Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MPJ_1281565D#U00ae.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}, Create Time/Date: Mon Oct 28 17:43:52 2024, Last Saved Time/Date: Mon Oct
28 17:43:52 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
initial sample
|
 |
|
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsCredentialProvider.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\5435dd.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\Client.en-US.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\Client.resources
|
data
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsAuthenticationPackage.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsBackstageShell.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsFileManager.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\app.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\system.config
|
XML 1.0 document, ASCII text, with very long lines (468), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\CustomAction.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\Microsoft.Deployment.Compression.Cab.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\Microsoft.Deployment.Compression.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\Microsoft.Deployment.WindowsInstaller.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\ScreenConnect.InstallerActions.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI31E4.tmp-\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\5435dc.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}, Create Time/Date: Mon Oct 28 17:43:52 2024, Last Saved Time/Date: Mon Oct
28 17:43:52 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\5435de.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision
Number: {FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}, Create Time/Date: Mon Oct 28 17:43:52 2024, Last Saved Time/Date: Mon Oct
28 17:43:52 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI3A9F.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI3B8A.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3D60.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}\DefaultIcon
|
MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 4 bits/pixel, 32x32
with PNG image data, 32 x 32, 1-bit colormap, non-interlaced, 4 bits/pixel
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\33z52vm4.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\alszbl3u.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\flmhfwwk.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\fp5c33kt.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\kajzydm0.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\nmnun0hu.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\qo0hcons.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\r2kg0cka.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\srp51sxk.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\user.config (copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\vxgokhmo.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (909a0bac52a7095f)\yv4abzkt.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF1287FB349E316B08.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9003C778866CA410.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9C897626114DCDCC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9F07C4AE9479BC02.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFA088DC1B033C0F10.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA7D4F494FD1B300A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFAD7539D935F1AA5B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC583695CB9981331.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFDC22F29E2BF7A44A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE0944E9792142A27.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE791BE45F270EA48.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF02838E50EB1AD23.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 52 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\MPJ_1281565D#U00ae.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.ClientService.exe
|
"C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=instance-c89u33-relay.screenconnect.com&p=443&s=8f47f859-e57f-4bd8-9f9a-e730d3b0dc96&k=BgIAAACkAABSU0ExAAgAAAEAAQDpI9qfgaQF9EqFatMP06CsRNHBTKHOK5%2bUtX0qmq8CA4QJH2XTUdjK0ggTdGE4t0YfU4unuKYheAHWWjw%2bjMFfbdlJ1G50ApzOoLoB%2b7pQWX2ZnbVh%2bLfj4JIFwgKtc6Wpc%2fHElrzDuV3d5egfIjs2stKs6RmevReV2ZtwZXMrYZKFQK5QgwhmOTs1pFbFBaiusdjG8NTEcpq2zEicxl0jNKmCw71zqxPy1Lyu3YkOHeZqzMfRsWjzH%2fYVBCAx2I5sAn2Al2rwnZGCoxiYVwlWGITSxEHyjKXWvvVVaCBwjSzlM79WD5B4aCG5QDHn9IzvPCVw%2bHuInNUKsgj2iTG7&t=pdfconvitHir"
|
|
|
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsClient.exe
|
"C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\ScreenConnect.WindowsClient.exe" "RunRole" "d04726a4-55e2-40d7-93a5-312106824cb3"
"User"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 390FD6DCD7E50BFBF112F96E3A0DE021 C
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI31E4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5518000 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 1B5721C1CE0E7EF98DD0EC09055781AD
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding A228E7CE75C97BE8E56E19BF17938851 E Global\MSI0000
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://wixtoolset.org/releases/
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/d
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/xt
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/Nt
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/tZ
|
unknown
|
||
|
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
|
unknown
|
||
|
https://feedback.screenconnect.com/Feedback.axd
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-support
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/jt
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/
|
unknown
|
||
|
http://wixtoolset.org/news/
|
unknown
|
||
|
http://instance-c89u33-relay.screenconnect.com:443/Dw
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
server-nix3a3cd951-relay.screenconnect.com
|
147.75.63.88
|
||
|
instance-c89u33-relay.screenconnect.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.75.63.88
|
server-nix3a3cd951-relay.screenconnect.com
|
Switzerland
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
|
Authentication Packages
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5435dd.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5435dd.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73A62A74C90AB2C90F25710D61FF64A0
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61106AFF6ECBAB90F2396DDD54B1984E
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AD48EA406F0CBBE8AC7F9E086E1F522
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24400E3DAF48283B542F5FDF90C4B6CC
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFA5A4063C5EC24431B201905639AA6F
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B5A56200573FD0672A8620B51A5F58F
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52BB45390A82FD0099528C92B2B1E8B0
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\ScreenConnect Client (909a0bac52a7095f)\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-909a0bac52a7095f
|
URL Protocol
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-909a0bac52a7095f
|
UseOriginalUrlEncoding
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sc-909a0bac52a7095f\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (909a0bac52a7095f)
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-9B96-92D47DCB003A}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-9B96-92D47DCB003A}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-9B96-92D47DCB003A}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6FF59A85-BC37-4CD4-9B96-92D47DCB003A}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\68FC38F4E932A58909A9B0CA257A90F5
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2506B4CFF15AF14DC852D314DFC6B6C5
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\Features
|
Full
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{FC4B6052-A51F-D41F-8C25-3D41FD6C6B5C}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2506B4CFF15AF14DC852D314DFC6B6C5\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\68FC38F4E932A58909A9B0CA257A90F5
|
2506B4CFF15AF14DC852D314DFC6B6C5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2506B4CFF15AF14DC852D314DFC6B6C5\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
|
AutoBackupLogFiles
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
|
EventMessageFile
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (909a0bac52a7095f)
|
ImagePath
|
There are 104 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
527D000
|
stack
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
42C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1929000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
DCC000
|
heap
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1695000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CF0000
|
trusted library allocation
|
page read and write
|
||
|
3980000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
4B11000
|
trusted library allocation
|
page read and write
|
||
|
1B5BF000
|
stack
|
page read and write
|
||
|
147A000
|
trusted library allocation
|
page read and write
|
||
|
1B866000
|
heap
|
page read and write
|
||
|
167C000
|
trusted library allocation
|
page read and write
|
||
|
4570000
|
trusted library allocation
|
page read and write
|
||
|
1757000
|
trusted library allocation
|
page read and write
|
||
|
4840000
|
heap
|
page readonly
|
||
|
1B972000
|
unkown
|
page readonly
|
||
|
15E1000
|
trusted library allocation
|
page read and write
|
||
|
3997000
|
trusted library allocation
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
4A6C000
|
trusted library allocation
|
page read and write
|
||
|
18D4000
|
trusted library allocation
|
page read and write
|
||
|
4840000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
4A74000
|
trusted library allocation
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
7FF848C30000
|
trusted library allocation
|
page read and write
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page execute and read and write
|
||
|
4B1D000
|
stack
|
page read and write
|
||
|
7FF8489BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
1134000
|
unkown
|
page readonly
|
||
|
2B3A000
|
heap
|
page read and write
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
3370000
|
trusted library allocation
|
page read and write
|
||
|
39D000
|
stack
|
page read and write
|
||
|
EC4000
|
unkown
|
page write copy
|
||
|
38D0000
|
trusted library allocation
|
page read and write
|
||
|
5A5D000
|
stack
|
page read and write
|
||
|
12C10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B15000
|
trusted library allocation
|
page read and write
|
||
|
B55000
|
trusted library allocation
|
page execute and read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
4100000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
4900000
|
trusted library allocation
|
page read and write
|
||
|
46C3000
|
heap
|
page read and write
|
||
|
EBD000
|
unkown
|
page readonly
|
||
|
7FF848C10000
|
trusted library allocation
|
page read and write
|
||
|
12C0C000
|
trusted library allocation
|
page read and write
|
||
|
823000
|
trusted library allocation
|
page execute and read and write
|
||
|
3970000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B3C0000
|
unkown
|
page readonly
|
||
|
6EB000
|
stack
|
page read and write
|
||
|
40D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
38C0000
|
trusted library allocation
|
page read and write
|
||
|
407E000
|
stack
|
page read and write
|
||
|
512B000
|
stack
|
page read and write
|
||
|
1538000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page execute and read and write
|
||
|
1729000
|
trusted library allocation
|
page read and write
|
||
|
18EF000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
trusted library allocation
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
2371000
|
trusted library allocation
|
page read and write
|
||
|
B5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
54DD000
|
stack
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B8E000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
4931000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EAC000
|
stack
|
page read and write
|
||
|
7FF848BD3000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C376000
|
heap
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
492D000
|
heap
|
page read and write
|
||
|
4A4A000
|
trusted library allocation
|
page read and write
|
||
|
147C000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
385C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848964000
|
trusted library allocation
|
page read and write
|
||
|
1817000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B10000
|
trusted library allocation
|
page read and write
|
||
|
18CA000
|
trusted library allocation
|
page read and write
|
||
|
1143000
|
heap
|
page execute and read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
1B860000
|
heap
|
page read and write
|
||
|
7FF848973000
|
trusted library allocation
|
page read and write
|
||
|
4550000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
7FF848A46000
|
trusted library allocation
|
page execute and read and write
|
||
|
3856000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page execute and read and write
|
||
|
350E000
|
stack
|
page read and write
|
||
|
1B7DD000
|
heap
|
page read and write
|
||
|
3B60000
|
trusted library allocation
|
page read and write
|
||
|
1B833000
|
heap
|
page read and write
|
||
|
1B831000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7FF848B08000
|
trusted library allocation
|
page read and write
|
||
|
1B4B0000
|
heap
|
page read and write
|
||
|
1735000
|
trusted library allocation
|
page read and write
|
||
|
1B838000
|
heap
|
page read and write
|
||
|
7FF848B77000
|
trusted library allocation
|
page read and write
|
||
|
1953000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
11DC000
|
stack
|
page read and write
|
||
|
EC6000
|
unkown
|
page readonly
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
2BD4000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
1618000
|
trusted library allocation
|
page read and write
|
||
|
15F6000
|
trusted library allocation
|
page read and write
|
||
|
3871000
|
trusted library allocation
|
page read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
1371000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7C0000
|
heap
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
1C370000
|
heap
|
page read and write
|
||
|
7FF848980000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
180F000
|
trusted library allocation
|
page read and write
|
||
|
2AED000
|
stack
|
page read and write
|
||
|
5B5E000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page read and write
|
||
|
4AE5000
|
trusted library allocation
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BA0000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
trusted library section
|
page read and write
|
||
|
1946000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
134B000
|
trusted library allocation
|
page read and write
|
||
|
10C2000
|
unkown
|
page readonly
|
||
|
49CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
B46000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
unkown
|
page readonly
|
||
|
175F000
|
trusted library allocation
|
page read and write
|
||
|
148A000
|
trusted library allocation
|
page read and write
|
||
|
1783000
|
trusted library allocation
|
page read and write
|
||
|
17E7000
|
trusted library allocation
|
page read and write
|
||
|
47C5000
|
heap
|
page read and write
|
||
|
40F0000
|
trusted library allocation
|
page read and write
|
||
|
82D000
|
trusted library allocation
|
page execute and read and write
|
||
|
42D2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CDA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B56000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7FF848984000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
heap
|
page execute and read and write
|
||
|
38DA000
|
trusted library allocation
|
page read and write
|
||
|
1BF38000
|
stack
|
page read and write
|
||
|
5B9D000
|
stack
|
page read and write
|
||
|
172F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
147E000
|
trusted library allocation
|
page read and write
|
||
|
16A8000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C00000
|
trusted library allocation
|
page read and write
|
||
|
4110000
|
trusted library allocation
|
page read and write
|
||
|
15C8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CD6000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
heap
|
page read and write
|
||
|
EC4000
|
unkown
|
page read and write
|
||
|
44DF000
|
stack
|
page read and write
|
||
|
2B68000
|
heap
|
page read and write
|
||
|
18C2000
|
trusted library allocation
|
page read and write
|
||
|
B3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B970000
|
unkown
|
page readonly
|
||
|
1B3C2000
|
unkown
|
page readonly
|
||
|
728000
|
stack
|
page read and write
|
||
|
45B0000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
17FF000
|
trusted library allocation
|
page read and write
|
||
|
1B07D000
|
stack
|
page read and write
|
||
|
39C0000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
7FF848B87000
|
trusted library allocation
|
page read and write
|
||
|
48DE000
|
heap
|
page read and write
|
||
|
2377000
|
trusted library allocation
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C87000
|
trusted library allocation
|
page read and write
|
||
|
EBD000
|
unkown
|
page readonly
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3852000
|
trusted library allocation
|
page read and write
|
||
|
48AD000
|
stack
|
page read and write
|
||
|
7FF848A16000
|
trusted library allocation
|
page read and write
|
||
|
1564000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A10000
|
trusted library allocation
|
page read and write
|
||
|
48E3000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B70000
|
trusted library allocation
|
page read and write
|
||
|
180D000
|
trusted library allocation
|
page read and write
|
||
|
1B886000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
971000
|
stack
|
page read and write
|
||
|
48EE000
|
stack
|
page read and write
|
||
|
D63000
|
trusted library allocation
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
2BB1000
|
heap
|
page read and write
|
||
|
5F1E000
|
stack
|
page read and write
|
||
|
DA0000
|
trusted library section
|
page read and write
|
||
|
7FF848BC0000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
7FF42BC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
42E0000
|
trusted library allocation
|
page read and write
|
||
|
16AE000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
unkown
|
page readonly
|
||
|
7FF848B30000
|
trusted library allocation
|
page read and write
|
||
|
4563000
|
trusted library allocation
|
page execute and read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CD8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D10000
|
trusted library allocation
|
page read and write
|
||
|
1C32D000
|
stack
|
page read and write
|
||
|
4907000
|
heap
|
page read and write
|
||
|
4B00000
|
heap
|
page execute and read and write
|
||
|
1542000
|
trusted library allocation
|
page read and write
|
||
|
1C380000
|
heap
|
page read and write
|
||
|
1B7BE000
|
stack
|
page read and write
|
||
|
150A000
|
trusted library allocation
|
page read and write
|
||
|
12C0E000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B60000
|
trusted library allocation
|
page read and write
|
||
|
4A42000
|
trusted library allocation
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1B836000
|
heap
|
page read and write
|
||
|
1C036000
|
stack
|
page read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
1815000
|
trusted library allocation
|
page read and write
|
||
|
48C2000
|
heap
|
page read and write
|
||
|
3885000
|
trusted library allocation
|
page read and write
|
||
|
1949000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
unkown
|
page readonly
|
||
|
386E000
|
trusted library allocation
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page read and write
|
||
|
7A2000
|
unkown
|
page readonly
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
BB7000
|
heap
|
page read and write
|
||
|
3378000
|
trusted library allocation
|
page read and write
|
||
|
1B8AB000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
3AA0000
|
unkown
|
page readonly
|
||
|
1B813000
|
heap
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
B57000
|
trusted library allocation
|
page execute and read and write
|
||
|
1536000
|
trusted library allocation
|
page read and write
|
||
|
3F7E000
|
stack
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page read and write
|
||
|
12C01000
|
trusted library allocation
|
page read and write
|
||
|
C07000
|
heap
|
page read and write
|
||
|
3B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CD0000
|
trusted library allocation
|
page read and write
|
||
|
499E000
|
stack
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page read and write
|
||
|
1B88E000
|
heap
|
page read and write
|
||
|
14AC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B94000
|
trusted library allocation
|
page read and write
|
||
|
4DAD000
|
stack
|
page read and write
|
||
|
7FF848C60000
|
trusted library allocation
|
page read and write
|
||
|
1931000
|
trusted library allocation
|
page read and write
|
||
|
4A91000
|
trusted library allocation
|
page read and write
|
||
|
2BC6000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF84896D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B42000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
49A4000
|
trusted library allocation
|
page read and write
|
||
|
878000
|
heap
|
page read and write
|
||
|
15F4000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
1B89E000
|
heap
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
38E0000
|
unkown
|
page readonly
|
||
|
3076000
|
trusted library allocation
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
E53000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
2B76000
|
heap
|
page read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
4564000
|
trusted library allocation
|
page read and write
|
||
|
29D000
|
stack
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
170A000
|
trusted library allocation
|
page read and write
|
||
|
5DDE000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page read and write
|
||
|
4C6D000
|
stack
|
page read and write
|
||
|
4AD4000
|
trusted library allocation
|
page read and write
|
||
|
7EE58000
|
trusted library allocation
|
page execute and read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
1484000
|
trusted library allocation
|
page read and write
|
||
|
4A76000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B17000
|
trusted library allocation
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
7FF84897D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B15000
|
trusted library allocation
|
page read and write
|
||
|
4AD4000
|
trusted library allocation
|
page read and write
|
||
|
1482000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BF1000
|
trusted library allocation
|
page read and write
|
||
|
DED000
|
heap
|
page read and write
|
||
|
3B90000
|
unkown
|
page readonly
|
||
|
4A8E000
|
trusted library allocation
|
page read and write
|
||
|
194C000
|
trusted library allocation
|
page read and write
|
||
|
7BC000
|
stack
|
page read and write
|
||
|
5B11000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3890000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
4834000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
7FF848B50000
|
trusted library allocation
|
page read and write
|
||
|
459B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
4AA5000
|
trusted library allocation
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
7FF848C20000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
7FF848960000
|
trusted library allocation
|
page read and write
|
||
|
1839000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
unkown
|
page readonly
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C05000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1B889000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
1349000
|
trusted library allocation
|
page read and write
|
||
|
248E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page read and write
|
||
|
45C3000
|
heap
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
49C9000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
7FF848BF9000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
18C4000
|
trusted library allocation
|
page read and write
|
||
|
7EE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
16AA000
|
trusted library allocation
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
17BD000
|
trusted library allocation
|
page read and write
|
||
|
189D000
|
trusted library allocation
|
page read and write
|
||
|
4597000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B90000
|
trusted library allocation
|
page read and write
|
||
|
18B4000
|
trusted library allocation
|
page read and write
|
||
|
40C0000
|
trusted library allocation
|
page read and write
|
||
|
4C1A000
|
stack
|
page read and write
|
||
|
18F4000
|
trusted library allocation
|
page read and write
|
||
|
1C136000
|
stack
|
page read and write
|
||
|
42D0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
E4E000
|
heap
|
page read and write
|
||
|
3F3F000
|
stack
|
page read and write
|
||
|
7FF848B13000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
49EB000
|
trusted library allocation
|
page read and write
|
||
|
48FF000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
trusted library section
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
483E000
|
stack
|
page read and write
|
||
|
40BE000
|
stack
|
page read and write
|
||
|
159E000
|
trusted library allocation
|
page read and write
|
||
|
39D0000
|
heap
|
page execute and read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
776000
|
heap
|
page read and write
|
||
|
1B862000
|
heap
|
page read and write
|
||
|
49C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
1B8B1000
|
heap
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
1B858000
|
heap
|
page read and write
|
||
|
175D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
1B87E000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
1676000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
1811000
|
trusted library allocation
|
page read and write
|
||
|
16A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B20000
|
trusted library allocation
|
page read and write
|
||
|
D08000
|
stack
|
page read and write
|
||
|
2BC9000
|
heap
|
page read and write
|
||
|
4AD6000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
1122000
|
unkown
|
page readonly
|
||
|
7FF848963000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6BE000
|
stack
|
page read and write
|
||
|
4919000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page execute and read and write
|
||
|
7FF848CFA000
|
trusted library allocation
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
5C9E000
|
stack
|
page read and write
|
||
|
4927000
|
heap
|
page read and write
|
||
|
18CE000
|
trusted library allocation
|
page read and write
|
||
|
1B880000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page readonly
|
||
|
4922000
|
heap
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
153C000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
1873000
|
trusted library allocation
|
page read and write
|
||
|
B52000
|
trusted library allocation
|
page read and write
|
||
|
EB1000
|
unkown
|
page execute read
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B00000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page execute and read and write
|
||
|
18C6000
|
trusted library allocation
|
page read and write
|
||
|
4D6B000
|
stack
|
page read and write
|
||
|
7FF84898B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
2AAD000
|
stack
|
page read and write
|
||
|
1759000
|
trusted library allocation
|
page read and write
|
There are 474 hidden memdumps, click here to show them.