4-DE77D334918D}, Create Time/Date: Wed May 29 14:47:46 2024, Last Saved Time/Date: Wed May
29 14:47:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
initial sample
|
 |
|
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\4c1433.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\Client.en-US.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\Client.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsAuthenticationPackage.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsBackstageShell.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsCredentialProvider.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsFileManager.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\system.config
|
XML 1.0 document, ASCII text, with very long lines (470), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x0826b091, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\CustomAction.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\Microsoft.Deployment.Compression.Cab.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\Microsoft.Deployment.Compression.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\Microsoft.Deployment.WindowsInstaller.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\ScreenConnect.InstallerActions.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformAppConfigXml.xsl
|
exported SGML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformClientOverrideResx.xsl
|
exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformLicenseXml.xsl
|
exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformOverriddenKeys.xsl
|
exported SGML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformRoleXml.xsl
|
exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformSecurityEventTriggerXml.xsl
|
exported SGML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformSessionEventTriggerXml.xsl
|
Algol 68 source, ASCII text, with very long lines (14704), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformSessionGroupXml.xsl
|
Algol 68 source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIBC6.tmp-\TransformWebConfig.xsl
|
Algol 68 source, ASCII text, with very long lines (1649), with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Installer\4c1432.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {87BA6F17-ED48-2213-B0B4-DE77D334918D}, Create Time/Date: Wed May 29 14:47:46 2024, Last Saved Time/Date: Wed May
29 14:47:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\4c1434.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {87BA6F17-ED48-2213-B0B4-DE77D334918D}, Create Time/Date: Wed May 29 14:47:46 2024, Last Saved Time/Date: Wed May
29 14:47:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI15E7.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI1608.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI17AE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{87BA6F17-ED48-2213-B0B4-DE77D334918D}\DefaultIcon
|
MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 4 bits/pixel, 32x32
with PNG image data, 32 x 32, 1-bit colormap, non-interlaced, 4 bits/pixel
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\0hs00sh4.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\1ot0kljn.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\3mrf34qd.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\blegu5ad.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\cksz2bob.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\hfe01imn.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\jfhfu5lw.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\qf3laj4y.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\rs24xzl1.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3a24aebb8959bcfa)\user.config (copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF000A2F18FE5F71DF.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF019CE7C0A5B2437B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF2494A6BC44E42AF5.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF4CA68FC81904992E.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF7CFD00D2B9CF1245.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7F7BBB5808F7A4BF.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF81A79EFFA436931A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA1F2F1BCA8A5D13B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFB45835977A3D2491.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFBE7A72BF1EFE926A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC6A6368BD6B77C5A.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFDB40267D9917BE80.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 62 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\INSPECAO-B01S.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.ClientService.exe
|
"C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-xkznvd-relay.screenconnect.com&p=443&s=e3b17808-f02f-4082-a0ad-0ef89097505d&k=BgIAAACkAABSU0ExAAgAAAEAAQBhw2Nfb6ZuPKlEDIhhDVtAYuyd858SiHfXVlo7oudUHFIakFl%2fPS5vluFfI688c%2ffI5cXvCjgFShXpqsjscRe%2bvZHKSRm%2bteuE97Q6NBZ5oegi61HDzK9%2bJY6drnQvjn5O3W4R13ZtTHxRqVi92KIEihsQur1J2%2fL4Cjo7mR%2bTf3z2FvvhBA9AI44ir3hX7T6YCeKwSXIGWSjwulU6qmSUa0YOa6ak5ubRKh%2fug0gS3wbeTgSuaLTj1hdcHea2xRvqMqyIWF1MOawExDdmH4KtYMuNWGxsLao6ChTQtObulDnOQ2rzUTbk681GAIKtEvzer9DayT7dfK5gHsogR7Cx&c=envioparaiba20%2f10&c=&c=&c=&c=&c=&c=&c="
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsClient.exe
|
"C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\ScreenConnect.WindowsClient.exe" "RunRole" "fedb95f0-928e-4923-97ab-510c95cfca5c"
"User"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 3B0D9CA4E13447273575F5AF2A2A458A C
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Local\Temp\MSIBC6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4983906 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 9498291156A768CDF30C7CBD1AD63E0B
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding A9BFA3C15C3C22AD10EB69C2707C2272 E Global\MSI0000
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/V
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-support
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/d
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://wixtoolset.org/news/
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/l
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/r
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://wixtoolset.org/releases/
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/8
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
http://instance-xkznvd-relay.screenconnect.com:443/
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
https://feedback.screenconnect.com/Feedback.axd
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
instance-xkznvd-relay.screenconnect.com
|
unknown
|
|
|
|
server-nix9656e2a4-relay.screenconnect.com
|
147.75.63.168
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.75.63.168
|
server-nix9656e2a4-relay.screenconnect.com
|
Switzerland
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
|
Authentication Packages
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4c1433.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4c1433.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\124AC24D1C3A6D5184016B0C6D4041C5
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4934FE5707236BDA5D39F028209C32A7
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B005C519C050802FCA536E174505EBDF
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\974990669F829402698180E175BE654D
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4017D78A633E2A9036338FF2C4251D19
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C6A9543670EDC94579DD542A5D49A3A
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DF7A2F3EF7A0CED1FD2EC37764A8307
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\ScreenConnect Client (3a24aebb8959bcfa)\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-3a24aebb8959bcfa
|
URL Protocol
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-3a24aebb8959bcfa
|
UseOriginalUrlEncoding
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-3a24aebb8959bcfa\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (3a24aebb8959bcfa)
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-1AF2-EBC3663F6429}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-1AF2-EBC3663F6429}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-1AF2-EBC3663F6429}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6FF59A85-BC37-4CD4-1AF2-EBC3663F6429}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\D4E7551C6C2943C5A342EABB9895CBAF
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87BA6F17-ED48-2213-B0B4-DE77D334918D}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\71F6AB7884DE31220B4BED773D4319D8
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\Features
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{87BA6F17-ED48-2213-B0B4-DE77D334918D}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71F6AB7884DE31220B4BED773D4319D8\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D4E7551C6C2943C5A342EABB9895CBAF
|
71F6AB7884DE31220B4BED773D4319D8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\71F6AB7884DE31220B4BED773D4319D8\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
|
AutoBackupLogFiles
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
|
EventMessageFile
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (3a24aebb8959bcfa)
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 105 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6E82000
|
trusted library allocation
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
17F93170000
|
trusted library allocation
|
page read and write
|
||
|
2437000
|
trusted library allocation
|
page read and write
|
||
|
17F932C1000
|
heap
|
page read and write
|
||
|
17F930D0000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
44E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B497000
|
trusted library allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
17F8E51A000
|
heap
|
page read and write
|
||
|
7FFD9B514000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
617177E000
|
unkown
|
page readonly
|
||
|
7FFD9B697000
|
trusted library allocation
|
page read and write
|
||
|
617297E000
|
unkown
|
page readonly
|
||
|
2397000
|
trusted library allocation
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
17F8E940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
heap
|
page readonly
|
||
|
4500000
|
trusted library allocation
|
page read and write
|
||
|
20E6000
|
trusted library allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
2339000
|
trusted library allocation
|
page read and write
|
||
|
731000
|
heap
|
page read and write
|
||
|
7FFD9B507000
|
trusted library allocation
|
page read and write
|
||
|
17F8E402000
|
heap
|
page read and write
|
||
|
17F932FA000
|
heap
|
page read and write
|
||
|
1BDA8000
|
heap
|
page read and write
|
||
|
6171FFE000
|
stack
|
page read and write
|
||
|
131B000
|
heap
|
page read and write
|
||
|
5568000
|
heap
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
17F930D3000
|
trusted library allocation
|
page read and write
|
||
|
1B19B000
|
heap
|
page read and write
|
||
|
17F8DC6E000
|
heap
|
page read and write
|
||
|
17F9324E000
|
heap
|
page read and write
|
||
|
4860000
|
trusted library allocation
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
7FFD9B2E0000
|
trusted library allocation
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
12381000
|
trusted library allocation
|
page read and write
|
||
|
47D0000
|
unkown
|
page readonly
|
||
|
486D000
|
trusted library allocation
|
page execute and read and write
|
||
|
44A6000
|
trusted library allocation
|
page read and write
|
||
|
22ED000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
2466000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
694D000
|
stack
|
page read and write
|
||
|
71B000
|
heap
|
page read and write
|
||
|
17E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F93121000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B480000
|
trusted library allocation
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
5558000
|
heap
|
page read and write
|
||
|
1B18E000
|
heap
|
page read and write
|
||
|
17F93060000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B4F0000
|
trusted library allocation
|
page read and write
|
||
|
5F0D000
|
stack
|
page read and write
|
||
|
22C6000
|
trusted library allocation
|
page read and write
|
||
|
6F0E000
|
trusted library allocation
|
page read and write
|
||
|
1CE62000
|
trusted library allocation
|
page read and write
|
||
|
2271000
|
trusted library allocation
|
page read and write
|
||
|
577D000
|
stack
|
page read and write
|
||
|
6F40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B300000
|
trusted library allocation
|
page read and write
|
||
|
1D184520000
|
heap
|
page read and write
|
||
|
EA1000
|
unkown
|
page execute read
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
17F8EA60000
|
trusted library section
|
page readonly
|
||
|
1BD40000
|
heap
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
2C24000
|
heap
|
page read and write
|
||
|
248E000
|
trusted library allocation
|
page read and write
|
||
|
5B2C000
|
stack
|
page read and write
|
||
|
1B0D8000
|
unkown
|
page readonly
|
||
|
E40000
|
heap
|
page read and write
|
||
|
6171CFE000
|
stack
|
page read and write
|
||
|
17F93038000
|
trusted library allocation
|
page read and write
|
||
|
20CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
1B18B000
|
heap
|
page read and write
|
||
|
44BE000
|
trusted library allocation
|
page read and write
|
||
|
1D184643000
|
heap
|
page read and write
|
||
|
457107C000
|
stack
|
page read and write
|
||
|
17F8EB80000
|
trusted library allocation
|
page read and write
|
||
|
13F6000
|
heap
|
page read and write
|
||
|
1BA56000
|
stack
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
17FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
7F4F8000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F1000
|
stack
|
page read and write
|
||
|
5730000
|
trusted library allocation
|
page read and write
|
||
|
77C000
|
heap
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
17F93030000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B699000
|
trusted library allocation
|
page read and write
|
||
|
17F93010000
|
trusted library allocation
|
page read and write
|
||
|
17F93115000
|
trusted library allocation
|
page read and write
|
||
|
6171B7E000
|
unkown
|
page readonly
|
||
|
1D184600000
|
heap
|
page read and write
|
||
|
6171A7B000
|
stack
|
page read and write
|
||
|
487E000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page read and write
|
||
|
17F93190000
|
trusted library allocation
|
page read and write
|
||
|
1B950000
|
heap
|
page execute and read and write
|
||
|
1B290000
|
unkown
|
page readonly
|
||
|
587A000
|
stack
|
page read and write
|
||
|
124AE000
|
trusted library allocation
|
page read and write
|
||
|
17F93180000
|
trusted library allocation
|
page read and write
|
||
|
553C000
|
heap
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
17F9328D000
|
heap
|
page read and write
|
||
|
21C6000
|
trusted library allocation
|
page read and write
|
||
|
1E90000
|
heap
|
page execute and read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
17F931D0000
|
remote allocation
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page execute and read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
17F93020000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
1ADB3000
|
heap
|
page read and write
|
||
|
617D000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
17F9314A000
|
trusted library allocation
|
page read and write
|
||
|
1AEBE000
|
stack
|
page read and write
|
||
|
17F8E400000
|
heap
|
page read and write
|
||
|
457147E000
|
stack
|
page read and write
|
||
|
17F8DD13000
|
heap
|
page read and write
|
||
|
7FFD9B390000
|
trusted library allocation
|
page read and write
|
||
|
617187B000
|
stack
|
page read and write
|
||
|
4590000
|
unkown
|
page readonly
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1BC30000
|
heap
|
page read and write
|
||
|
237D000
|
trusted library allocation
|
page read and write
|
||
|
EAD000
|
unkown
|
page readonly
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
17F93074000
|
trusted library allocation
|
page read and write
|
||
|
17F93137000
|
trusted library allocation
|
page read and write
|
||
|
17F93261000
|
heap
|
page read and write
|
||
|
2100000
|
trusted library section
|
page read and write
|
||
|
44A2000
|
trusted library allocation
|
page read and write
|
||
|
243D000
|
trusted library allocation
|
page read and write
|
||
|
2435000
|
trusted library allocation
|
page read and write
|
||
|
6EAC000
|
trusted library allocation
|
page read and write
|
||
|
5B40000
|
trusted library allocation
|
page read and write
|
||
|
2429000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
1B19E000
|
heap
|
page read and write
|
||
|
17F8DC6C000
|
heap
|
page read and write
|
||
|
6EFC000
|
trusted library allocation
|
page read and write
|
||
|
17F932FE000
|
heap
|
page read and write
|
||
|
6F35000
|
trusted library allocation
|
page read and write
|
||
|
73B000
|
heap
|
page read and write
|
||
|
2FA7000
|
trusted library allocation
|
page read and write
|
||
|
1B953000
|
heap
|
page execute and read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F8DB80000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
2381000
|
trusted library allocation
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
17F93118000
|
trusted library allocation
|
page read and write
|
||
|
5732000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
617267E000
|
stack
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
4872000
|
heap
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
238F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B620000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
2440000
|
trusted library allocation
|
page read and write
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
17F8EA90000
|
trusted library section
|
page readonly
|
||
|
7FFD9B579000
|
trusted library allocation
|
page read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
1BD3D000
|
stack
|
page read and write
|
||
|
7FFD9B510000
|
trusted library allocation
|
page read and write
|
||
|
17F93086000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC94000
|
heap
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
17F9309F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B4D5000
|
trusted library allocation
|
page read and write
|
||
|
238D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B500000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
17D7000
|
heap
|
page read and write
|
||
|
17F8DC3F000
|
heap
|
page read and write
|
||
|
61724FE000
|
stack
|
page read and write
|
||
|
6E16000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB6000
|
unkown
|
page readonly
|
||
|
224F000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
17F9328B000
|
heap
|
page read and write
|
||
|
17F9309C000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
17F8EA70000
|
trusted library section
|
page readonly
|
||
|
17F8DA50000
|
heap
|
page read and write
|
||
|
2249000
|
trusted library allocation
|
page read and write
|
||
|
219B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C2000
|
trusted library allocation
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
17F8E513000
|
heap
|
page read and write
|
||
|
1B12C000
|
heap
|
page read and write
|
||
|
17F8DB50000
|
heap
|
page read and write
|
||
|
17F93200000
|
heap
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B585000
|
trusted library allocation
|
page read and write
|
||
|
2439000
|
trusted library allocation
|
page read and write
|
||
|
12390000
|
trusted library allocation
|
page read and write
|
||
|
17F93110000
|
trusted library allocation
|
page read and write
|
||
|
17B4000
|
trusted library allocation
|
page read and write
|
||
|
2C61000
|
heap
|
page read and write
|
||
|
1B050000
|
unkown
|
page readonly
|
||
|
6E40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B520000
|
trusted library allocation
|
page read and write
|
||
|
617277E000
|
unkown
|
page readonly
|
||
|
617287C000
|
stack
|
page read and write
|
||
|
17F9312F000
|
trusted library allocation
|
page read and write
|
||
|
1DF8000
|
trusted library allocation
|
page read and write
|
||
|
1B1A5000
|
heap
|
page read and write
|
||
|
219D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
17F93100000
|
trusted library allocation
|
page read and write
|
||
|
1BD85000
|
heap
|
page read and write
|
||
|
17F930A2000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
6172F7E000
|
unkown
|
page readonly
|
||
|
6171E7E000
|
unkown
|
page readonly
|
||
|
6F25000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5A0000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC8F000
|
heap
|
page read and write
|
||
|
6EF6000
|
trusted library allocation
|
page read and write
|
||
|
6180000
|
trusted library allocation
|
page read and write
|
||
|
6E80000
|
trusted library allocation
|
page read and write
|
||
|
17F8DD29000
|
heap
|
page read and write
|
||
|
1D184656000
|
heap
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
7F4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BEA000
|
heap
|
page read and write
|
||
|
17F93180000
|
trusted library allocation
|
page read and write
|
||
|
617247E000
|
unkown
|
page readonly
|
||
|
7FFD9B490000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
7FFD9B4D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page read and write
|
||
|
17F8E500000
|
heap
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
4450000
|
unkown
|
page readonly
|
||
|
2182000
|
unkown
|
page readonly
|
||
|
2178000
|
trusted library allocation
|
page read and write
|
||
|
247E000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4667000
|
trusted library allocation
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
6ED4000
|
trusted library allocation
|
page read and write
|
||
|
617127E000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
4580000
|
heap
|
page execute and read and write
|
||
|
17F932BE000
|
heap
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page read and write
|
||
|
EB4000
|
unkown
|
page read and write
|
||
|
2260000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
EAD000
|
unkown
|
page readonly
|
||
|
7FFD9B2E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7FB000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
2180000
|
unkown
|
page readonly
|
||
|
47CE000
|
stack
|
page read and write
|
||
|
2234000
|
trusted library allocation
|
page read and write
|
||
|
EB4000
|
unkown
|
page write copy
|
||
|
E30000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
4530000
|
trusted library allocation
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
17B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
17F93258000
|
heap
|
page read and write
|
||
|
1B052000
|
unkown
|
page readonly
|
||
|
17F8E691000
|
trusted library allocation
|
page read and write
|
||
|
1988000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
44E9000
|
trusted library allocation
|
page read and write
|
||
|
6171C7E000
|
unkown
|
page readonly
|
||
|
17F9312C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5B0000
|
trusted library allocation
|
page read and write
|
||
|
617227E000
|
unkown
|
page readonly
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B3A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
279E000
|
trusted library allocation
|
page read and write
|
||
|
617117E000
|
unkown
|
page readonly
|
||
|
4550000
|
trusted library allocation
|
page execute and read and write
|
||
|
739000
|
heap
|
page read and write
|
||
|
1D240000
|
heap
|
page read and write
|
||
|
243F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B674000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2E4000
|
trusted library allocation
|
page read and write
|
||
|
6E8A000
|
trusted library allocation
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
17F92FB0000
|
trusted library allocation
|
page read and write
|
||
|
27DF000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
6171BFE000
|
stack
|
page read and write
|
||
|
2194000
|
unkown
|
page readonly
|
||
|
7FFD9B2F3000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
239B000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC2B000
|
heap
|
page read and write
|
||
|
2079000
|
trusted library allocation
|
page read and write
|
||
|
2123000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B30B000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA0000
|
unkown
|
page readonly
|
||
|
454B000
|
trusted library allocation
|
page read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
6E80000
|
trusted library allocation
|
page read and write
|
||
|
2413000
|
trusted library allocation
|
page read and write
|
||
|
42000
|
unkown
|
page readonly
|
||
|
17F8DD02000
|
heap
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B695000
|
trusted library allocation
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
1B0ED000
|
heap
|
page read and write
|
||
|
20F5000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
17F8DCA0000
|
heap
|
page read and write
|
||
|
17F932F0000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
6E1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C74000
|
heap
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
2876000
|
trusted library allocation
|
page read and write
|
||
|
1D184420000
|
heap
|
page read and write
|
||
|
66CD000
|
stack
|
page read and write
|
||
|
6F11000
|
trusted library allocation
|
page read and write
|
||
|
30BE000
|
trusted library allocation
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
61721FE000
|
stack
|
page read and write
|
||
|
17F930C1000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC70000
|
heap
|
page read and write
|
||
|
6172EFE000
|
stack
|
page read and write
|
||
|
6ED4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B590000
|
trusted library allocation
|
page read and write
|
||
|
4570E7E000
|
stack
|
page read and write
|
||
|
17F932E1000
|
heap
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
7FFD9B553000
|
trusted library allocation
|
page read and write
|
||
|
17F8EFA0000
|
trusted library allocation
|
page read and write
|
||
|
457157E000
|
unkown
|
page readonly
|
||
|
DCD000
|
stack
|
page read and write
|
||
|
17F9320F000
|
heap
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
17F93050000
|
trusted library allocation
|
page read and write
|
||
|
2247000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F8EA50000
|
trusted library section
|
page readonly
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
237E000
|
stack
|
page read and write
|
||
|
A37000
|
stack
|
page read and write
|
||
|
7FFD9B33C000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F9000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
17F92FA0000
|
trusted library allocation
|
page read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7FFD9B580000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
617197E000
|
unkown
|
page readonly
|
||
|
44EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B39C000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2C7B000
|
heap
|
page read and write
|
||
|
6170A8B000
|
stack
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
17F931D0000
|
remote allocation
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
1B858000
|
stack
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
557B000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
17F93045000
|
trusted library allocation
|
page read and write
|
||
|
1ADB0000
|
heap
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
17F9322C000
|
heap
|
page read and write
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
617217E000
|
unkown
|
page readonly
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page execute and read and write
|
||
|
17F8EA40000
|
trusted library section
|
page readonly
|
||
|
1790000
|
trusted library section
|
page read and write
|
||
|
22E9000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
617257E000
|
unkown
|
page readonly
|
||
|
7FFD9B50E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B4C8000
|
trusted library allocation
|
page read and write
|
||
|
17F93030000
|
trusted library allocation
|
page read and write
|
||
|
617207E000
|
unkown
|
page readonly
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
5A2D000
|
stack
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
5508000
|
heap
|
page read and write
|
||
|
7FFD9B571000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
61720FE000
|
stack
|
page read and write
|
||
|
7FFD9B7C7000
|
trusted library allocation
|
page read and write
|
||
|
2C0F000
|
heap
|
page read and write
|
||
|
17F8E3D1000
|
trusted library allocation
|
page read and write
|
||
|
13A1000
|
heap
|
page read and write
|
||
|
4480000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4540000
|
trusted library allocation
|
page read and write
|
||
|
4490000
|
trusted library allocation
|
page read and write
|
||
|
45AF000
|
stack
|
page read and write
|
||
|
17F8DC9E000
|
heap
|
page read and write
|
||
|
61CE000
|
stack
|
page read and write
|
||
|
17E2000
|
trusted library allocation
|
page read and write
|
||
|
17F9307D000
|
trusted library allocation
|
page read and write
|
||
|
7EB000
|
stack
|
page read and write
|
||
|
177C000
|
stack
|
page read and write
|
||
|
17F8DCFE000
|
heap
|
page read and write
|
||
|
5A45000
|
trusted library allocation
|
page read and write
|
||
|
617137E000
|
unkown
|
page readonly
|
||
|
FBD000
|
stack
|
page read and write
|
||
|
6ED6000
|
trusted library allocation
|
page read and write
|
||
|
1AFC0000
|
trusted library section
|
page readonly
|
||
|
17CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D184702000
|
heap
|
page read and write
|
||
|
17F8DA70000
|
heap
|
page read and write
|
||
|
46C0000
|
unkown
|
page readonly
|
||
|
6171077000
|
stack
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
17F8E51A000
|
heap
|
page read and write
|
||
|
17F8DC8D000
|
heap
|
page read and write
|
||
|
17F8E415000
|
heap
|
page read and write
|
||
|
6EA0000
|
trusted library allocation
|
page read and write
|
||
|
2C61000
|
heap
|
page read and write
|
||
|
2C63000
|
heap
|
page read and write
|
||
|
1D18462B000
|
heap
|
page read and write
|
||
|
7FFD9B4B0000
|
trusted library allocation
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
236A000
|
trusted library allocation
|
page read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B396000
|
trusted library allocation
|
page read and write
|
||
|
2002000
|
trusted library allocation
|
page read and write
|
||
|
1B102000
|
heap
|
page read and write
|
||
|
2173000
|
trusted library allocation
|
page read and write
|
||
|
4863000
|
trusted library allocation
|
page execute and read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
1B195000
|
heap
|
page read and write
|
||
|
1887000
|
heap
|
page read and write
|
||
|
17BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D184E02000
|
trusted library allocation
|
page read and write
|
||
|
2494000
|
trusted library allocation
|
page read and write
|
||
|
4570000
|
trusted library allocation
|
page read and write
|
||
|
5C8C000
|
stack
|
page read and write
|
||
|
6EB4000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B650000
|
trusted library allocation
|
page read and write
|
||
|
17F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0E0000
|
heap
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2461000
|
trusted library allocation
|
page read and write
|
||
|
2243000
|
trusted library allocation
|
page read and write
|
||
|
17F93048000
|
trusted library allocation
|
page read and write
|
||
|
58DD000
|
stack
|
page read and write
|
||
|
7FFD9B304000
|
trusted library allocation
|
page read and write
|
||
|
4470000
|
trusted library allocation
|
page read and write
|
||
|
4897000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B3C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A41000
|
trusted library allocation
|
page read and write
|
||
|
4570F7E000
|
unkown
|
page readonly
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
617237E000
|
stack
|
page read and write
|
||
|
1880000
|
heap
|
page read and write
|
||
|
17F9330A000
|
heap
|
page read and write
|
||
|
7FFD9B630000
|
trusted library allocation
|
page read and write
|
||
|
1D184613000
|
heap
|
page read and write
|
||
|
17F932BC000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
1BB56000
|
stack
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
17F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
1B292000
|
unkown
|
page readonly
|
||
|
2C17000
|
heap
|
page read and write
|
||
|
5DCB000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
6E19000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FB000
|
trusted library allocation
|
page read and write
|
||
|
6171DFE000
|
stack
|
page read and write
|
||
|
1AD4E000
|
stack
|
page read and write
|
||
|
556E000
|
heap
|
page read and write
|
||
|
1D184550000
|
trusted library allocation
|
page read and write
|
||
|
23A3000
|
trusted library allocation
|
page read and write
|
||
|
6171D7E000
|
unkown
|
page readonly
|
||
|
17F8DC00000
|
heap
|
page read and write
|
||
|
2393000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC28000
|
heap
|
page read and write
|
||
|
17F8DC67000
|
heap
|
page read and write
|
||
|
2314000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B660000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B550000
|
trusted library allocation
|
page read and write
|
||
|
17F932F5000
|
heap
|
page read and write
|
||
|
6171479000
|
stack
|
page read and write
|
||
|
1BC39000
|
heap
|
page read and write
|
||
|
40DE000
|
stack
|
page read and write
|
||
|
457117E000
|
unkown
|
page readonly
|
||
|
17F93160000
|
trusted library allocation
|
page read and write
|
||
|
2142000
|
unkown
|
page readonly
|
||
|
7FFD9B5C0000
|
trusted library allocation
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
17B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F93124000
|
trusted library allocation
|
page read and write
|
||
|
1238E000
|
trusted library allocation
|
page read and write
|
||
|
17F2000
|
trusted library allocation
|
page read and write
|
||
|
130C000
|
heap
|
page read and write
|
||
|
2140000
|
unkown
|
page readonly
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1D184440000
|
heap
|
page read and write
|
||
|
17F8DB90000
|
trusted library section
|
page read and write
|
||
|
221B000
|
trusted library allocation
|
page read and write
|
||
|
1F9E000
|
stack
|
page read and write
|
||
|
1A90D000
|
stack
|
page read and write
|
||
|
1CE40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
17F93031000
|
trusted library allocation
|
page read and write
|
||
|
4864000
|
trusted library allocation
|
page read and write
|
||
|
17F930BE000
|
trusted library allocation
|
page read and write
|
||
|
17F931D0000
|
remote allocation
|
page read and write
|
||
|
248C000
|
trusted library allocation
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
17F8DCBC000
|
heap
|
page read and write
|
||
|
5584000
|
heap
|
page read and write
|
||
|
17F93070000
|
trusted library allocation
|
page read and write
|
||
|
59DB000
|
stack
|
page read and write
|
||
|
17F93254000
|
heap
|
page read and write
|
||
|
3FDC000
|
stack
|
page read and write
|
||
|
6EE0000
|
heap
|
page execute and read and write
|
||
|
7FF47D1A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F9321F000
|
heap
|
page read and write
|
||
|
7FFD9B4A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD51000
|
heap
|
page read and write
|
||
|
4570C7E000
|
unkown
|
page readonly
|
||
|
457127E000
|
stack
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
20F3000
|
trusted library allocation
|
page read and write
|
||
|
17F94000000
|
heap
|
page read and write
|
||
|
20FB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
trusted library section
|
page read and write
|
||
|
2492000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
1AD80000
|
heap
|
page read and write
|
||
|
21A1000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC13000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
17F8E502000
|
heap
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page read and write
|
||
|
21E0000
|
heap
|
page execute and read and write
|
||
|
617157E000
|
unkown
|
page readonly
|
||
|
21A3000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
617167B000
|
stack
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
17F8DC5B000
|
heap
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
17F9303E000
|
trusted library allocation
|
page read and write
|
||
|
1B1E0000
|
heap
|
page read and write
|
||
|
12DE000
|
heap
|
page read and write
|
||
|
7FFD9B400000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F93094000
|
trusted library allocation
|
page read and write
|
||
|
1B198000
|
heap
|
page read and write
|
||
|
4A41000
|
trusted library allocation
|
page read and write
|
||
|
1AFBE000
|
stack
|
page read and write
|
||
|
AA6000
|
heap
|
page read and write
|
||
|
7FFD9B530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B4F6000
|
trusted library allocation
|
page read and write
|
||
|
17F930EA000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
44D5000
|
trusted library allocation
|
page read and write
|
||
|
17F93302000
|
heap
|
page read and write
|
||
|
45705EB000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
489B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A24000
|
trusted library allocation
|
page read and write
|
||
|
457137E000
|
unkown
|
page readonly
|
||
|
17F93060000
|
trusted library allocation
|
page read and write
|
||
|
983000
|
trusted library allocation
|
page read and write
|
||
|
1D184602000
|
heap
|
page read and write
|
||
|
17F930F2000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
1B1A3000
|
heap
|
page read and write
|
||
|
17F93100000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B4E0000
|
trusted library allocation
|
page read and write
|
||
|
4850000
|
trusted library allocation
|
page read and write
|
||
|
4570B7D000
|
stack
|
page read and write
|
||
|
1B1AE000
|
heap
|
page read and write
|
||
|
17F8EA80000
|
trusted library section
|
page readonly
|
||
|
6E10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B710000
|
trusted library allocation
|
page execute and read and write
|
||
|
1810000
|
trusted library allocation
|
page read and write
|
||
|
556A000
|
heap
|
page read and write
|
||
|
7FFD9B540000
|
trusted library allocation
|
page read and write
|
||
|
17F93241000
|
heap
|
page read and write
|
||
|
22EF000
|
trusted library allocation
|
page read and write
|
There are 643 hidden memdumps, click here to show them.