IOC Report
mrKs8EKXbz.exe

loading gif

Files

File Path
Type
Category
Malicious
mrKs8EKXbz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mrKs8EKXbz.exe_521cdd52a6fecd7688fcd95b479bab4279f873c5_70ec60d9_0d489e28-b0d3-456e-8b7e-ac7fad451ec2\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x6651b3af, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3946.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Sep 30 12:19:59 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AED.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B1D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B3A.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B89.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\qi3ba00y.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\DU2B58II.log
Unicode text, UTF-16, little-endian text, with very long lines (614), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\5ZQG91VN.LXQ\RRZRYXB4.KGT\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\8Q5Z55XT.X5R\AP9GQL1K.LDJ.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 65 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\mrKs8EKXbz.exe
"C:\Users\user\Desktop\mrKs8EKXbz.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=qpkl23.zapto.org&p=8041&s=c75cf581-c081-4bd7-96da-5933e5da1d56&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=qpkl23.zapto.org&p=8041&s=c75cf581-c081-4bd7-96da-5933e5da1d56&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\3HG45VN8.TWA\PQH5JCRN.MML\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\ScreenConnect.WindowsClient.exe" "RunRole" "5907bb67-d556-434c-b64e-e4ceba678cb8" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3540 -ip 3540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 724
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://upphelp.top/Bin/ScreenConnect.Windows.dll
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.Core.dll
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsClient.exe
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.ClientService.exe
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.Client.dll
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.Client.manifest
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.ClientService.dll
79.110.49.196
 malicious
https://upphelp.top/Bin/ScreenConnect.Client.applicationf
unknown
https://upphelp.top/Bin/ScreenConnect.Core.dllY
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsFileManag
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsClient.exe.configfw
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsC
unknown
https://upphelp.top/Bin/ScreenConnect.Client.manifestF
unknown
https://upphelp.top/Bin/ScreenConnect.x
unknown
https://upphelp.top
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://upphelp.top/Bin/ScreenConnect.Windows.dll7
unknown
https://upphelp.top/Bin/ScreenConnect.ClientService.dllV
unknown
http://www.w3.o
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsFileManager.exeNt
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsFileManager.exeow
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://upphelp.top
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application%
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsFileManager.e
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.appP
unknown
https://upphelp.top/Bin/ScreenConnect.ClientService.dll~
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application;
unknown
http://www.w3.or
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
https://upphelp.top/Bin/ScreenConnect.ClientSe
unknown
http://crl.ver)
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application=
unknown
http://upx.sf.net
unknown
https://upphelp.top/Bin/ScreenConnect.Wind
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsClient.exe6
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=qpkl23.zapto.org&p=8041
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application8
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicationsers%&/
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicationA
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicationH
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsBackstage
unknown
https://feedback.screenconnect.com/Feedback.axd
unknown
https://upphelp.top/Bin/ScreenConnect.Clie
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicationX
unknown
https://upphelp.top/Bin/ScreenConnect.Client.application?e=
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicationc
unknown
https://upphelp.top/Bin/ScreenConnect.Client.applicatione
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsBackstageShell.ex
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeEt
unknown
https://upphelp.top/Bin/ScreenConnect.WindowsClient.ex
unknown
There are 50 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
qpkl23.zapto.org
79.110.49.196
 malicious
upphelp.top
79.110.49.196
 malicious
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
79.110.49.196
qpkl23.zapto.org
Germany
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!01000000a3817407c8150000c01b00000000000000000000109669624614db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_ae93ec2462efb67b\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!10000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0e000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0c000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!0a000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!08000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!06000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!04000000037ea007c8150000c01b000000000000000000007f64a2184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
lock!11000000127ea007c8150000c01b00000000000000000000f7c6a4184d14db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
ProgramId
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
FileId
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
LowerCaseLongPath
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
LongPathHash
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Name
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
OriginalFileName
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Publisher
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Version
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
BinFileVersion
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
BinaryType
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
ProductName
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
ProductVersion
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
LinkDate
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
BinProductVersion
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
AppxPackageFullName
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
AppxPackageRelativeId
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Size
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Language
\REGISTRY\A\{3f8c0361-aef5-8066-36bc-519cdcd6f42d}\Root\InventoryApplicationFile\mrks8ekxbz.exe|a9ec7f5dae859288
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!0e000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0c000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0a000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!08000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!06000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!04000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!02000000cd95680044160000e012000000000000000000006a88b71f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!1c000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!1a000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!18000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!16000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!14000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!12000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!10000000dd95680044160000e01200000000000000000000d7eab91f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
lock!1d0000000c96680044160000e012000000000000000000001d12c11f3313db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_10e7526b44f96c8d
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_c90c8f89b96e2e2e
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_39677f8182788693
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (c75cf581-c081-4bd7-96da-5933e5da1d56)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (c75cf581-c081-4bd7-96da-5933e5da1d56)
ImagePath
There are 170 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
15F8045F000
trusted library allocation
page read and write
EA1227E000
unkown
page readonly
16A0000
trusted library allocation
page read and write
1BF90000
unkown
page readonly
7FFD34710000
trusted library allocation
page read and write
1EE17450000
trusted library allocation
page read and write
1EE1B5B0000
trusted library allocation
page read and write
48B0000
trusted library allocation
page read and write
117E000
stack
page read and write
7FFD3456D000
trusted library allocation
page execute and read and write
240C000
trusted library allocation
page read and write
1B9A0000
heap
page read and write
98A000
heap
page read and write
4CC5134000
stack
page read and write
7FFD349E0000
trusted library allocation
page read and write
120F000
heap
page read and write
1490000
heap
page read and write
1EE1B460000
trusted library allocation
page read and write
7FFD345FC000
trusted library allocation
page execute and read and write
4CC4CFA000
stack
page read and write
15F98113000
heap
page read and write
15F99667000
heap
page read and write
2B000
unkown
page readonly
7FFD34857000
trusted library allocation
page read and write
2420000
trusted library allocation
page read and write
15F802F6000
trusted library allocation
page read and write
10D2000
trusted library allocation
page read and write
1EE170E0000
trusted library section
page readonly
2080000
heap
page read and write
2A10000
heap
page execute and read and write
1B990000
heap
page read and write
15F98115000
heap
page read and write
4CC4FF8000
stack
page read and write
125C000
heap
page read and write
15F997CF000
heap
page read and write
19B6000
trusted library allocation
page execute and read and write
1180000
heap
page read and write
626E000
stack
page read and write
1694000
trusted library allocation
page read and write
4CC48FF000
stack
page read and write
15F802DA000
trusted library allocation
page read and write
10C0000
trusted library allocation
page read and write
EA1187E000
stack
page read and write
1AB6E302000
heap
page read and write
15FFDA90000
heap
page read and write
46F1000
trusted library allocation
page read and write
16F4000
heap
page read and write
241E000
trusted library allocation
page read and write
10B3000
trusted library allocation
page execute and read and write
7128AFE000
stack
page read and write
1EE160FF000
heap
page read and write
7FFD3457B000
trusted library allocation
page execute and read and write
15F805B8000
trusted library allocation
page read and write
1EE1B500000
trusted library allocation
page read and write
133D000
stack
page read and write
1F2D7530000
trusted library allocation
page read and write
7FFD34626000
trusted library allocation
page execute and read and write
15F80088000
trusted library allocation
page read and write
4719000
trusted library allocation
page read and write
1370000
heap
page read and write
4CC587D000
stack
page read and write
15F9B541000
heap
page read and write
15FFDC29000
heap
page read and write
7FFD34560000
trusted library allocation
page read and write
5DD0000
heap
page read and write
4890000
trusted library allocation
page read and write
1BFA6000
stack
page read and write
7FFD347BE000
trusted library allocation
page read and write
1EE1B61F000
heap
page read and write
4F50000
trusted library allocation
page read and write
15FFDB20000
trusted library allocation
page read and write
EA11A7C000
stack
page read and write
7FFD345F0000
trusted library allocation
page read and write
15F8024A000
trusted library allocation
page read and write
1137000
heap
page read and write
4F00000
trusted library allocation
page read and write
7FFD34840000
trusted library allocation
page read and write
2410000
trusted library allocation
page read and write
2418000
trusted library allocation
page read and write
11D1000
heap
page read and write
1503000
heap
page read and write
1BA61000
heap
page read and write
16A7000
trusted library allocation
page read and write
7FFD3470E000
trusted library allocation
page read and write
10F4000
stack
page read and write
59DC000
stack
page read and write
3091000
trusted library allocation
page read and write
154E000
stack
page read and write
2E50000
trusted library allocation
page read and write
1B930000
heap
page read and write
7FFD34534000
trusted library allocation
page read and write
B11000
stack
page read and write
15F805B0000
trusted library allocation
page read and write
20000
unkown
page readonly
60EB000
stack
page read and write
1EE1C000000
heap
page read and write
1209000
heap
page read and write
4CC547E000
stack
page read and write
2091000
trusted library allocation
page read and write
19B2000
trusted library allocation
page read and write
7FFD34550000
trusted library allocation
page read and write
1BD88000
stack
page read and write
2252000
trusted library allocation
page read and write
15F9B4D0000
heap
page read and write
1F2D7700000
trusted library allocation
page read and write
EA1197E000
unkown
page readonly
4EFE000
stack
page read and write
EA12C7E000
unkown
page readonly
7FFD34800000
trusted library allocation
page read and write
4CC597E000
stack
page read and write
15FFDB73000
heap
page read and write
7FFD34550000
trusted library allocation
page read and write
1EE160AE000
heap
page read and write
1EE1B830000
trusted library allocation
page read and write
1AB6E243000
heap
page read and write
2416000
trusted library allocation
page read and write
1EE1608D000
heap
page read and write
15F9B517000
heap
page read and write
15F99780000
heap
page read and write
15F80629000
trusted library allocation
page read and write
4CBE000
stack
page read and write
4990000
unkown
page readonly
C6C000
heap
page read and write
299E000
stack
page read and write
126F000
heap
page read and write
16B0000
heap
page read and write
15F8043C000
trusted library allocation
page read and write
1B57E000
stack
page read and write
1F2D7724000
heap
page read and write
1EE170F0000
trusted library section
page readonly
15F9968C000
heap
page read and write
15F806AB000
trusted library allocation
page read and write
1EE167A0000
trusted library section
page read and write
71286FE000
stack
page read and write
1B9EA000
heap
page read and write
1EE1B5C0000
trusted library allocation
page read and write
7FFD34850000
trusted library allocation
page read and write
15FFDB77000
heap
page read and write
1EE1B661000
heap
page read and write
1AB6E213000
heap
page read and write
F50000
heap
page read and write
7FFD34560000
trusted library allocation
page read and write
1BA6F000
heap
page read and write
1EE1B6E4000
heap
page read and write
1EE1B640000
trusted library allocation
page read and write
15FFFEC0000
heap
page execute and read and write
15FFDB30000
heap
page read and write
1EE1691A000
heap
page read and write
15F8001A000
trusted library allocation
page read and write
4CC4DFE000
stack
page read and write
7FFD34650000
trusted library allocation
page execute and read and write
1F2D7902000
heap
page read and write
4CC45C3000
stack
page read and write
21000
unkown
page execute read
1F2D7715000
trusted library allocation
page read and write
7FFD348C4000
trusted library allocation
page read and write
1EE16815000
heap
page read and write
2F11000
trusted library allocation
page read and write
7FFD34700000
trusted library allocation
page read and write
213F000
trusted library allocation
page read and write
93E000
stack
page read and write
15F8048B000
trusted library allocation
page read and write
7FFD34543000
trusted library allocation
page read and write
1EE15F00000
heap
page read and write
3C0000
heap
page read and write
5350000
heap
page execute and read and write
7FFD34790000
trusted library allocation
page read and write
5FEE000
stack
page read and write
1EE1608F000
heap
page read and write
7FFD345F6000
trusted library allocation
page read and write
5B6C000
stack
page read and write
7FFD346E5000
trusted library allocation
page read and write
1AB6E202000
heap
page read and write
7FFD347C0000
trusted library allocation
page read and write
1EE1B630000
trusted library allocation
page read and write
4F30000
trusted library allocation
page read and write
1A17000
heap
page read and write
1B80C000
heap
page read and write
46B0000
heap
page execute and read and write
1F2D7611000
unkown
page read and write
EA11FFE000
stack
page read and write
1100000
heap
page read and write
15F805BC000
trusted library allocation
page read and write
EA11E7B000
stack
page read and write
7FFD34720000
trusted library allocation
page read and write
1F2D7642000
heap
page read and write
1AB6E22B000
heap
page read and write
4710000
trusted library allocation
page read and write
1EE16094000
heap
page read and write
15F984D0000
heap
page read and write
C47000
heap
page read and write
1EE1B4E0000
trusted library allocation
page read and write
1EE16022000
heap
page read and write
EA11C7C000
stack
page read and write
7FFD34563000
trusted library allocation
page read and write
F20000
heap
page read and write
164C000
stack
page read and write
30A1000
trusted library allocation
page read and write
7FFD34920000
trusted library allocation
page read and write
1EE1B64E000
heap
page read and write
7FFD3456D000
trusted library allocation
page execute and read and write
4DBE000
stack
page read and write
EA1317B000
stack
page read and write
1BA3F000
heap
page read and write
15F997F5000
heap
page read and write
4C7E000
stack
page read and write
15F9B551000
heap
page read and write
15FFDAB0000
heap
page read and write
10BA679000
stack
page read and write
7FFD34600000
trusted library allocation
page read and write
1EE170B0000
trusted library section
page readonly
15F984F5000
heap
page read and write
19B0000
trusted library allocation
page read and write
12A30000
trusted library allocation
page read and write
EA12A7C000
stack
page read and write
BD0000
heap
page read and write
7FFD346F0000
trusted library allocation
page read and write
C68000
heap
page read and write
EA1327E000
unkown
page readonly
2404000
trusted library allocation
page read and write
15F8079B000
trusted library allocation
page read and write
14C0000
heap
page read and write
1EE16800000
heap
page read and write
1664000
heap
page read and write
15FFDCF5000
heap
page read and write
15F98097000
heap
page read and write
1A10000
heap
page read and write
2E30000
unkown
page readonly
7FFD3453D000
trusted library allocation
page execute and read and write
F00000
trusted library allocation
page read and write
1EE16902000
heap
page read and write
7FFD347E0000
trusted library allocation
page read and write
4960000
trusted library allocation
page read and write
71287FE000
unkown
page readonly
B70000
heap
page read and write
127B000
heap
page read and write
46D6000
trusted library allocation
page read and write
B90000
heap
page read and write
2F0E000
stack
page read and write
B24000
unkown
page read and write
1EE170C0000
trusted library section
page readonly
11CB000
heap
page read and write
2229000
trusted library allocation
page read and write
C00000
trusted library allocation
page read and write
4CC557E000
stack
page read and write
1EE16D40000
trusted library allocation
page read and write
15FFDCF0000
heap
page read and write
B10000
unkown
page readonly
46EE000
trusted library allocation
page read and write
1EE1B880000
remote allocation
page read and write
19C0000
trusted library allocation
page read and write
4920000
unkown
page readonly
15F99963000
heap
page read and write
2AC0000
heap
page read and write
19A8000
stack
page read and write
1EE1B6F2000
heap
page read and write
1BDA0000
heap
page execute and read and write
2E0E000
stack
page read and write
15F8026D000
trusted library allocation
page read and write
15F90228000
trusted library allocation
page read and write
7FFD3459C000
trusted library allocation
page execute and read and write
7FFD34870000
trusted library allocation
page read and write
F55000
heap
page read and write
15F8008C000
trusted library allocation
page read and write
7FFD346E7000
trusted library allocation
page read and write
1EE1B6D1000
heap
page read and write
4CC5B7D000
stack
page read and write
7FFD34780000
trusted library allocation
page read and write
1A00000
trusted library allocation
page read and write
15F980BF000
heap
page read and write
1BBDF000
stack
page read and write
1C19D000
stack
page read and write
7FFD347A3000
trusted library allocation
page read and write
7FFD34880000
trusted library allocation
page read and write
10B0000
trusted library allocation
page read and write
50C0000
trusted library allocation
page execute and read and write
F03000
trusted library allocation
page read and write
10FE000
heap
page read and write
7FFD34940000
trusted library allocation
page read and write
1550000
trusted library allocation
page read and write
7FFD34910000
trusted library allocation
page read and write
4F90000
trusted library allocation
page read and write
7FFD348B4000
trusted library allocation
page read and write
11C2000
heap
page read and write
15F805C5000
trusted library allocation
page read and write
4F80000
trusted library allocation
page read and write
4880000
trusted library allocation
page execute and read and write
1AB6E120000
heap
page read and write
15F99961000
heap
page read and write
1F2D7902000
heap
page read and write
7FFD34707000
trusted library allocation
page read and write
4CC567D000
stack
page read and write
15F984C0000
heap
page read and write
1B7DE000
heap
page read and write
1135000
heap
page read and write
EA137FE000
stack
page read and write
15FFDB6E000
heap
page read and write
3B0000
heap
page read and write
1BF92000
unkown
page readonly
C90000
unkown
page readonly
7FFD34770000
trusted library allocation
page read and write
1BA67000
heap
page read and write
2E81000
trusted library allocation
page read and write
97E000
stack
page read and write
7FFD34750000
trusted library allocation
page read and write
1C1A0000
heap
page read and write
16E3000
heap
page read and write
15F8007F000
trusted library allocation
page read and write
EA120FE000
stack
page read and write
15F99865000
heap
page read and write
1EE1B510000
trusted library allocation
page read and write
15F997B3000
heap
page read and write
B1D000
unkown
page readonly
7FFD345AC000
trusted library allocation
page execute and read and write
1B9E0000
heap
page read and write
7FFD34730000
trusted library allocation
page execute and read and write
1EE15F20000
heap
page read and write
6610000
heap
page read and write
1BCDE000
stack
page read and write
7FFD347A0000
trusted library allocation
page read and write
1243000
heap
page read and write
2E32000
unkown
page readonly
7FFD348B0000
trusted library allocation
page read and write
15F901D0000
trusted library allocation
page read and write
10B9EAD000
stack
page read and write
B11000
unkown
page execute read
422E000
stack
page read and write
7FFD34730000
trusted library allocation
page read and write
15F805AC000
trusted library allocation
page read and write
7FFD34950000
trusted library allocation
page read and write
1EE1B6FA000
heap
page read and write
15F804A0000
trusted library allocation
page read and write
EC0000
heap
page read and write
15F901A0000
trusted library allocation
page read and write
10BA2FE000
stack
page read and write
15F805C0000
trusted library allocation
page read and write
1B814000
heap
page read and write
15F9B4DC000
heap
page read and write
10E5000
trusted library allocation
page execute and read and write
EA1387E000
unkown
page readonly
4CC527E000
stack
page read and write
7FFD34780000
trusted library allocation
page read and write
7FFD34600000
trusted library allocation
page execute and read and write
15F80545000
trusted library allocation
page read and write
7FFD34740000
trusted library allocation
page read and write
15FFF4F6000
heap
page read and write
B24000
unkown
page read and write
1EE1691A000
heap
page read and write
15F99D42000
trusted library allocation
page read and write
1EE1605B000
heap
page read and write
7FFD34616000
trusted library allocation
page execute and read and write
1B67E000
stack
page read and write
15F98020000
heap
page read and write
12EE000
stack
page read and write
EA110DB000
stack
page read and write
1B9F8000
heap
page read and write
2236000
trusted library allocation
page read and write
EA1277E000
stack
page read and write
1EE1B683000
heap
page read and write
2A40000
heap
page read and write
7FFD34890000
trusted library allocation
page read and write
15F99831000
heap
page read and write
7FFD34830000
trusted library allocation
page read and write
15FFDB59000
heap
page read and write
15F902C6000
trusted library allocation
page read and write
1187000
heap
page read and write
1EE1B4C0000
trusted library allocation
page read and write
7FFD3472C000
trusted library allocation
page read and write
7FFD345E6000
trusted library allocation
page read and write
15F99955000
heap
page read and write
15F80797000
trusted library allocation
page read and write
10F0000
heap
page read and write
CA8000
heap
page read and write
3E81000
trusted library allocation
page read and write
1B936000
heap
page read and write
15F980F0000
heap
page read and write
7FFD345E0000
trusted library allocation
page read and write
1F2D7450000
heap
page read and write
7FFD347D5000
trusted library allocation
page read and write
10D0000
trusted library allocation
page read and write
1EE1B4E1000
trusted library allocation
page read and write
15F80232000
trusted library allocation
page read and write
64C0000
trusted library allocation
page execute and read and write
EA1287E000
unkown
page readonly
1BA73000
heap
page read and write
15FFDB75000
heap
page read and write
7FFD3472D000
trusted library allocation
page read and write
EA1207E000
unkown
page readonly
15F98270000
heap
page read and write
112A000
heap
page read and write
29DE000
stack
page read and write
15F99804000
heap
page read and write
4CC4BFF000
stack
page read and write
11B1000
heap
page read and write
15F80515000
trusted library allocation
page read and write
204F000
stack
page read and write
15FFD990000
heap
page read and write
15F8022E000
trusted library allocation
page read and write
830000
heap
page read and write
34B000
stack
page read and write
B60000
heap
page read and write
2414000
trusted library allocation
page read and write
144E000
stack
page read and write
4F70000
trusted library allocation
page read and write
7FFD348B2000
trusted library allocation
page read and write
15FFDB7F000
heap
page read and write
15F99640000
heap
page read and write
1261000
heap
page read and write
7FFD34700000
trusted library allocation
page read and write
52C0000
trusted library allocation
page read and write
BB0000
heap
page read and write
7FFD34750000
trusted library allocation
page read and write
1F2D7813000
heap
page read and write
10B4000
trusted library allocation
page read and write
5DC0000
heap
page read and write
15F80352000
trusted library allocation
page read and write
10E7000
trusted library allocation
page execute and read and write
CA3000
heap
page read and write
7FFD34670000
trusted library allocation
page execute and read and write
A1A000
heap
page read and write
2EA2000
trusted library allocation
page read and write
1EE1B6E3000
heap
page read and write
7FFD34820000
trusted library allocation
page read and write
2400000
trusted library allocation
page read and write
7FFD34760000
trusted library allocation
page read and write
7FFD3458C000
trusted library allocation
page execute and read and write
15F984B5000
heap
page read and write
31000
unkown
page read and write
EF0000
heap
page read and write
15FFF620000
heap
page execute and read and write
15F801F7000
trusted library allocation
page read and write
7FFD34544000
trusted library allocation
page read and write
1680000
trusted library allocation
page read and write
7128BFE000
unkown
page readonly
15F99827000
heap
page read and write
B24000
unkown
page write copy
15F806BC000
trusted library allocation
page read and write
12F1D000
trusted library allocation
page read and write
46D2000
trusted library allocation
page read and write
BF0000
heap
page read and write
15F997F1000
heap
page read and write
7FFD347B0000
trusted library allocation
page read and write
15FFDB00000
trusted library allocation
page read and write
2E44000
unkown
page readonly
19C2000
trusted library allocation
page read and write
1EE1B524000
trusted library allocation
page read and write
7FFD347F0000
trusted library allocation
page read and write
19C5000
trusted library allocation
page execute and read and write
12A2C000
trusted library allocation
page read and write
15F9850E000
heap
page read and write
1EE1B6E0000
heap
page read and write
15F805B4000
trusted library allocation
page read and write
7FFD34727000
trusted library allocation
page read and write
7FFD349F0000
trusted library allocation
page read and write
EA12AFE000
stack
page read and write
1EE1B810000
trusted library allocation
page read and write
15F9B4EE000
heap
page read and write
15F8042A000
trusted library allocation
page read and write
12A21000
trusted library allocation
page read and write
EF0000
trusted library allocation
page read and write
C90000
unkown
page readonly
1EE1B654000
heap
page read and write
33000
unkown
page readonly
1693000
trusted library allocation
page execute and read and write
5362000
unkown
page readonly
10E2000
trusted library allocation
page read and write
7FFD34770000
trusted library allocation
page read and write
15F98470000
heap
page read and write
7FFD34740000
trusted library allocation
page execute and read and write
1EE1B4E0000
trusted library allocation
page read and write
7FFD345F0000
trusted library allocation
page execute and read and write
1F2D762B000
heap
page read and write
6FC000
stack
page read and write
7FFD34710000
trusted library allocation
page read and write
1C3CE000
stack
page read and write
2CB0000
heap
page read and write
1BA53000
heap
page read and write
EF8000
stack
page read and write
1F2D7647000
heap
page read and write
15F997EA000
heap
page read and write
12A2E000
trusted library allocation
page read and write
1B7A0000
heap
page read and write
7FFD346E3000
trusted library allocation
page read and write
1EE160B2000
heap
page read and write
4CC4EFD000
stack
page read and write
15FFDBBD000
heap
page read and write
15FFDB5C000
heap
page read and write
15F9B543000
heap
page read and write
1EE16913000
heap
page read and write
EA1217E000
unkown
page readonly
14C6000
heap
page read and write
15F99978000
heap
page read and write
1560000
heap
page read and write
15F982B0000
heap
page read and write
7FFD34552000
trusted library allocation
page read and write
1EE16802000
heap
page read and write
4F4F000
trusted library allocation
page read and write
4F10000
trusted library allocation
page execute and read and write
7FFD3455B000
trusted library allocation
page execute and read and write
4CC5A7E000
stack
page read and write
15F80090000
trusted library allocation
page read and write
1B7EC000
heap
page read and write
7FFD34720000
trusted library allocation
page read and write
15F80253000
trusted library allocation
page read and write
15F900F2000
trusted library allocation
page read and write
15F805A8000
trusted library allocation
page read and write
15F9B4E0000
heap
page read and write
2B000
unkown
page readonly
7FFD34790000
trusted library allocation
page read and write
1EE1607D000
heap
page read and write
1EE16690000
trusted library allocation
page read and write
7FFD34757000
trusted library allocation
page read and write
15FFF6C0000
trusted library allocation
page read and write
71284FE000
stack
page read and write
1EE16078000
heap
page read and write
20000
unkown
page readonly
7FFD347A0000
trusted library allocation
page read and write
1EE1B880000
remote allocation
page read and write
15FFF6B0000
heap
page read and write
2A21000
trusted library allocation
page read and write
7FFD34720000
trusted library allocation
page read and write
71283FE000
unkown
page readonly
2F1F000
trusted library allocation
page read and write
15F80001000
trusted library allocation
page read and write
15F901C4000
trusted library allocation
page read and write
EA12BFE000
unkown
page readonly
15F9986B000
heap
page read and write
4CC517E000
stack
page read and write
10CD000
trusted library allocation
page execute and read and write
EA12F7E000
stack
page read and write
7FFD34606000
trusted library allocation
page read and write
1EE1B6CD000
heap
page read and write
C92000
unkown
page readonly
241C000
trusted library allocation
page read and write
1512000
unkown
page readonly
C60000
heap
page read and write
1EE1B700000
heap
page read and write
980000
heap
page read and write
15F805A0000
trusted library allocation
page read and write
15FFDB8F000
heap
page read and write
C6A000
heap
page read and write
1B9BF000
heap
page read and write
1EE1B702000
heap
page read and write
3097000
trusted library allocation
page read and write
4CC503F000
stack
page read and write
C5B000
heap
page read and write
7FFD346F5000
trusted library allocation
page read and write
16F1000
heap
page read and write
1EE1B820000
trusted library allocation
page read and write
7FFD348D0000
trusted library allocation
page read and write
7FFD348A0000
trusted library allocation
page read and write
7FFD34746000
trusted library allocation
page read and write
2DBE000
stack
page read and write
1400000
trusted library allocation
page read and write
217D000
trusted library allocation
page read and write
15F80242000
trusted library allocation
page read and write
19CB000
trusted library allocation
page execute and read and write
7FFD34554000
trusted library allocation
page read and write
15F8022A000
trusted library allocation
page read and write
52F0000
trusted library allocation
page read and write
15F9810D000
heap
page read and write
71282FD000
stack
page read and write
1AB6E255000
heap
page read and write
71285FE000
unkown
page readonly
7FFD346F1000
trusted library allocation
page read and write
1EE16013000
heap
page read and write
1EE1B6E8000
heap
page read and write
1BDDE000
stack
page read and write
4970000
trusted library allocation
page read and write
7FFD34900000
trusted library allocation
page read and write
15F9B531000
heap
page read and write
2DD1000
trusted library allocation
page read and write
1EE1602B000
heap
page read and write
EA1177E000
unkown
page readonly
15F98450000
heap
page read and write
80D000
stack
page read and write
15F90001000
trusted library allocation
page read and write
15F8023B000
trusted library allocation
page read and write
5A6D000
stack
page read and write
103E000
stack
page read and write
12F11000
trusted library allocation
page read and write
636A000
stack
page read and write
1650000
heap
page read and write
1EE16129000
heap
page read and write
14D0000
heap
page read and write
15F99815000
heap
page read and write
1666000
heap
page read and write
1EE1B665000
heap
page read and write
579A000
stack
page read and write
7FFD34750000
trusted library allocation
page execute and read and write
15F80790000
trusted library allocation
page read and write
6370000
heap
page read and write
EA128FE000
stack
page read and write
15FFDC2D000
heap
page read and write
16AD000
trusted library allocation
page execute and read and write
14B0000
trusted library section
page read and write
10E0000
trusted library allocation
page read and write
1BA42000
heap
page read and write
2E70000
heap
page execute and read and write
15F997BD000
heap
page read and write
71289FE000
unkown
page readonly
144E000
stack
page read and write
C7C000
heap
page read and write
7FFD34550000
trusted library allocation
page read and write
EA12D79000
stack
page read and write
1150000
trusted library allocation
page read and write
15F80074000
trusted library allocation
page read and write
1F40000
heap
page execute and read and write
98E000
heap
page read and write
EA1237E000
unkown
page readonly
15F9B52B000
heap
page read and write
15F99678000
heap
page read and write
7FFD3455D000
trusted library allocation
page execute and read and write
2226000
trusted library allocation
page read and write
835000
heap
page read and write
15F982C0000
heap
page read and write
B6C000
stack
page read and write
7FFD3460C000
trusted library allocation
page execute and read and write
1500000
heap
page read and write
15FFDED0000
heap
page read and write
15F80236000
trusted library allocation
page read and write
7FFD34764000
trusted library allocation
page read and write
7FFD34543000
trusted library allocation
page execute and read and write
7FFD34636000
trusted library allocation
page execute and read and write
169D000
trusted library allocation
page execute and read and write
15F997A3000
heap
page read and write
1EE1B510000
trusted library allocation
page read and write
11A0000
heap
page read and write
15F9B56E000
heap
page read and write
1AB6E890000
trusted library allocation
page read and write
1AB6E241000
heap
page read and write
1EE16A01000
trusted library allocation
page read and write
29E0000
heap
page execute and read and write
1EE1B600000
heap
page read and write
7FFD34574000
trusted library allocation
page read and write
1EE16900000
heap
page read and write
7FFD347B0000
trusted library allocation
page read and write
19F0000
trusted library allocation
page execute and read and write
1EEE000
stack
page read and write
7FFD346E0000
trusted library allocation
page read and write
7FFD34725000
trusted library allocation
page read and write
15FFDBB6000
heap
page read and write
EA121FE000
stack
page read and write
1F2E000
stack
page read and write
7FFD34739000
trusted library allocation
page read and write
10EB000
trusted library allocation
page execute and read and write
4730000
trusted library allocation
page read and write
7FFD346D8000
trusted library allocation
page read and write
10D6000
trusted library allocation
page execute and read and write
1AFAC000
stack
page read and write
7FFD34790000
trusted library allocation
page read and write
15F8024F000
trusted library allocation
page read and write
2070000
trusted library allocation
page read and write
12F1F000
trusted library allocation
page read and write
11AC000
heap
page read and write
15F982C3000
heap
page read and write
15F98120000
trusted library allocation
page read and write
2AE1000
trusted library allocation
page read and write
EA125FE000
stack
page read and write
1AB6E23A000
heap
page read and write
1EE170D0000
trusted library section
page readonly
7FFD347D0000
trusted library allocation
page read and write
1EE1B4D0000
trusted library allocation
page read and write
7FFD34553000
trusted library allocation
page execute and read and write
1F2D7602000
unkown
page read and write
7FFD34960000
trusted library allocation
page execute and read and write
7FFD348B6000
trusted library allocation
page read and write
1AB6EA02000
trusted library allocation
page read and write
1EE1B641000
heap
page read and write
7FFD34780000
trusted library allocation
page read and write
DB0000
heap
page read and write
4F60000
trusted library allocation
page execute and read and write
15F98519000
heap
page read and write
EA1267E000
unkown
page readonly
1AB6E400000
heap
page read and write
15F80273000
trusted library allocation
page read and write
15F901D3000
trusted library allocation
page read and write
1F2D7913000
heap
page read and write
15FFDA70000
heap
page read and write
4720000
trusted library allocation
page read and write
7FFD347C1000
trusted library allocation
page read and write
15FFDB7B000
heap
page read and write
1026000
heap
page read and write
589B000
stack
page read and write
7FFD34760000
trusted library allocation
page read and write
1BD0000
heap
page read and write
5C6B000
stack
page read and write
EA11677000
stack
page read and write
1EE1609E000
heap
page read and write
7FFD34703000
trusted library allocation
page read and write
15FFFEC3000
heap
page execute and read and write
2E60000
trusted library allocation
page read and write
5A20000
trusted library allocation
page read and write
15F984B0000
heap
page read and write
DC0000
heap
page read and write
1F2D7913000
heap
page read and write
EA11B7E000
unkown
page readonly
15F997EF000
heap
page read and write
480A000
trusted library allocation
page read and write
1F2D7613000
unkown
page read and write
15F998AF000
heap
page read and write
1060000
trusted library section
page read and write
1189000
heap
page read and write
58DD000
stack
page read and write
1F2D7600000
unkown
page read and write
7FFD34930000
trusted library allocation
page execute and read and write
1EE1B62C000
heap
page read and write
21000
unkown
page execute read
1EE1B713000
heap
page read and write
15F90094000
trusted library allocation
page read and write
1EE1B520000
trusted library allocation
page read and write
50E0000
trusted library allocation
page read and write
7FF4EB860000
trusted library allocation
page execute and read and write
EA1247E000
stack
page read and write
7FFD34540000
trusted library allocation
page read and write
1B38E000
stack
page read and write
7FFD346F0000
trusted library allocation
page read and write
1EE16102000
heap
page read and write
7FFD348F0000
trusted library allocation
page read and write
10DA000
trusted library allocation
page execute and read and write
15F98460000
trusted library section
page readonly
7FFD34564000
trusted library allocation
page read and write
7FFD34760000
trusted library allocation
page read and write
9DA000
heap
page read and write
15F997ED000
heap
page read and write
4980000
trusted library allocation
page read and write
1B470000
heap
page read and write
1F2D7430000
heap
page read and write
47F0000
trusted library allocation
page read and write
1B9D2000
heap
page read and write
33000
unkown
page readonly
5DB0000
heap
page read and write
F3E000
stack
page read and write
15F901D6000
trusted library allocation
page read and write
1690000
trusted library allocation
page read and write
7FFD3456B000
trusted library allocation
page execute and read and write
15F998BF000
heap
page read and write
7FFD3454D000
trusted library allocation
page execute and read and write
15F98410000
heap
page execute and read and write
7FFD34740000
trusted library allocation
page read and write
15F984FD000
heap
page read and write
1B9D4000
heap
page read and write
BC0000
heap
page read and write
48A7000
trusted library allocation
page read and write
EA1297E000
unkown
page readonly
1EE16043000
heap
page read and write
1EE1B6E8000
heap
page read and write
15F984EB000
heap
page read and write
7FFD3475E000
trusted library allocation
page read and write
4800000
trusted library allocation
page read and write
EA11F7E000
unkown
page readonly
4CC577D000
stack
page read and write
1EE1B70A000
heap
page read and write
7FFD3476B000
trusted library allocation
page read and write
15F8023E000
trusted library allocation
page read and write
178D000
heap
page read and write
EA122FE000
stack
page read and write
EA12E7E000
unkown
page readonly
4DFE000
stack
page read and write
7FFD34766000
trusted library allocation
page read and write
1B8E0000
unkown
page readonly
EA1307E000
unkown
page readonly
19C7000
trusted library allocation
page execute and read and write
1EE16073000
heap
page read and write
15F805A4000
trusted library allocation
page read and write
1EE1B450000
trusted library allocation
page read and write
15F8066F000
trusted library allocation
page read and write
1BAD0000
heap
page read and write
1F30000
trusted library allocation
page read and write
5A1E000
stack
page read and write
1AB6E200000
heap
page read and write
1AB6E100000
heap
page read and write
1020000
heap
page read and write
1510000
unkown
page readonly
C20000
heap
page read and write
4F20000
trusted library allocation
page read and write
DE0000
heap
page read and write
7FFD347D0000
trusted library allocation
page read and write
7FFD34570000
trusted library allocation
page read and write
7FFD34770000
trusted library allocation
page read and write
10FB000
heap
page read and write
EA11D7E000
unkown
page readonly
7FFD346D0000
trusted library allocation
page read and write
15F90191000
trusted library allocation
page read and write
295E000
stack
page read and write
7FFD34554000
trusted library allocation
page read and write
15F80246000
trusted library allocation
page read and write
16B9000
heap
page read and write
2A00000
trusted library allocation
page read and write
46C0000
trusted library allocation
page read and write
1BA4A000
heap
page read and write
15F9B55E000
heap
page read and write
1506000
heap
page read and write
7FFD34860000
trusted library allocation
page read and write
71288FC000
stack
page read and write
7FFD347C9000
trusted library allocation
page read and write
10BD000
trusted library allocation
page execute and read and write
7FFD34552000
trusted library allocation
page read and write
106E000
stack
page read and write
1EE16EB1000
trusted library allocation
page read and write
1F2D7900000
heap
page read and write
1500000
heap
page read and write
1EE1B880000
remote allocation
page read and write
107E000
stack
page read and write
2B76000
trusted library allocation
page read and write
11E2000
heap
page read and write
2424000
trusted library allocation
page read and write
1B7E4000
heap
page read and write
1BDA3000
heap
page execute and read and write
4F7E000
stack
page read and write
100E000
stack
page read and write
5DAD000
stack
page read and write
7FFD34610000
trusted library allocation
page execute and read and write
2BCE000
stack
page read and write
5CAE000
stack
page read and write
1EE1B53E000
trusted library allocation
page read and write
15FFDED5000
heap
page read and write
15F997E6000
heap
page read and write
31000
unkown
page write copy
507D000
stack
page read and write
7FFD345EC000
trusted library allocation
page execute and read and write
B1D000
unkown
page readonly
EBE000
stack
page read and write
7127D7B000
stack
page read and write
50D0000
trusted library allocation
page read and write
15B0000
heap
page execute and read and write
10A0000
trusted library allocation
page read and write
7FFD348E0000
trusted library allocation
page read and write
7FFD346FC000
trusted library allocation
page read and write
5EB0000
heap
page read and write
11AF000
heap
page read and write
4705000
trusted library allocation
page read and write
4F40000
trusted library allocation
page read and write
7FFD346E0000
trusted library allocation
page read and write
471B000
trusted library allocation
page read and write
7FFD348C0000
trusted library allocation
page read and write
15F997D7000
heap
page read and write
1BD7000
heap
page read and write
15F980B0000
heap
page read and write
7FFD347A0000
trusted library allocation
page read and write
14F0000
trusted library allocation
page execute and read and write
1BA06000
heap
page read and write
123D000
stack
page read and write
1070000
heap
page read and write
1130000
heap
page read and write
50BD000
stack
page read and write
1EE16000000
heap
page read and write
11C4000
heap
page read and write
1B59D000
stack
page read and write
1170000
trusted library allocation
page read and write
5360000
unkown
page readonly
3086000
trusted library allocation
page read and write
B26000
unkown
page readonly
10E0000
unkown
page readonly
15FFF6F0000
trusted library allocation
page read and write
1EE16200000
heap
page read and write
29DE000
stack
page read and write
1BE90000
heap
page execute and read and write
7FFD3454D000
trusted library allocation
page execute and read and write
1660000
heap
page read and write
19E0000
trusted library allocation
page read and write
7FFD34533000
trusted library allocation
page execute and read and write
1F2D7900000
heap
page read and write
2EBE000
stack
page read and write
C29000
heap
page read and write
7FFD34810000
trusted library allocation
page read and write
15F980D4000
heap
page read and write
1EE1B6C3000
heap
page read and write
1EE16113000
heap
page read and write
7FFD346F9000
trusted library allocation
page read and write
7FFD3455D000
trusted library allocation
page execute and read and write
4B7E000
stack
page read and write
1F2D7802000
heap
page read and write
7FFD34530000
trusted library allocation
page read and write
1B9C5000
heap
page read and write
7FFD3457D000
trusted library allocation
page execute and read and write
15F804C5000
trusted library allocation
page read and write
1EE1B5B0000
trusted library allocation
page read and write
1B3EF000
stack
page read and write
7FFD34660000
trusted library allocation
page execute and read and write
1259000
heap
page read and write
1BEA6000
stack
page read and write
2E2C000
trusted library allocation
page read and write
EA1257E000
unkown
page readonly
1F2D7702000
trusted library allocation
page read and write
15F9B56C000
heap
page read and write
1EE16FC0000
trusted library allocation
page read and write
1EE170A0000
trusted library section
page readonly
48C0000
trusted library allocation
page read and write
13EE000
stack
page read and write
There are 880 hidden memdumps, click here to show them.