IOC Report
1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.old

loading gif

Files

File Path
Type
Category
Malicious
1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x54a85fa3, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.4cdd5988-935f-4255-9ab4-31eed42bc85e.1.etl
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\manifests\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\43wurqpu.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\5dd0qjev.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\app.config
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\bbvtadq5.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\dphy0adj.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ec0ivzly.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\f0feuc05.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\g4navqby.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\gkvz4jgc.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\B3V01X1N.log
Unicode text, UTF-16, little-endian text, with very long lines (641), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\LE8RJV0O.0B9\JZR239YO.A4A.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\QJ5J9VPB.NK8\YJ9Q36NV.4Y7\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
There are 72 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
 malicious
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.WindowsClient.exe"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ss6pex-relay.screenconnect.com&p=443&s=e409b2f5-1e44-4489-a8a4-30f0588f10c9&k=BgIAAACkAABSU0ExAAgAAAEAAQBdjPB2q8wjCfbSeYamY%2f1I8rI%2fJv32GQaD4DfyMmJGNmo%2f%2fRNg83nebcxkKC9J9fnvQipaIXrQUsxpppQnPKZ7juxo8OMg%2fgQWhvcJ843vxr8g3Su6i%2bOQ19Uh%2b6nNu4Mvd5N1Gn7gmJQP8LmLFqcM4XdqaWncXy3DTwTAm6za8sn0Nrpx%2fR7Jc98i2Kg%2bl%2fjkHFH9my9cD1Qp8bY32WV4Poh8SZJEDL3RX7M1gNCxhAy6Of%2bu4Ov%2f99l3%2bbDBAOICkjlLTBAUBYzj9YiB5Zym8VEMCtI%2b7OFy%2bv0PXxtCiizxlfv251D4ovL7mdH2HWE5l%2fwdqfUZx0u617T5JnSJ&r=&i=Ily" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ss6pex-relay.screenconnect.com&p=443&s=e409b2f5-1e44-4489-a8a4-30f0588f10c9&k=BgIAAACkAABSU0ExAAgAAAEAAQBdjPB2q8wjCfbSeYamY%2f1I8rI%2fJv32GQaD4DfyMmJGNmo%2f%2fRNg83nebcxkKC9J9fnvQipaIXrQUsxpppQnPKZ7juxo8OMg%2fgQWhvcJ843vxr8g3Su6i%2bOQ19Uh%2b6nNu4Mvd5N1Gn7gmJQP8LmLFqcM4XdqaWncXy3DTwTAm6za8sn0Nrpx%2fR7Jc98i2Kg%2bl%2fjkHFH9my9cD1Qp8bY32WV4Poh8SZJEDL3RX7M1gNCxhAy6Of%2bu4Ov%2f99l3%2bbDBAOICkjlLTBAUBYzj9YiB5Zym8VEMCtI%2b7OFy%2bv0PXxtCiizxlfv251D4ovL7mdH2HWE5l%2fwdqfUZx0u617T5JnSJ&r=&i=Ily" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\BWL7GTAY.EPV\5W5HVA52.70C\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\ScreenConnect.WindowsClient.exe" "RunRole" "15a971cf-ed33-4068-91f7-d1656f0da9bf" "User"
malicious
C:\Users\user\Desktop\1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exe
"C:\Users\user\Desktop\1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.dll
145.40.109.218
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsFileMan8
unknown
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationataK9f
unknown
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.P
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Windows.dll
145.40.109.218
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.ClientService.exe
145.40.109.218
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe
145.40.109.218
http://server-nixc4ced126-web.screenconnect.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.bingmapsportal.com
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
http://instance-ss6pex-relay.screenconnect.com:443/a
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationstt
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationG
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exeA
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.application?h=instance-ss6pex-relay.screencon
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
http://instance-ss6pex-relay.screenconnect.com:443/d
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.ClientServ
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
unknown
http://instance-ss6pex-relay.screenconnect.com:443/s
unknown
http://www.w3.or
unknown
https://bcl.screenconnect.com/Bin/
unknown
http://crl.ver)
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configesourceHandler
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://dynamic.t
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
http://instance-ss6pex-relay.screenconnect.com:443/G
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exex
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.ClientService.dll
145.40.109.218
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
145.40.109.218
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.config
145.40.109.218
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.manifest?
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationst
unknown
https://bcl.screenconnect.comptD
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
http://instance-ss6pex-relay.screenconnect.com:443/%
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.config
145.40.109.218
http://instance-ss6pex-relay.screenconnect.com:443/9
unknown
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
http://schemas.microso
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.manifestfm
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exes
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exem
unknown
https://bcl.screenconnect.com
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Wi
unknown
http://www.w3.o
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationX
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://bcl.screenconnect.com:443/Bin/ScreenConnect.Clie
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Core.dllJ
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe
145.40.109.218
http://instance-ss6pex-relay.screenconnect.com:443/
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.application%%
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShX
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.appli
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe
145.40.109.218
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
https://bcl.screenconnXz
unknown
https://bcl.screenconnX
unknown
https://bcl.screenconnXr
unknown
https://feedback.screenconnect.com/Feedback.axd
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.manifest
145.40.109.218
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.applicationig%
unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
https://bcl.screenconnect.com:443/Bin/ScreenConnect.Client.application?h=instance-ss6pex-relay.scree
unknown
https://bcl.ptD
unknown
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
unknown
http://bcl.screenconnect.com
unknown
https://bcl.screenconnect.com/Bin/h
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Core.dll
145.40.109.218
https://dev.ditu.live.com/REST/v1/Locations
unknown
https://bcl.screenconnect.com/Bin/ScreenConnect.Client.application
unknown
https://bcl.screenconne
unknown
There are 88 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
server-nixc4ced126-web.screenconnect.com
145.40.109.218
fp2e7a.wpc.phicdn.net
192.229.221.95
server-nixc4ced126-relay.screenconnect.com
145.40.109.216
instance-ss6pex-relay.screenconnect.com
unknown
18.31.95.13.in-addr.arpa
unknown
time.windows.com
unknown
bcl.screenconnect.com
unknown

IPs

IP
Domain
Country
Malicious
145.40.109.216
server-nixc4ced126-relay.screenconnect.com
Netherlands
145.40.109.218
server-nixc4ced126-web.screenconnect.com
Netherlands
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
STATE
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\A41A37D0270D8433C3CD0220248AD84A5A6A1A26
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
lock!01000000b637ea0b20150000941800000000000000000000554fd5d90dcfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
implication!scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_20ca72b17ca9e71d\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
lock!1000000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
lock!0e00000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
lock!0c00000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
lock!0a00000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
lock!0800000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
lock!0600000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
lock!0400000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
lock!1100000080921d0c20150000941800000000000000000000563a6fb015cfda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
LastKnownGoodTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
StartWorkerOnServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
Checking to see if mostack override has changed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
UsoCrmScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
CleanupUsoLogs
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
lock!0e0000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
lock!0c0000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
lock!0a0000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
lock!080000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
lock!060000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
lock!040000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
lock!020000004b1e3a00841e0000881e00000000000000000000881f6ebd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_e94a5e880ddeece3
lock!1c0000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0001_none_533500b5fe8f96df
lock!1a0000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0001_none_b47bd9d9e77379ec
lock!180000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0001_none_048898fe944efa4a
lock!160000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0001_none_57acd8973addaa0f
lock!140000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0001_none_97cb9f2a42c4956b
lock!120000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_none_38bfd8c0a9435f4e
lock!100000006b1e3a00841e0000881e000000000000000000002fe472bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
lock!1d0000008a1e3a00841e0000881e0000000000000000000042a977bd4dcdda01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_efb3523d7b199cc8
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_a7d88f5bef8e5e69
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0001_799011a69f7fd08e
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (e409b2f5-1e44-4489-a8a4-30f0588f10c9)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (e409b2f5-1e44-4489-a8a4-30f0588f10c9)
ImagePath
There are 172 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
247EE060000
trusted library allocation
page read and write
247805AA000
trusted library allocation
page read and write
165B7B02000
heap
page read and write
CD0000
trusted library allocation
page read and write
A33000
heap
page read and write
2600E42B000
heap
page read and write
7FFAACB90000
trusted library allocation
page read and write
1EA88C8E000
heap
page read and write
28758C41000
trusted library allocation
page read and write
2875CEFB000
heap
page read and write
1EA88C52000
heap
page read and write
7FFAACD50000
trusted library allocation
page read and write
5E130FE000
unkown
page readonly
7FFAACC50000
trusted library allocation
page execute and read and write
D17000
heap
page read and write
F496B7E000
stack
page read and write
1A0587D000
stack
page read and write
7FFAACC40000
trusted library allocation
page read and write
3AD1000
trusted library allocation
page read and write
2981000
trusted library allocation
page read and write
1B34E000
stack
page read and write
8A55AFE000
unkown
page readonly
3A20000
heap
page execute and read and write
247F0323000
heap
page read and write
2875CE56000
heap
page read and write
2478063F000
trusted library allocation
page read and write
AF1000
stack
page read and write
7FFAACC76000
trusted library allocation
page execute and read and write
4330000
trusted library allocation
page read and write
1350000
heap
page read and write
C10000
trusted library allocation
page read and write
1B682000
heap
page read and write
1292F000
trusted library allocation
page read and write
247F026C000
heap
page read and write
18C2A602000
heap
page read and write
D10000
trusted library allocation
page read and write
165B79A0000
trusted library allocation
page read and write
189C000
trusted library allocation
page read and write
7FFAACD79000
trusted library allocation
page read and write
1A0557E000
unkown
page readonly
3ECE000
stack
page read and write
D00000
heap
page read and write
358E000
stack
page read and write
E74000
heap
page read and write
2875CF02000
heap
page read and write
D1D000
trusted library allocation
page execute and read and write
1EA88BA0000
heap
page read and write
1C0ED000
stack
page read and write
7FFAACD50000
trusted library allocation
page read and write
282FC000000
heap
page read and write
7F22D7E000
stack
page read and write
D20000
trusted library allocation
page read and write
1505000
trusted library allocation
page read and write
24790294000
trusted library allocation
page read and write
1D270000
heap
page read and write
17BC000
trusted library allocation
page read and write
2600E471000
heap
page read and write
247F3352000
trusted library allocation
page read and write
13AA000
heap
page read and write
4FED000
stack
page read and write
282FC02B000
heap
page read and write
7FFAACBB0000
trusted library allocation
page read and write
1EA88C8B000
heap
page read and write
7FFAACF60000
trusted library allocation
page read and write
282FC048000
heap
page read and write
2875E000000
heap
page read and write
D0B000
heap
page read and write
18C29C30000
heap
page read and write
250F885F000
heap
page read and write
2A84000
unkown
page readonly
7F2267E000
unkown
page readonly
165B8202000
trusted library allocation
page read and write
1EA88C5D000
heap
page read and write
24780001000
trusted library allocation
page read and write
7FFAACFC0000
trusted library allocation
page read and write
394B000
trusted library allocation
page read and write
250F8816000
heap
page read and write
2600E440000
heap
page read and write
2875CDC0000
trusted library allocation
page read and write
7FFAACDFE000
trusted library allocation
page read and write
1EA88C4F000
heap
page read and write
1BDF000
stack
page read and write
250F8833000
heap
page read and write
B72000
heap
page read and write
7FFB22785000
unkown
page readonly
BE4000
unkown
page read and write
8A558FE000
unkown
page readonly
1896000
trusted library allocation
page read and write
7FFAACB94000
trusted library allocation
page read and write
247EF01E000
heap
page read and write
7FFAACC60000
trusted library allocation
page execute and read and write
A20000
heap
page read and write
2875CE4E000
heap
page read and write
7FFAACD39000
trusted library allocation
page read and write
26010370000
remote allocation
page read and write
1A04E7B000
stack
page read and write
1EA88C6C000
heap
page read and write
522E000
stack
page read and write
7FFAACD3C000
trusted library allocation
page read and write
ADE000
heap
page read and write
2AA0000
trusted library allocation
page read and write
8A54E7E000
stack
page read and write
2875CEC1000
heap
page read and write
3AE7000
trusted library allocation
page read and write
B90000
heap
page read and write
7FFAACCC0000
trusted library allocation
page execute and read and write
8A548FE000
unkown
page readonly
35BE000
stack
page read and write
2875CDD0000
trusted library allocation
page read and write
1EA88B80000
heap
page read and write
2875788D000
heap
page read and write
7FFAACFA0000
trusted library allocation
page execute and read and write
28757730000
heap
page read and write
3AF0000
trusted library allocation
page read and write
4140000
trusted library allocation
page read and write
17CA3602000
trusted library allocation
page read and write
6F4000
unkown
page readonly
1A0567E000
stack
page read and write
D90000
trusted library allocation
page read and write
428D000
stack
page read and write
4120000
trusted library allocation
page read and write
5E1297D000
stack
page read and write
247F02D8000
heap
page read and write
546F000
stack
page read and write
42C0000
trusted library allocation
page execute and read and write
2478024E000
trusted library allocation
page read and write
247EE3E2000
heap
page read and write
28757828000
heap
page read and write
CE4000
trusted library allocation
page read and write
2875782B000
heap
page read and write
1A04FFE000
stack
page read and write
10DB77E000
unkown
page readonly
2875CCD0000
trusted library allocation
page read and write
436267E000
unkown
page readonly
50F0000
heap
page read and write
7FFAACF70000
trusted library allocation
page read and write
D14000
trusted library allocation
page read and write
7FFAACC76000
trusted library allocation
page execute and read and write
4FF0000
heap
page read and write
8A556FE000
unkown
page readonly
BD1000
unkown
page execute read
247F038B000
heap
page read and write
1B1F0000
heap
page read and write
3AD0000
trusted library allocation
page read and write
1AF0C000
stack
page read and write
2AD1000
trusted library allocation
page read and write
165B7A29000
heap
page read and write
436287E000
unkown
page readonly
247F232B000
heap
page read and write
50F7000
heap
page read and write
CE0000
trusted library allocation
page read and write
2875CE6B000
heap
page read and write
F496C7E000
stack
page read and write
7FFAACC46000
trusted library allocation
page read and write
1B685000
heap
page read and write
532B000
stack
page read and write
247EF046000
heap
page read and write
247EEFF9000
heap
page read and write
54BE000
stack
page read and write
1EA88C67000
heap
page read and write
129C000
stack
page read and write
436257E000
stack
page read and write
2875CD34000
trusted library allocation
page read and write
7FFAACBEC000
trusted library allocation
page execute and read and write
2970000
heap
page execute and read and write
247F023F000
heap
page read and write
F495EFF000
stack
page read and write
7FFAACBA2000
trusted library allocation
page read and write
DAE000
stack
page read and write
18C29F00000
heap
page read and write
7FFAACD80000
trusted library allocation
page execute and read and write
247EF03E000
heap
page read and write
28758102000
heap
page read and write
7FFAACC86000
trusted library allocation
page execute and read and write
1130000
heap
page read and write
D66000
heap
page read and write
4150000
trusted library allocation
page execute and read and write
7FFAACE60000
trusted library allocation
page read and write
18C29D30000
heap
page read and write
7FFAACC4C000
trusted library allocation
page execute and read and write
28758000000
heap
page read and write
6F4000
unkown
page readonly
7FFAACEA0000
trusted library allocation
page read and write
175D000
trusted library allocation
page read and write
7FFB22776000
unkown
page readonly
18E2000
trusted library allocation
page read and write
7FFAACE10000
trusted library allocation
page read and write
247F00D0000
heap
page read and write
4BCE000
stack
page read and write
1715000
trusted library allocation
page read and write
247EE8ED000
heap
page read and write
7FFAACF80000
trusted library allocation
page read and write
7FFAACBBB000
trusted library allocation
page execute and read and write
2875CD20000
trusted library allocation
page read and write
9D17B4B000
stack
page read and write
7FFAACBBD000
trusted library allocation
page execute and read and write
1BAD8000
stack
page read and write
10FC000
stack
page read and write
24780772000
trusted library allocation
page read and write
D3A000
heap
page read and write
F49697D000
stack
page read and write
5E12EFE000
unkown
page readonly
1EA88C5E000
heap
page read and write
7FFAACBAD000
trusted library allocation
page execute and read and write
7FFAACF30000
trusted library allocation
page read and write
3950000
trusted library allocation
page read and write
2BAFFC13000
heap
page read and write
1791000
trusted library allocation
page read and write
430000
unkown
page readonly
28757877000
heap
page read and write
2478048A000
trusted library allocation
page read and write
2875811A000
heap
page read and write
282FC102000
heap
page read and write
D42000
trusted library allocation
page read and write
247F020D000
heap
page read and write
24780801000
trusted library allocation
page read and write
5E129FE000
unkown
page readonly
1A0517E000
unkown
page readonly
4190000
trusted library allocation
page read and write
1EA88C5A000
heap
page read and write
5A0000
heap
page read and write
247F011D000
heap
page read and write
400E000
stack
page read and write
9D1817B000
stack
page read and write
247EEFC0000
heap
page read and write
50B0000
heap
page execute and read and write
7FFAACCB0000
trusted library allocation
page execute and read and write
18C29E8A000
heap
page read and write
D60000
heap
page read and write
F49667D000
stack
page read and write
CF7000
heap
page read and write
28757872000
heap
page read and write
1EA88C61000
heap
page read and write
F60000
heap
page read and write
4FA2000
unkown
page readonly
7F22E7E000
unkown
page readonly
2875D090000
remote allocation
page read and write
18C29E41000
heap
page read and write
2BAFFC23000
heap
page read and write
282FC002000
heap
page read and write
D2B000
heap
page read and write
1B29F000
heap
page read and write
247F233A000
heap
page read and write
D27000
trusted library allocation
page read and write
28757780000
trusted library section
page read and write
DCB000
stack
page read and write
AF4000
heap
page read and write
8A550FE000
unkown
page readonly
28757913000
heap
page read and write
55BF000
stack
page read and write
1EA88BE0000
trusted library allocation
page read and write
7FFAACC4C000
trusted library allocation
page execute and read and write
18C29E13000
heap
page read and write
7FFAAD0A6000
trusted library allocation
page read and write
28758100000
heap
page read and write
287578BD000
heap
page read and write
7FFAAD06F000
trusted library allocation
page read and write
7FFAACD60000
trusted library allocation
page read and write
D47000
trusted library allocation
page execute and read and write
1B701000
heap
page read and write
1BAE3000
heap
page execute and read and write
17A8000
trusted library allocation
page read and write
7FFAACC5C000
trusted library allocation
page execute and read and write
7FFAACBB3000
trusted library allocation
page read and write
247805E3000
trusted library allocation
page read and write
2BAFFC48000
heap
page read and write
42A0000
heap
page read and write
247F027D000
heap
page read and write
D4B000
trusted library allocation
page execute and read and write
247F0108000
heap
page read and write
7FFAACDB0000
trusted library allocation
page read and write
7FFAACEF0000
trusted library allocation
page read and write
247F02AD000
heap
page read and write
2875CE78000
heap
page read and write
165B7990000
trusted library allocation
page read and write
2875CED5000
heap
page read and write
1B45F000
stack
page read and write
2875D040000
trusted library allocation
page read and write
8A5567E000
unkown
page readonly
F70000
heap
page execute and read and write
7FFAACDF0000
trusted library allocation
page read and write
2875CD10000
trusted library allocation
page read and write
F4960FD000
stack
page read and write
247EEEE0000
heap
page read and write
247EEC40000
heap
page read and write
2875CCF0000
trusted library allocation
page read and write
2600E402000
heap
page read and write
7FFAACD6D000
trusted library allocation
page read and write
536D000
stack
page read and write
4F20000
trusted library allocation
page read and write
247F01D0000
heap
page read and write
24780246000
trusted library allocation
page read and write
4160000
trusted library allocation
page read and write
55FE000
stack
page read and write
BA7000
heap
page read and write
247EC705000
heap
page read and write
16EA000
trusted library allocation
page read and write
247EC47A000
heap
page read and write
15A4000
trusted library allocation
page read and write
28757770000
trusted library allocation
page read and write
2875CCE0000
trusted library allocation
page read and write
7FFAACDC0000
trusted library allocation
page read and write
7F2307E000
unkown
page readonly
7FFAACCB0000
trusted library allocation
page execute and read and write
24780762000
trusted library allocation
page read and write
5D6000
heap
page read and write
5E128FE000
unkown
page readonly
F495CFE000
stack
page read and write
DB2000
unkown
page readonly
2BA8072A000
heap
page read and write
12E0000
trusted library allocation
page read and write
13E3000
heap
page read and write
7FFAACD31000
trusted library allocation
page read and write
5E11D3B000
stack
page read and write
1B2AC000
heap
page read and write
418F000
trusted library allocation
page read and write
5E133FE000
unkown
page readonly
247F231D000
heap
page read and write
7FFAACEB0000
trusted library allocation
page read and write
2875CE21000
heap
page read and write
247F2251000
heap
page read and write
5E124FD000
stack
page read and write
1EA88C38000
heap
page read and write
282FC031000
heap
page read and write
760000
trusted library section
page read and write
2875787C000
heap
page read and write
42B0000
trusted library allocation
page read and write
7FFAACDD4000
trusted library allocation
page read and write
247F01DF000
heap
page read and write
7FFAACE90000
trusted library allocation
page read and write
2875CCF1000
trusted library allocation
page read and write
16C8000
trusted library allocation
page read and write
1554000
trusted library allocation
page read and write
247EF004000
heap
page read and write
2875CD30000
trusted library allocation
page read and write
7FFAACD86000
trusted library allocation
page read and write
1A042BB000
stack
page read and write
998000
heap
page read and write
B88000
heap
page read and write
7E0000
heap
page read and write
247801F8000
trusted library allocation
page read and write
17CA30F0000
heap
page read and write
7FFAACDB6000
trusted library allocation
page read and write
7FFAACE80000
trusted library allocation
page read and write
7FFAACBA0000
trusted library allocation
page read and write
130E000
stack
page read and write
26010370000
remote allocation
page read and write
250F87E0000
heap
page read and write
24780256000
trusted library allocation
page read and write
F4958F3000
stack
page read and write
247EE8C8000
heap
page read and write
7FFAACDE0000
trusted library allocation
page read and write
10D0000
trusted library allocation
page execute and read and write
1EA88C58000
heap
page read and write
7FFAAD0A0000
trusted library allocation
page read and write
2427000
trusted library allocation
page read and write
BD0000
unkown
page readonly
10DA8CB000
stack
page read and write
1B2CB000
heap
page read and write
7FFAACF90000
trusted library allocation
page read and write
134E000
stack
page read and write
17CA3580000
trusted library allocation
page read and write
2600E300000
heap
page read and write
7FF4B8100000
trusted library allocation
page execute and read and write
430000
unkown
page readonly
F496A7E000
stack
page read and write
7FFAAD070000
trusted library allocation
page read and write
6B7B16B000
stack
page read and write
1EA88C4A000
heap
page read and write
7FFAACB9D000
trusted library allocation
page execute and read and write
B3A000
heap
page read and write
B3E000
stack
page read and write
7F229FE000
stack
page read and write
247F224B000
heap
page read and write
1110000
trusted library allocation
page read and write
8A552FB000
stack
page read and write
2600E517000
heap
page read and write
1BEF6000
stack
page read and write
C43000
trusted library allocation
page read and write
247802FA000
trusted library allocation
page read and write
17CA3010000
heap
page read and write
7FFAACB94000
trusted library allocation
page read and write
3D0000
heap
page read and write
1736000
trusted library allocation
page read and write
184E000
trusted library allocation
page read and write
287578B2000
heap
page read and write
247F027F000
heap
page read and write
247EC457000
heap
page read and write
10E0000
trusted library allocation
page read and write
5E125FE000
unkown
page readonly
1EA88C97000
heap
page read and write
1EA88C49000
heap
page read and write
157C000
trusted library allocation
page read and write
7FFAACDC7000
trusted library allocation
page read and write
2810000
heap
page execute and read and write
F49627E000
stack
page read and write
247F0244000
heap
page read and write
A11000
heap
page read and write
39FF000
stack
page read and write
2875CF0E000
heap
page read and write
1421000
trusted library allocation
page read and write
13AE000
heap
page read and write
F49613F000
stack
page read and write
282FC013000
heap
page read and write
247F01DD000
heap
page read and write
6B7B7FD000
stack
page read and write
247EE8F7000
heap
page read and write
1017000
trusted library allocation
page execute and read and write
1C170000
heap
page read and write
991000
heap
page read and write
7FFB22780000
unkown
page read and write
28757840000
heap
page read and write
1A0537E000
unkown
page readonly
10DB67E000
stack
page read and write
18C29E2B000
heap
page read and write
1679000
trusted library allocation
page read and write
D13000
heap
page read and write
2DD8000
trusted library allocation
page read and write
1EA88C5B000
heap
page read and write
1A04B7E000
unkown
page readonly
247F02F1000
heap
page read and write
1B2B8000
heap
page read and write
2875787A000
heap
page read and write
2478001A000
trusted library allocation
page read and write
247EF023000
heap
page read and write
7FFAAD0B0000
trusted library allocation
page read and write
2BAFFC48000
heap
page read and write
24780776000
trusted library allocation
page read and write
1556000
trusted library allocation
page read and write
5028000
unkown
page readonly
776000
heap
page read and write
7FFAACE40000
trusted library allocation
page read and write
18C2A615000
heap
page read and write
2600E480000
heap
page read and write
250F8F40000
trusted library allocation
page read and write
2478024A000
trusted library allocation
page read and write
1292D000
trusted library allocation
page read and write
6EC000
unkown
page readonly
247EE8D4000
heap
page read and write
DDBF6FB000
stack
page read and write
18E4000
trusted library allocation
page read and write
560000
heap
page read and write
DDBFC7C000
stack
page read and write
3BDE000
stack
page read and write
1550000
trusted library allocation
page read and write
8A560FE000
unkown
page readonly
1B55E000
stack
page read and write
7FFAAD0C0000
trusted library allocation
page read and write
CF0000
trusted library section
page read and write
7FFAACD30000
trusted library allocation
page read and write
8A54D7E000
stack
page read and write
7FFAACD88000
trusted library allocation
page read and write
250F8813000
heap
page read and write
160F000
trusted library allocation
page read and write
247EF033000
heap
page read and write
18C29E7D000
heap
page read and write
AB7000
heap
page read and write
162F000
trusted library allocation
page read and write
7FFAACDE0000
trusted library allocation
page read and write
7FFAACC40000
trusted library allocation
page read and write
7FFAACDB0000
trusted library allocation
page read and write
2600E502000
heap
page read and write
7FFAACDA0000
trusted library allocation
page read and write
247EC46E000
heap
page read and write
38FE000
stack
page read and write
2478075E000
trusted library allocation
page read and write
DB7000
heap
page read and write
28757FB0000
trusted library section
page readonly
7F22F7E000
stack
page read and write
4D6C000
stack
page read and write
1210000
heap
page read and write
139E000
stack
page read and write
159E000
trusted library allocation
page read and write
247EDF70000
heap
page read and write
7FFAACE45000
trusted library allocation
page read and write
1EA88C63000
heap
page read and write
CED000
trusted library allocation
page execute and read and write
6F2000
unkown
page write copy
7FFAACBAD000
trusted library allocation
page execute and read and write
296E000
stack
page read and write
FA0000
heap
page read and write
247F022A000
heap
page read and write
247EC4B4000
heap
page read and write
B79000
heap
page read and write
56FE000
stack
page read and write
5850000
heap
page read and write
10DAF7E000
unkown
page readonly
436217E000
stack
page read and write
5840000
trusted library allocation
page execute and read and write
3500000
heap
page read and write
250F87D0000
heap
page read and write
1B271000
heap
page read and write
3B00000
trusted library allocation
page read and write
2478076E000
trusted library allocation
page read and write
FFF000
stack
page read and write
24780474000
trusted library allocation
page read and write
B40000
heap
page read and write
28758113000
heap
page read and write
7FFAAD0D0000
trusted library allocation
page read and write
391E000
trusted library allocation
page read and write
7FFAAD090000
trusted library allocation
page read and write
7FFAACD96000
trusted library allocation
page read and write
26010370000
remote allocation
page read and write
2BAFFC87000
heap
page read and write
DDBFF7E000
unkown
page readonly
129A1000
trusted library allocation
page read and write
BC0000
heap
page read and write
A60000
heap
page execute and read and write
8F4000
stack
page read and write
1C160000
heap
page read and write
D1B000
heap
page read and write
282FBE20000
heap
page read and write
5E12E7E000
stack
page read and write
1B1FF000
heap
page read and write
1080000
heap
page read and write
7FFAACE10000
trusted library allocation
page read and write
282FBF00000
heap
page read and write
436277E000
stack
page read and write
7FFAACDF0000
trusted library allocation
page read and write
247F032B000
heap
page read and write
F495DFB000
stack
page read and write
3902000
trusted library allocation
page read and write
7FFAACFB0000
trusted library allocation
page read and write
5E1337E000
stack
page read and write
18C29E66000
heap
page read and write
2875CE41000
heap
page read and write
B14000
heap
page read and write
7FFAACDC0000
trusted library allocation
page read and write
12F0000
heap
page execute and read and write
18C29E26000
heap
page read and write
247804C2000
trusted library allocation
page read and write
3E0000
heap
page read and write
247EDEE0000
heap
page read and write
28757710000
heap
page read and write
7FFAACD43000
trusted library allocation
page read and write
1A04F7E000
unkown
page readonly
2710000
heap
page read and write
17CA2E2B000
heap
page read and write
2875CE40000
trusted library allocation
page read and write
7FFAAD0A3000
trusted library allocation
page read and write
1B713000
heap
page read and write
3420000
trusted library allocation
page read and write
2A72000
unkown
page readonly
2875D020000
trusted library allocation
page read and write
9D1837C000
stack
page read and write
BE6000
unkown
page readonly
247F02DA000
heap
page read and write
1C169000
heap
page read and write
2875CE17000
heap
page read and write
2875789F000
heap
page read and write
7FFAACEC0000
trusted library allocation
page read and write
17CA2E02000
heap
page read and write
1488000
trusted library allocation
page read and write
1A0577E000
unkown
page readonly
D55000
heap
page read and write
1CDF000
stack
page read and write
4EEE000
stack
page read and write
2BAFFBF0000
heap
page read and write
6E0000
unkown
page readonly
1EA88C4C000
heap
page read and write
1EA88C4E000
heap
page read and write
247EE84E000
heap
page read and write
1B5E0000
trusted library section
page readonly
41A0000
trusted library allocation
page execute and read and write
1AEAD000
stack
page read and write
2BA80726000
heap
page read and write
1012000
trusted library allocation
page read and write
1779000
trusted library allocation
page read and write
1B2C5000
heap
page read and write
2875CE2E000
heap
page read and write
1120000
heap
page read and write
1EA88C00000
heap
page read and write
B96000
heap
page read and write
247801EA000
trusted library allocation
page read and write
247F0284000
heap
page read and write
6F2000
unkown
page read and write
1B687000
heap
page read and write
7FFAACDCE000
trusted library allocation
page read and write
7FFAACBCB000
trusted library allocation
page execute and read and write
49EA000
stack
page read and write
2478007F000
trusted library allocation
page read and write
4361C76000
stack
page read and write
2479009D000
trusted library allocation
page read and write
4361D7E000
unkown
page readonly
250F8902000
heap
page read and write
247EEFD0000
heap
page read and write
250F8800000
heap
page read and write
6E1000
unkown
page execute read
247EC600000
heap
page read and write
2600FE02000
trusted library allocation
page read and write
1A0547B000
stack
page read and write
1B3A0000
heap
page read and write
2478076A000
trusted library allocation
page read and write
7FFAACD4E000
trusted library allocation
page read and write
CC5000
heap
page read and write
2BDF000
trusted library allocation
page read and write
F49637A000
stack
page read and write
8A544FE000
unkown
page readonly
1635000
trusted library allocation
page read and write
2875CCF0000
trusted library allocation
page read and write
7FFAACBA3000
trusted library allocation
page read and write
7F226FE000
stack
page read and write
8A559FD000
stack
page read and write
247EDF00000
heap
page execute and read and write
125D000
stack
page read and write
18E6000
trusted library allocation
page read and write
2BA80700000
heap
page read and write
5E132FE000
unkown
page readonly
1EA88C5C000
heap
page read and write
1B251000
heap
page read and write
7FFAACF10000
trusted library allocation
page read and write
436237E000
stack
page read and write
17CA2E00000
heap
page read and write
247F010B000
heap
page read and write
5470000
trusted library allocation
page read and write
7FFAAD082000
trusted library allocation
page read and write
2479023F000
trusted library allocation
page read and write
2BA80602000
heap
page read and write
7FFAACBA0000
trusted library allocation
page read and write
3E8F000
stack
page read and write
247EEFC5000
heap
page read and write
1B705000
heap
page read and write
28757894000
heap
page read and write
7FFAACBBB000
trusted library allocation
page execute and read and write
7FFAACB93000
trusted library allocation
page execute and read and write
7FFAACD40000
trusted library allocation
page read and write
4B2D000
stack
page read and write
E70000
heap
page read and write
4AEC000
stack
page read and write
247EC400000
heap
page read and write
282FC5B0000
remote allocation
page read and write
F10000
unkown
page readonly
4C6E000
stack
page read and write
166B000
trusted library allocation
page read and write
1298E000
trusted library allocation
page read and write
7FFAACF50000
trusted library allocation
page read and write
7FFAACE00000
trusted library allocation
page read and write
F49657E000
stack
page read and write
5D3000
heap
page read and write
1B860000
unkown
page readonly
1B207000
heap
page read and write
165B7A13000
heap
page read and write
7FFAACD7C000
trusted library allocation
page read and write
24780339000
trusted library allocation
page read and write
1EA88C54000
heap
page read and write
8A53FF7000
stack
page read and write
3960000
trusted library allocation
page read and write
8A54AFE000
unkown
page readonly
28757FA0000
trusted library section
page readonly
CFD000
trusted library allocation
page execute and read and write
167D000
trusted library allocation
page read and write
1B1FB000
heap
page read and write
3FCE000
stack
page read and write
7FFAACC46000
trusted library allocation
page read and write
35CE000
stack
page read and write
7FFAAD080000
trusted library allocation
page read and write
7FFAACDC0000
trusted library allocation
page read and write
2BAFFC00000
heap
page read and write
12990000
trusted library allocation
page read and write
2600E465000
heap
page read and write
2AB4000
trusted library allocation
page read and write
7F22B7E000
stack
page read and write
C30000
trusted library allocation
page read and write
5E131FD000
stack
page read and write
247F0252000
heap
page read and write
8A5557E000
stack
page read and write
2478056B000
trusted library allocation
page read and write
CE8000
stack
page read and write
10CD000
stack
page read and write
1BAF0000
heap
page read and write
5E127FE000
unkown
page readonly
165B7A5F000
heap
page read and write
2600FDD0000
trusted library allocation
page read and write
24790249000
trusted library allocation
page read and write
28758015000
heap
page read and write
4180000
trusted library allocation
page read and write
247F0232000
heap
page read and write
16A8000
trusted library allocation
page read and write
5E12CFD000
stack
page read and write
43616BB000
stack
page read and write
2478039E000
trusted library allocation
page read and write
CC0000
heap
page read and write
7FFAACBBD000
trusted library allocation
page execute and read and write
3B60000
unkown
page readonly
7FFAACDD0000
trusted library allocation
page read and write
5E1287C000
stack
page read and write
4320000
trusted library allocation
page read and write
247F2243000
heap
page read and write
2875CC60000
trusted library allocation
page read and write
F9F000
trusted library allocation
page read and write
7FFAACDB7000
trusted library allocation
page read and write
CD0000
heap
page read and write
18C29E4E000
heap
page read and write
28757F90000
trusted library section
page readonly
2BAFFBD0000
heap
page read and write
BDD000
unkown
page readonly
165B7960000
heap
page read and write
292F000
trusted library allocation
page read and write
247EE830000
heap
page read and write
1EA88C92000
heap
page read and write
D80000
trusted library allocation
page execute and read and write
8A54B7E000
stack
page read and write
36D000
stack
page read and write
4EAB000
stack
page read and write
7FFAAD0E0000
trusted library allocation
page read and write
8A54A7E000
stack
page read and write
13EE000
heap
page read and write
C40000
trusted library allocation
page read and write
1B4AE000
stack
page read and write
2478008C000
trusted library allocation
page read and write
7FFAAD050000
trusted library allocation
page execute and read and write
1B242000
heap
page read and write
959000
heap
page read and write
1A04AFE000
stack
page read and write
247F03C3000
heap
page read and write
2BA80490000
trusted library allocation
page read and write
7FFAACD60000
trusted library allocation
page read and write
550000
heap
page read and write
7FFAACD70000
trusted library allocation
page read and write
1EA88C62000
heap
page read and write
4C2C000
stack
page read and write
287578FF000
heap
page read and write
17CA2E38000
heap
page read and write
247EC670000
trusted library allocation
page read and write
247F22BF000
heap
page read and write
17E3000
trusted library allocation
page read and write
184A000
trusted library allocation
page read and write
7FFAACB90000
trusted library allocation
page read and write
28758002000
heap
page read and write
1000000
trusted library allocation
page read and write
1B20A000
heap
page read and write
FC5000
heap
page read and write
247EC476000
heap
page read and write
12C6000
heap
page read and write
2875CE4A000
heap
page read and write
3935000
trusted library allocation
page read and write
12C0000
heap
page read and write
3A4A000
trusted library allocation
page read and write
5123000
heap
page read and write
7F22C7E000
unkown
page readonly
1B5AE000
stack
page read and write
430D000
stack
page read and write
2875CD20000
trusted library allocation
page read and write
8A553FE000
unkown
page readonly
9F0000
trusted library allocation
page read and write
17CA2F02000
heap
page read and write
F49687D000
stack
page read and write
D46000
heap
page read and write
2875CC70000
trusted library allocation
page read and write
169F000
stack
page read and write
7FFAACE39000
trusted library allocation
page read and write
12921000
trusted library allocation
page read and write
1EA88BB0000
heap
page read and write
1EA88CAA000
heap
page read and write
247806A5000
trusted library allocation
page read and write
247EC665000
heap
page read and write
5E12FFD000
stack
page read and write
17CA2E55000
heap
page read and write
247EC46C000
heap
page read and write
24780252000
trusted library allocation
page read and write
3949000
trusted library allocation
page read and write
247F0340000
heap
page read and write
179F000
stack
page read and write
13EF000
heap
page read and write
1A04C7E000
stack
page read and write
12B0000
trusted library allocation
page read and write
247901C4000
trusted library allocation
page read and write
34B0000
heap
page read and write
F496234000
stack
page read and write
247807CB000
trusted library allocation
page read and write
247EEFE0000
heap
page read and write
D30000
trusted library allocation
page read and write
2431000
trusted library allocation
page read and write
250F8852000
heap
page read and write
1EA88C8E000
heap
page read and write
18C29E00000
heap
page read and write
7FFAACDD0000
trusted library allocation
page read and write
2875CE95000
heap
page read and write
7FFAACD50000
trusted library allocation
page read and write
4290000
trusted library allocation
page read and write
4110000
trusted library allocation
page read and write
1EA88C55000
heap
page read and write
2875CDC0000
trusted library allocation
page read and write
282FBE00000
heap
page read and write
9D0000
trusted library allocation
page read and write
6E0000
unkown
page readonly
18C29C50000
heap
page read and write
165B7A00000
heap
page read and write
247F0273000
heap
page read and write
247EE050000
heap
page execute and read and write
2875CD49000
trusted library allocation
page read and write
107E000
stack
page read and write
7FFAACDF0000
trusted library allocation
page read and write
1B719000
heap
page read and write
7FFAACED0000
trusted library allocation
page read and write
BDD000
unkown
page readonly
247EC6C0000
trusted library allocation
page read and write
1A0597E000
unkown
page readonly
7FFAACD35000
trusted library allocation
page read and write
1B210000
heap
page read and write
BE4000
unkown
page write copy
2BAFFCB1000
heap
page read and write
967000
heap
page read and write
17C0000
trusted library allocation
page read and write
7FFAACBB0000
trusted library allocation
page read and write
436227E000
unkown
page readonly
7FFAACBA4000
trusted library allocation
page read and write
8A557F9000
stack
page read and write
3AC0000
trusted library allocation
page execute and read and write
436247E000
unkown
page readonly
2600E513000
heap
page read and write
101B000
trusted library allocation
page execute and read and write
10DB07E000
stack
page read and write
8A541FE000
stack
page read and write
1EA88C8F000
heap
page read and write
8A5607E000
stack
page read and write
2DD0000
trusted library allocation
page read and write
7FFAACF26000
trusted library allocation
page read and write
AF6000
heap
page read and write
28757813000
heap
page read and write
1B690000
heap
page read and write
7D0000
heap
page read and write
2AC0000
heap
page execute and read and write
D00000
trusted library allocation
page read and write
AB9000
heap
page read and write
2875CE1A000
heap
page read and write
247F0383000
heap
page read and write
D53000
heap
page read and write
7F22A7E000
unkown
page readonly
432000
unkown
page readonly
24780548000
trusted library allocation
page read and write
247EE090000
trusted library allocation
page read and write
2921000
trusted library allocation
page read and write
7FFAACE13000
trusted library allocation
page read and write
1B862000
unkown
page readonly
1EA88C41000
heap
page read and write
24790059000
trusted library allocation
page read and write
1A04D7E000
unkown
page readonly
D58000
heap
page read and write
1876000
trusted library allocation
page read and write
7FFAACBC0000
trusted library allocation
page read and write
7FFAACE70000
trusted library allocation
page read and write
740000
heap
page read and write
DB0000
heap
page read and write
6FD000
stack
page read and write
247EE8B9000
heap
page read and write
7FFAAD087000
trusted library allocation
page read and write
2478050C000
trusted library allocation
page read and write
282FC5B0000
remote allocation
page read and write
3906000
trusted library allocation
page read and write
9D1827E000
stack
page read and write
D40000
trusted library allocation
page read and write
8A543FB000
stack
page read and write
247F0381000
heap
page read and write
291E000
stack
page read and write
24780084000
trusted library allocation
page read and write
7FFAACDB6000
trusted library allocation
page read and write
13A0000
heap
page read and write
4DAE000
stack
page read and write
5E12DFE000
unkown
page readonly
8A549FE000
unkown
page readonly
1B350000
heap
page read and write
18C29E39000
heap
page read and write
247EE8A6000
heap
page read and write
76C000
stack
page read and write
2600E400000
heap
page read and write
150B000
trusted library allocation
page read and write
28757FC0000
trusted library section
page readonly
2DA5000
trusted library allocation
page read and write
17A3000
trusted library allocation
page read and write
165B7A46000
heap
page read and write
7FFAACD67000
trusted library allocation
page read and write
1EA88C51000
heap
page read and write
2875CEE8000
heap
page read and write
2BA80000000
heap
page read and write
580000
heap
page read and write
2A41000
trusted library allocation
page read and write
159E000
stack
page read and write
DB0000
unkown
page readonly
7FFAACBA0000
trusted library allocation
page read and write
F495FF8000
stack
page read and write
E76000
heap
page read and write
7FFAACF22000
trusted library allocation
page read and write
1803000
trusted library allocation
page read and write
247EF05D000
heap
page read and write
8A542FE000
unkown
page readonly
1B264000
heap
page read and write
7FFAACBC4000
trusted library allocation
page read and write
2875CE50000
trusted library allocation
page read and write
247EED03000
heap
page execute and read and write
1BDF6000
stack
page read and write
7F2277E000
unkown
page readonly
247EC3E0000
heap
page read and write
CD9000
heap
page read and write
2421000
trusted library allocation
page read and write
1EA88C4D000
heap
page read and write
1EA88D02000
heap
page read and write
1809000
trusted library allocation
page read and write
100A000
trusted library allocation
page execute and read and write
2875D090000
remote allocation
page read and write
7FFAACBBD000
trusted library allocation
page execute and read and write
18C29F02000
heap
page read and write
9D1807F000
stack
page read and write
2600E45F000
heap
page read and write
B9B000
heap
page read and write
24780088000
trusted library allocation
page read and write
7D0000
heap
page read and write
1015000
trusted library allocation
page execute and read and write
2BA80702000
heap
page read and write
5E12AFE000
stack
page read and write
15C0000
trusted library allocation
page read and write
24780602000
trusted library allocation
page read and write
1B236000
heap
page read and write
247F02C7000
heap
page read and write
C80000
trusted library section
page read and write
1B353000
heap
page read and write
370E000
stack
page read and write
247F2322000
heap
page read and write
D0E000
heap
page read and write
7FFAACF00000
trusted library allocation
page read and write
2B82000
trusted library allocation
page read and write
5100000
heap
page read and write
8A5497E000
stack
page read and write
7FFAACD70000
trusted library allocation
page read and write
7B0000
heap
page read and write
247EC4C0000
heap
page read and write
B7E000
stack
page read and write
247EC48C000
heap
page read and write
1EA88C84000
heap
page read and write
247EC4B6000
heap
page read and write
7FFAACDB0000
trusted library allocation
page read and write
7FFAACE31000
trusted library allocation
page read and write
24780823000
trusted library allocation
page read and write
1B7AE000
stack
page read and write
24790001000
trusted library allocation
page read and write
4130000
trusted library allocation
page read and write
3921000
trusted library allocation
page read and write
247EF060000
heap
page read and write
17A1000
trusted library allocation
page read and write
247F0259000
heap
page read and write
4FA0000
unkown
page readonly
28757740000
heap
page read and write
2600FDF0000
trusted library allocation
page read and write
247F0218000
heap
page read and write
CE3000
trusted library allocation
page execute and read and write
7FFAACEE0000
trusted library allocation
page read and write
D13000
trusted library allocation
page execute and read and write
1B680000
heap
page read and write
1EA88C70000
heap
page read and write
28757800000
heap
page read and write
2BA80732000
heap
page read and write
8A554FE000
stack
page read and write
2A90000
trusted library allocation
page read and write
247EC439000
heap
page read and write
BCC000
stack
page read and write
29CE000
stack
page read and write
24780766000
trusted library allocation
page read and write
7FFAACD90000
trusted library allocation
page read and write
247EEE50000
heap
page read and write
2A70000
unkown
page readonly
8A54DFE000
unkown
page readonly
1B703000
heap
page read and write
3428000
trusted library allocation
page read and write
24790241000
trusted library allocation
page read and write
1B268000
heap
page read and write
7FFAACDA0000
trusted library allocation
page execute and read and write
4361F7B000
stack
page read and write
247EEC43000
heap
page read and write
282FC062000
heap
page read and write
125E000
stack
page read and write
28758640000
trusted library allocation
page read and write
EFE000
stack
page read and write
17BA000
trusted library allocation
page read and write
247EDF50000
trusted library section
page readonly
7FFB22782000
unkown
page readonly
1A050FE000
stack
page read and write
12981000
trusted library allocation
page read and write
1B6AF000
stack
page read and write
2BAFFC16000
heap
page read and write
247EED00000
heap
page execute and read and write
250F9002000
trusted library allocation
page read and write
3940000
trusted library allocation
page read and write
2875CE00000
heap
page read and write
37F0000
heap
page read and write
5E126FE000
stack
page read and write
8A54FFE000
stack
page read and write
18C29D60000
trusted library allocation
page read and write
3600000
heap
page read and write
4310000
trusted library allocation
page read and write
7FFB22761000
unkown
page execute read
D45000
trusted library allocation
page execute and read and write
8A551FE000
unkown
page readonly
8A540FE000
unkown
page readonly
247F0222000
heap
page read and write
7A0000
heap
page read and write
D32000
trusted library allocation
page read and write
282FC062000
heap
page read and write
2600E320000
heap
page read and write
8A53C7B000
stack
page read and write
1EA88C6E000
heap
page read and write
AB0000
heap
page read and write
250F8848000
heap
page read and write
24780371000
trusted library allocation
page read and write
18DC000
trusted library allocation
page read and write
17AE000
trusted library allocation
page read and write
7FFAAD060000
trusted library allocation
page read and write
7FFAACB92000
trusted library allocation
page read and write
1006000
trusted library allocation
page execute and read and write
3BE0000
unkown
page readonly
8A54BFE000
unkown
page readonly
CF0000
trusted library allocation
page read and write
7FFAACF3C000
trusted library allocation
page read and write
6B7B9FC000
stack
page read and write
2478066D000
trusted library allocation
page read and write
7F2228B000
stack
page read and write
28758301000
trusted library allocation
page read and write
1909000
trusted library allocation
page read and write
FC0000
heap
page read and write
10DB17E000
unkown
page readonly
7FFAACC56000
trusted library allocation
page read and write
7FFAACBFC000
trusted library allocation
page execute and read and write
1002000
trusted library allocation
page read and write
247F02D3000
heap
page read and write
2BAFFC37000
heap
page read and write
3A40000
trusted library allocation
page read and write
1713000
trusted library allocation
page read and write
1EA88C60000
heap
page read and write
165B7880000
heap
page read and write
2478025A000
trusted library allocation
page read and write
247EC3D0000
heap
page read and write
7FFAACD57000
trusted library allocation
page read and write
6E1000
unkown
page execute read
7FFAACD47000
trusted library allocation
page read and write
511B000
heap
page read and write
6B7B8FC000
stack
page read and write
7FFAACD40000
trusted library allocation
page read and write
A17000
heap
page read and write
D2D000
trusted library allocation
page execute and read and write
6B7B6FE000
stack
page read and write
282FC5B0000
remote allocation
page read and write
28758C60000
trusted library allocation
page read and write
250F87B0000
heap
page read and write
1410000
heap
page read and write
247EC430000
heap
page read and write
7FFAACD60000
trusted library allocation
page read and write
2479024D000
trusted library allocation
page read and write
7FFAACE00000
trusted library allocation
page read and write
282FC602000
trusted library allocation
page read and write
7FFAACD80000
trusted library allocation
page read and write
A90000
heap
page read and write
1854000
trusted library allocation
page read and write
DDBFE7E000
stack
page read and write
3A30000
trusted library allocation
page read and write
28757FE0000
trusted library section
page readonly
165B7A2B000
heap
page read and write
D11000
heap
page read and write
282FC057000
heap
page read and write
7FFAACBA3000
trusted library allocation
page execute and read and write
2875788F000
heap
page read and write
247EE000000
heap
page read and write
5D0000
heap
page read and write
247EF028000
heap
page read and write
1B260000
heap
page read and write
1EA88C42000
heap
page read and write
1EA88C68000
heap
page read and write
AE0000
heap
page read and write
247F2337000
heap
page read and write
247901E9000
trusted library allocation
page read and write
282FC590000
trusted library allocation
page read and write
354E000
stack
page read and write
6EC000
unkown
page readonly
247EC700000
heap
page read and write
1756000
trusted library allocation
page read and write
165B7860000
heap
page read and write
10DAE7D000
stack
page read and write
8A5517E000
stack
page read and write
2720000
unkown
page readonly
7FFAACF40000
trusted library allocation
page read and write
7FFAACDA0000
trusted library allocation
page read and write
8A546FE000
unkown
page readonly
D36000
trusted library allocation
page execute and read and write
AF8000
stack
page read and write
8A545FB000
stack
page read and write
154E000
trusted library allocation
page read and write
7FFAACBAD000
trusted library allocation
page execute and read and write
247802F6000
trusted library allocation
page read and write
165B7A65000
heap
page read and write
7FFAACB9D000
trusted library allocation
page execute and read and write
247EC660000
heap
page read and write
2600E500000
heap
page read and write
17CA2DF0000
heap
page read and write
7FFAACE00000
trusted library allocation
page read and write
18E0000
trusted library allocation
page read and write
247F223F000
heap
page read and write
167F000
trusted library allocation
page read and write
24780184000
trusted library allocation
page read and write
24780481000
trusted library allocation
page read and write
28757902000
heap
page read and write
1400000
trusted library allocation
page read and write
282FC03F000
heap
page read and write
247F2331000
heap
page read and write
2478048C000
trusted library allocation
page read and write
1A0527E000
stack
page read and write
BA0000
heap
page read and write
2875CF0A000
heap
page read and write
7FFAACDE0000
trusted library allocation
page read and write
2478048E000
trusted library allocation
page read and write
24780509000
trusted library allocation
page read and write
1687000
trusted library allocation
page read and write
4170000
trusted library allocation
page read and write
7FFAACFD0000
trusted library allocation
page execute and read and write
1030000
trusted library allocation
page read and write
2875D090000
remote allocation
page read and write
7FFAACC50000
trusted library allocation
page read and write
28757859000
heap
page read and write
2875815A000
heap
page read and write
18C29E50000
heap
page read and write
165B7A02000
heap
page read and write
7FFAACB93000
trusted library allocation
page execute and read and write
7FFAACF24000
trusted library allocation
page read and write
1EA89402000
trusted library allocation
page read and write
1BAE0000
heap
page execute and read and write
28758820000
trusted library allocation
page read and write
770000
heap
page read and write
1EA88C13000
heap
page read and write
436207E000
unkown
page readonly
13FF000
stack
page read and write
2600E43A000
heap
page read and write
2BAFFD02000
heap
page read and write
247F0299000
heap
page read and write
247901B5000
trusted library allocation
page read and write
BD0000
heap
page read and write
13E6000
heap
page read and write
1B295000
heap
page read and write
250F8837000
heap
page read and write
2875811A000
heap
page read and write
247F2230000
heap
page read and write
7FFAACBB4000
trusted library allocation
page read and write
1A0507E000
unkown
page readonly
17CA2E40000
heap
page read and write
410E000
stack
page read and write
16CE000
trusted library allocation
page read and write
7FFAACC50000
trusted library allocation
page execute and read and write
28757FD0000
trusted library section
page readonly
DDBFD7E000
unkown
page readonly
F49677E000
stack
page read and write
7F2238E000
stack
page read and write
7FFAACBB4000
trusted library allocation
page read and write
D0B000
heap
page read and write
7FFAACDD0000
trusted library allocation
page read and write
18C29E02000
heap
page read and write
1C180000
heap
page read and write
950000
heap
page read and write
7FFAACE50000
trusted library allocation
page read and write
8A547FB000
stack
page read and write
1EA88C4B000
heap
page read and write
7FFAACD90000
trusted library allocation
page execute and read and write
2875785B000
heap
page read and write
8A54EFE000
unkown
page readonly
1EA88C31000
heap
page read and write
CAF000
stack
page read and write
1EA88C57000
heap
page read and write
7FFAACD95000
trusted library allocation
page read and write
1EA88C50000
heap
page read and write
1850000
trusted library allocation
page read and write
250F8802000
heap
page read and write
2BAFFC68000
heap
page read and write
2875D030000
trusted library allocation
page read and write
7FFAACBEC000
trusted library allocation
page execute and read and write
2600E413000
heap
page read and write
7FFAACD90000
trusted library allocation
page read and write
24780090000
trusted library allocation
page read and write
D15000
heap
page read and write
BE4000
unkown
page read and write
165B7A3F000
heap
page read and write
B00000
heap
page read and write
984000
heap
page read and write
2875CE5F000
heap
page read and write
17CA2E13000
heap
page read and write
1B21F000
heap
page read and write
7FFAACDAB000
trusted library allocation
page read and write
2600E600000
heap
page read and write
1EA88C2B000
heap
page read and write
247EC640000
trusted library allocation
page read and write
129E000
stack
page read and write
18C2A600000
heap
page read and write
18C29F13000
heap
page read and write
5E12BFE000
unkown
page readonly
170F000
trusted library allocation
page read and write
7FFB22760000
unkown
page readonly
There are 1180 hidden memdumps, click here to show them.