IOC Report
E_BILL9926378035.exe

loading gif

Files

File Path
Type
Category
Malicious
E_BILL9926378035.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x33ec7d31, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_E_BILL9926378035_2394ffaf9ddf91f81c1bd23bfb8afd7b4f4227a_1e075fbf_f9d8b530-db1c-45f7-be19-b443ecd401f7\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA49C.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Oct 2 04:22:47 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8C4.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA970.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA98E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA5A.tmp.txt
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\Client.Override.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\Client.Override.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\app.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\bkm4yyl2.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\B3D7NWNK.log
Unicode text, UTF-16, little-endian text, with very long lines (613), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\D4CKD0XW.3MP\NK1E9WBX.DD7\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\VCNBRBTC.6GR\VN3LZJ9O.VCX.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 65 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\E_BILL9926378035.exe
"C:\Users\user\Desktop\E_BILL9926378035.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.WindowsClient.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=mmf351.ddns.net&p=8041&s=89e470af-f42d-4b2f-ad1d-717711c7c76a&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=mmf351.ddns.net&p=8041&s=89e470af-f42d-4b2f-ad1d-717711c7c76a&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\N792AEZK.T2T\924ZHOM1.D1T\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\ScreenConnect.WindowsClient.exe" "RunRole" "03b72f57-2802-4bff-bb34-56b3497bf3fc" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1928 -ip 1928
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 856
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

URLs

Name
IP
Malicious
https://otohelp.top/Bin/ScreenConnect.WindowsFileManager.exe.config
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.Windows.dll
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.Client.dll
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.ClientService.dll
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.Client.manifest
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.WindowsFileManager.exe
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.WindowsClient.exe
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.WindowsClient.exe.config
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.Core.dll
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.config
79.110.49.16
 malicious
https://otohelp.top/Bin/ScreenConnect.ClientService.exe
79.110.49.16
 malicious
http://www.fontbureau.com/designersG
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.configVK
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application-
unknown
http://www.fontbureau.com/designers?
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsClient.ex
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application2m67Np37V
unknown
https://otohelp.top/Bin/ScreenConnect.Client.dll~
unknown
http://www.tiro.com
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsBackstage
unknown
http://www.fontbureau.com/designers
unknown
http://www.goodfont.co.kr
unknown
https://otohelp.top/Bin/ScreenConnect.ClientService.dllF
unknown
http://www.sajatypeworks.com
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationtrue
unknown
http://www.typography.netD
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
https://otohelp.top/Bin/ScreenConnect.ClbhR
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
https://g.live.com/odclientsettings/ProdV2
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationpplicati
unknown
https://otohelp.top/Bin/ScreenConnect.Wind
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.w3.o
unknown
https://otohelp.top/Bin/ScreenConnect.Client.manifeston-y
unknown
https://otohelp.top
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application~
unknown
http://otohelp.top
unknown
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.sakkal.com
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationx
unknown
https://otohelp.top/Bin/ScreenConnect.x
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsCD
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application?e=
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsFileManager.e
unknown
http://www.xrml.org/schema/2001/11/xrml2core
unknown
http://www.w3.or
unknown
http://crl.ver)
unknown
http://upx.sf.net
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=mmf351.ddns.net&p=8041&
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationaliz
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationX
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsFileManager.exe.config(
unknown
http://www.carterandcone.coml
unknown
https://otohelp.top/Bi
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationL
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationppDaq
unknown
http://www.founder.com.cn/cn
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsClient.exeuy
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsFileManag
unknown
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
unknown
https://otohelp.top/Bin/ScreenConnect.Client.applicationC
unknown
https://otohelp.top/Bin/ScreenConnect.Core.dll$
unknown
http://www.jiyu-kobo.co.jp/
unknown
https://feedback.screenconnect.com/Feedback.axd
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsBackstageShell.ex8
unknown
https://otohelp.top/
unknown
http://www.fontbureau.com/designers8
unknown
https://otohelp.top/Bin/ScreenConnect.Client.manifestR
unknown
https://otohelp.top/Bin/ScreenConnect.ClientSe
unknown
https://otohelp.top/Bin/ScreenConnect.Client.application2
unknown
https://otohelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.configjK
unknown
There are 79 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
otohelp.top
79.110.49.16
 malicious
mmf351.ddns.net
unknown
 malicious
bg.microsoft.map.fastly.net
199.232.214.172
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
79.110.49.16
otohelp.top
Germany
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (89e470af-f42d-4b2f-ad1d-717711c7c76a)
NULL
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!01000000d3490506b4160000640f00000000000000000000972be8415e15db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
implication!scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_03016935acf7c5d8\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!1000000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0e00000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0c00000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!0a00000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!0800000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!0600000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!0400000000733106b4160000640f000000000000000000000a94f5fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
lock!110000000f733106b4160000640f0000000000000000000068f6f7fe6415db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
ProgramId
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
FileId
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
LowerCaseLongPath
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
LongPathHash
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Name
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
OriginalFileName
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Publisher
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Version
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
BinFileVersion
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
BinaryType
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
ProductName
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
ProductVersion
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
LinkDate
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
BinProductVersion
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
AppxPackageFullName
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
AppxPackageRelativeId
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Size
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Language
\REGISTRY\A\{57a2d489-3bac-7d80-7185-aaec3a8eeabf}\Root\InventoryApplicationFile\e_bill9926378035|9a41357fdaa462b7
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!0e000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!0c000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!0a000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!08000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!06000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!04000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!02000000aaf56600141e0000181e00000000000000000000adf356c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106
lock!1c000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413
lock!1a000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471
lock!18000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436
lock!16000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a
lock!14000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92
lock!12000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975
lock!10000000baf56600141e0000181e000000000000000000009b5659c88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
lock!1d000000c9f56600141e0000181e000000000000000000009ab85bc88214db01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_6554cf7c8f017bea
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_1d7a0c9b03763d8b
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_8dd4fc92cc8095f0
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (89e470af-f42d-4b2f-ad1d-717711c7c76a)
ImagePath
There are 171 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FFD9B91C000
trusted library allocation
page read and write
7FFD9B911000
trusted library allocation
page read and write
1DF1000
trusted library allocation
page read and write
7FFD9B95F000
trusted library allocation
page read and write
F40000
heap
page read and write
21770C13000
heap
page read and write
1F6CFFB0000
heap
page read and write
1F6D0835000
heap
page read and write
7FFD9BA09000
trusted library allocation
page read and write
23332FB0000
trusted library allocation
page read and write
1F6B5BA4000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
DE0000
heap
page read and write
1B3DC000
heap
page read and write
1067000
heap
page read and write
1F6B42A0000
trusted library allocation
page read and write
7FFD9B910000
trusted library allocation
page read and write
1F6D0753000
heap
page read and write
2332E8B0000
trusted library section
page readonly
78C000
heap
page read and write
1B330000
heap
page read and write
1F6B4093000
heap
page read and write
F03000
unkown
page readonly
1B71D000
heap
page read and write
7FFD9BC7E000
trusted library allocation
page read and write
1F6B4010000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
1F6B5BA8000
trusted library allocation
page read and write
1B425000
heap
page read and write
23332F23000
trusted library allocation
page read and write
1F6B6298000
trusted library allocation
page read and write
136177F000
stack
page read and write
7FFD9BC74000
trusted library allocation
page read and write
21770B00000
trusted library allocation
page read and write
E0A000
trusted library allocation
page execute and read and write
7FFD9B923000
trusted library allocation
page read and write
1B10E000
stack
page read and write
2641000
trusted library allocation
page read and write
7FFD9B79B000
trusted library allocation
page execute and read and write
487E000
stack
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
D3E000
stack
page read and write
93F000
heap
page read and write
1B375000
heap
page read and write
23332EE4000
trusted library allocation
page read and write
24F0000
heap
page read and write
1BB10000
unkown
page readonly
4B10000
trusted library allocation
page read and write
7FFD9B9E3000
trusted library allocation
page read and write
7FFD9BC40000
trusted library allocation
page execute and read and write
7FFD9BB80000
trusted library allocation
page read and write
7FFD9B82C000
trusted library allocation
page execute and read and write
7FFD9B856000
trusted library allocation
page execute and read and write
4540000
unkown
page readonly
7FFD9B970000
trusted library allocation
page read and write
21770D02000
heap
page read and write
1F6B5D5A000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
7FFD9B783000
trusted library allocation
page read and write
1F6B60E0000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
23332EEF000
trusted library allocation
page read and write
1BA5000
trusted library allocation
page execute and read and write
1B37C000
heap
page read and write
E66000
heap
page read and write
4FA2000
unkown
page readonly
1F6CE3E4000
trusted library section
page readonly
F87000
heap
page read and write
4C337FE000
unkown
page readonly
1F6D080C000
heap
page read and write
2DF7000
trusted library allocation
page read and write
7FFD9B890000
trusted library allocation
page execute and read and write
4C343FE000
stack
page read and write
1F6B5D76000
trusted library allocation
page read and write
DE0000
trusted library allocation
page read and write
7FFD9B826000
trusted library allocation
page read and write
7FFD9B79B000
trusted library allocation
page execute and read and write
23333100000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
14CE000
stack
page read and write
7FFD9B99E000
trusted library allocation
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
C9D000
unkown
page readonly
1303000
heap
page read and write
2332DAFF000
heap
page read and write
7FFD9B7CC000
trusted library allocation
page execute and read and write
4C348FE000
stack
page read and write
1F6CE610000
heap
page read and write
F03000
unkown
page readonly
1F6B5F4E000
trusted library allocation
page read and write
CA4000
unkown
page read and write
7FFD9BA70000
trusted library allocation
page read and write
4B20000
trusted library allocation
page read and write
7FFD9B826000
trusted library allocation
page read and write
7FFD9BC80000
trusted library allocation
page read and write
5AD4000
heap
page read and write
DFD000
trusted library allocation
page execute and read and write
4C340FE000
stack
page read and write
1F6CE6A1000
heap
page read and write
943000
heap
page read and write
2D5F000
trusted library allocation
page read and write
C70000
heap
page execute and read and write
93A000
heap
page read and write
1B3C4000
heap
page read and write
1F6CE320000
heap
page execute and read and write
23333023000
heap
page read and write
2332E8E0000
trusted library section
page readonly
3F2E000
stack
page read and write
1241000
heap
page read and write
2470000
unkown
page readonly
23332ECD000
trusted library allocation
page read and write
2332E740000
trusted library allocation
page read and write
1F6B42F0000
heap
page read and write
75B000
heap
page read and write
730000
heap
page read and write
1F6B60C0000
trusted library allocation
page read and write
EE2B2FE000
stack
page read and write
890000
heap
page read and write
113E000
stack
page read and write
1F6C5DE6000
trusted library allocation
page read and write
1264E000
trusted library allocation
page read and write
1F6C5CF0000
trusted library allocation
page read and write
2332DA76000
heap
page read and write
6CE000
heap
page read and write
1F6B40AD000
heap
page read and write
124F000
stack
page read and write
4B60000
trusted library allocation
page read and write
23332E8E000
trusted library allocation
page read and write
4410000
trusted library allocation
page read and write
1F6D0827000
heap
page read and write
7FFD9B830000
trusted library allocation
page execute and read and write
1B20F000
stack
page read and write
44E0000
trusted library allocation
page read and write
4C33FFE000
unkown
page readonly
1B73000
trusted library allocation
page execute and read and write
1B7D7000
heap
page read and write
23332F0E000
trusted library allocation
page read and write
2332DB28000
heap
page read and write
1F6B5B96000
trusted library allocation
page read and write
2332DA93000
heap
page read and write
7FFD9BC52000
trusted library allocation
page read and write
21770D13000
heap
page read and write
1F6B627E000
trusted library allocation
page read and write
7FFD9BCC0000
trusted library allocation
page read and write
1250000
trusted library allocation
page read and write
1F6C5CFC000
trusted library allocation
page read and write
1F6B4270000
heap
page read and write
21770930000
trusted library allocation
page read and write
2D40000
heap
page read and write
1B75C000
heap
page read and write
1300000
heap
page read and write
7FFD9B965000
trusted library allocation
page read and write
5B0000
heap
page read and write
1B373000
heap
page read and write
7FFD9B774000
trusted library allocation
page read and write
FAD000
heap
page read and write
4C334FB000
stack
page read and write
895000
heap
page read and write
1F6CE6EE000
heap
page read and write
2332DABC000
heap
page read and write
4B50000
trusted library allocation
page read and write
1F6B40D7000
heap
page read and write
1360BFE000
stack
page read and write
14D0000
heap
page read and write
4325000
trusted library allocation
page read and write
2332E401000
trusted library allocation
page read and write
15B000
stack
page read and write
1F6B4310000
heap
page read and write
1F6D0790000
heap
page read and write
23333040000
heap
page read and write
7FFD9BC90000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
21770A2B000
heap
page read and write
2332DA13000
heap
page read and write
4C32EF7000
stack
page read and write
EE2AF5D000
stack
page read and write
7FFD9B790000
trusted library allocation
page read and write
23332EB0000
trusted library allocation
page read and write
1F6B5D66000
trusted library allocation
page read and write
106F000
stack
page read and write
4590000
unkown
page readonly
4330000
trusted library allocation
page read and write
1BD31000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
1B8D000
trusted library allocation
page execute and read and write
23332FE0000
trusted library allocation
page read and write
CA6000
unkown
page readonly
21770A00000
unkown
page read and write
1080000
heap
page read and write
927000
heap
page read and write
2840000
heap
page read and write
1E880000
trusted library allocation
page read and write
2332DA40000
heap
page read and write
7FFD9B910000
trusted library allocation
page read and write
1F6CFFE4000
heap
page read and write
14D9000
heap
page read and write
7FFD9B930000
trusted library allocation
page read and write
EFB000
unkown
page readonly
23332F11000
trusted library allocation
page read and write
29CE000
stack
page read and write
1F6CFBB0000
trusted library allocation
page read and write
11B1000
heap
page read and write
4B40000
trusted library allocation
page read and write
D80000
heap
page read and write
7FFD9BA80000
trusted library allocation
page read and write
1170000
heap
page read and write
7FFD9BA10000
trusted library allocation
page read and write
4C338FE000
unkown
page readonly
23332F3A000
trusted library allocation
page read and write
23332EA0000
trusted library allocation
page read and write
1B4D0000
heap
page read and write
1F6B5B21000
trusted library allocation
page read and write
2332E8C0000
trusted library section
page readonly
4C33AFE000
unkown
page readonly
1F6B5B3A000
trusted library allocation
page read and write
6F1000
stack
page read and write
4C346F9000
stack
page read and write
7FFD9B91F000
trusted library allocation
page read and write
2D51000
trusted library allocation
page read and write
2BAE000
stack
page read and write
4C33DFE000
stack
page read and write
EF0000
unkown
page readonly
1F6B60D8000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page execute and read and write
4420000
trusted library allocation
page read and write
16C7000
heap
page read and write
1F6B5FAE000
trusted library allocation
page read and write
1BAB000
trusted library allocation
page execute and read and write
2332DA7B000
heap
page read and write
7FFD9BB0A000
trusted library allocation
page read and write
24F3000
heap
page read and write
7FFD9B960000
trusted library allocation
page execute and read and write
1B7C3000
heap
page read and write
1B2DD000
stack
page read and write
7FFD9B920000
trusted library allocation
page read and write
F6F000
stack
page read and write
1F6B5BA0000
trusted library allocation
page read and write
2332D8C0000
heap
page read and write
12F0000
heap
page read and write
7F0000
heap
page read and write
2332EE00000
trusted library allocation
page read and write
947000
heap
page read and write
216A000
trusted library allocation
page read and write
23332E98000
trusted library allocation
page read and write
1F6B60DC000
trusted library allocation
page read and write
7FFD9B794000
trusted library allocation
page read and write
2332DA8C000
heap
page read and write
1F6CFFD7000
heap
page read and write
39D1000
trusted library allocation
page read and write
1BD52000
unkown
page readonly
2B7E000
stack
page read and write
7FFD9B960000
trusted library allocation
page read and write
4C336FB000
stack
page read and write
7FFD9B783000
trusted library allocation
page read and write
10FD000
stack
page read and write
EE2B6F9000
stack
page read and write
1F6D07E3000
heap
page read and write
1B3D3000
heap
page read and write
E10000
heap
page read and write
2332E491000
trusted library allocation
page read and write
4B30000
trusted library allocation
page execute and read and write
4C3517E000
stack
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
23333110000
heap
page read and write
1B7D0000
heap
page read and write
7FFD9BB50000
trusted library allocation
page read and write
42D0000
trusted library allocation
page read and write
1FA2000
trusted library allocation
page read and write
4B90000
trusted library allocation
page read and write
7FFD9B927000
trusted library allocation
page read and write
1B778000
heap
page read and write
1B750000
heap
page read and write
1F6B4050000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
4C33F7E000
unkown
page readonly
4339000
trusted library allocation
page read and write
7FFD9B966000
trusted library allocation
page read and write
233330FE000
heap
page read and write
CA4000
unkown
page read and write
16C0000
heap
page read and write
2332DA8E000
heap
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
100B000
heap
page read and write
CC5000
heap
page read and write
1360AFB000
stack
page read and write
7FF4FAF50000
trusted library allocation
page execute and read and write
1B380000
heap
page read and write
1F6B5F2C000
trusted library allocation
page read and write
D6D000
stack
page read and write
2CAE000
stack
page read and write
1B710000
heap
page read and write
7FFD9B790000
trusted library allocation
page read and write
21770830000
heap
page read and write
23332F50000
trusted library allocation
page read and write
4C3387E000
stack
page read and write
7FFD9B770000
trusted library allocation
page read and write
EF0000
unkown
page readonly
7FFD9B820000
trusted library allocation
page read and write
23332EC0000
trusted library allocation
page read and write
23332F42000
trusted library allocation
page read and write
23332E81000
trusted library allocation
page read and write
7FFD9BB30000
trusted library allocation
page read and write
1F6B5E76000
trusted library allocation
page read and write
1F6D0100000
heap
page read and write
C9D000
unkown
page readonly
95B000
heap
page read and write
1BD4A000
heap
page read and write
4FA0000
unkown
page readonly
60E0000
trusted library allocation
page execute and read and write
FD1000
heap
page read and write
23332ED6000
trusted library allocation
page read and write
1B3B0000
heap
page read and write
7FFD9B794000
trusted library allocation
page read and write
F00000
heap
page read and write
100D000
heap
page read and write
1F6C5C12000
trusted library allocation
page read and write
23332F20000
trusted library allocation
page read and write
1CB0000
trusted library allocation
page execute and read and write
2A70000
heap
page read and write
1F6B5D62000
trusted library allocation
page read and write
4C347FE000
unkown
page readonly
7FFD9BAA0000
trusted library allocation
page read and write
4F40000
trusted library allocation
page read and write
23332E80000
trusted library allocation
page read and write
7FFD9B890000
trusted library allocation
page execute and read and write
1F6CE6A4000
heap
page read and write
49FE000
stack
page read and write
2333310E000
heap
page read and write
297E000
stack
page read and write
1361034000
stack
page read and write
988000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
1B7E7000
heap
page read and write
12D5D000
trusted library allocation
page read and write
144F000
stack
page read and write
4C33CFE000
unkown
page readonly
1B6F0000
heap
page read and write
4C3294B000
stack
page read and write
1F6B5DFD000
trusted library allocation
page read and write
4C33A7E000
stack
page read and write
12F4000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
26FF000
trusted library allocation
page read and write
53E000
stack
page read and write
1B72B000
heap
page read and write
42E0000
trusted library allocation
page read and write
7FFD9BA40000
trusted library allocation
page read and write
1F6D01C7000
heap
page read and write
1B60000
trusted library allocation
page read and write
1F6B4220000
heap
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
CC0000
heap
page read and write
3E2C000
stack
page read and write
23333061000
heap
page read and write
136157D000
stack
page read and write
1B37E000
heap
page read and write
23332E80000
trusted library allocation
page read and write
2332DB13000
heap
page read and write
908000
heap
page read and write
106D000
heap
page read and write
23332F68000
trusted library allocation
page read and write
1F6B410F000
heap
page read and write
1F6CE9E0000
heap
page read and write
BC6000
heap
page read and write
4C32FFE000
unkown
page readonly
1F6B409B000
heap
page read and write
7FFD9BB00000
trusted library allocation
page read and write
1F6B5D90000
trusted library allocation
page read and write
7FFD9BA97000
trusted library allocation
page read and write
57E000
stack
page read and write
6C0000
heap
page read and write
1F6CDB20000
trusted library allocation
page read and write
E2B000
trusted library allocation
page execute and read and write
23333030000
heap
page read and write
4EF0000
unkown
page readonly
433B000
trusted library allocation
page read and write
F20000
heap
page read and write
1F6D079A000
heap
page read and write
E25000
trusted library allocation
page execute and read and write
FB0000
heap
page read and write
1B74000
trusted library allocation
page read and write
7FFD9BB60000
trusted library allocation
page read and write
1BA0000
trusted library allocation
page read and write
4580000
trusted library allocation
page read and write
2332DA2B000
heap
page read and write
DC0000
trusted library allocation
page read and write
49BF000
stack
page read and write
4C341FE000
unkown
page readonly
8BE000
stack
page read and write
1B4D9000
heap
page read and write
1F6B60C8000
trusted library allocation
page read and write
1B7E3000
heap
page read and write
1F6B5B8F000
trusted library allocation
page read and write
7FFD9B773000
trusted library allocation
page execute and read and write
7FFD9B98B000
trusted library allocation
page read and write
10CE000
stack
page read and write
DD0000
heap
page read and write
7FFD9BC20000
trusted library allocation
page read and write
4C335FE000
unkown
page readonly
1CC0000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page read and write
21770850000
heap
page read and write
2820000
trusted library allocation
page read and write
2332DA5B000
heap
page read and write
B8E000
heap
page read and write
1F6CE890000
heap
page read and write
1B360000
heap
page read and write
7FFD9B940000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
7FFD9BB70000
trusted library allocation
page execute and read and write
1F6B4030000
heap
page read and write
17CF000
stack
page read and write
2332DA22000
heap
page read and write
EF4000
stack
page read and write
7FFD9B997000
trusted library allocation
page read and write
EBE000
stack
page read and write
1F6B406C000
heap
page read and write
7FFD9B9A4000
trusted library allocation
page read and write
1DDF000
stack
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
1360F3D000
stack
page read and write
1F6CEA30000
heap
page read and write
2332DA28000
heap
page read and write
5AD8000
heap
page read and write
7FFD9BB10000
trusted library allocation
page read and write
2ABF000
trusted library allocation
page read and write
1F6D0709000
heap
page read and write
48BE000
stack
page read and write
1F6B60D4000
trusted library allocation
page read and write
850000
heap
page read and write
DE3000
trusted library allocation
page execute and read and write
1F6D082C000
heap
page read and write
1F8F000
trusted library allocation
page read and write
233330DB000
heap
page read and write
1FA0000
trusted library allocation
page read and write
E22000
trusted library allocation
page read and write
1F6B60D0000
trusted library allocation
page read and write
1F6D077A000
heap
page read and write
4C34BFE000
unkown
page readonly
1F6B5D72000
trusted library allocation
page read and write
7FFD9BCA0000
trusted library allocation
page read and write
24D0000
trusted library allocation
page read and write
E3F000
stack
page read and write
1F6CE440000
heap
page read and write
7FFD9BC70000
trusted library allocation
page read and write
1F6B4097000
heap
page read and write
2332E31A000
heap
page read and write
23332F7F000
trusted library allocation
page read and write
1F6C5B21000
trusted library allocation
page read and write
1F6D072B000
heap
page read and write
1BC9E000
stack
page read and write
1180000
heap
page read and write
7FFD9B930000
trusted library allocation
page read and write
1F6CE390000
heap
page execute and read and write
EFB000
unkown
page readonly
7FFD9B830000
trusted library allocation
page execute and read and write
2332E8D0000
trusted library section
page readonly
2332DAB0000
heap
page read and write
1F6B4058000
heap
page read and write
5AD0000
heap
page read and write
21770B24000
heap
page read and write
4AAE000
stack
page read and write
2CE0000
heap
page execute and read and write
1C0000
heap
page read and write
1F6CE694000
heap
page read and write
2332DA71000
heap
page read and write
FE3000
heap
page read and write
1B379000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page execute and read and write
1B728000
heap
page read and write
21770A02000
unkown
page read and write
797000
heap
page read and write
7FFD9BA50000
trusted library allocation
page read and write
4C34AFA000
stack
page read and write
10D0000
heap
page read and write
7FFD9BCD0000
trusted library allocation
page read and write
44D0000
trusted library allocation
page read and write
4AFE000
stack
page read and write
7FFD9BAF2000
trusted library allocation
page read and write
5640000
trusted library allocation
page read and write
1F6B4000000
heap
page read and write
1F6D0879000
heap
page read and write
1B90000
trusted library allocation
page read and write
1054000
heap
page read and write
7FFD9BAF0000
trusted library allocation
page read and write
21770D00000
heap
page read and write
F01000
unkown
page write copy
233330F9000
heap
page read and write
4C3457E000
stack
page read and write
1B92000
trusted library allocation
page read and write
1F8D000
trusted library allocation
page read and write
100F000
stack
page read and write
1F6D0730000
heap
page read and write
1BD50000
unkown
page readonly
1B96000
trusted library allocation
page execute and read and write
2332DA00000
heap
page read and write
1F6CE643000
heap
page read and write
1F6B60CC000
trusted library allocation
page read and write
136107E000
stack
page read and write
5630000
trusted library allocation
page read and write
21770A38000
heap
page read and write
DED000
trusted library allocation
page execute and read and write
8D0000
trusted library allocation
page read and write
7FFD9B79B000
trusted library allocation
page execute and read and write
1F6D07F0000
heap
page read and write
1B3AA000
heap
page read and write
1B00F000
stack
page read and write
7FFD9B990000
trusted library allocation
page read and write
1F6B408C000
heap
page read and write
233330D6000
heap
page read and write
7FFD9B940000
trusted library allocation
page read and write
7FFD9B953000
trusted library allocation
page read and write
983000
heap
page read and write
2168000
trusted library allocation
page read and write
1B3E0000
heap
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
2332E215000
heap
page read and write
1F6CE443000
heap
page read and write
2332E8A0000
trusted library section
page readonly
4C330FE000
stack
page read and write
1F6D0690000
heap
page read and write
13603C3000
stack
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
FC1000
heap
page read and write
1F6B6068000
trusted library allocation
page read and write
1F6B4275000
heap
page read and write
1B7D000
trusted library allocation
page execute and read and write
1F96000
trusted library allocation
page read and write
1F6B5D51000
trusted library allocation
page read and write
7FFD9BC30000
trusted library allocation
page read and write
7FFD9B92B000
trusted library allocation
page read and write
1F6D06F7000
heap
page read and write
1F6CDB50000
trusted library allocation
page read and write
1F6CEA69000
heap
page read and write
1F6B4300000
trusted library allocation
page read and write
62FE000
stack
page read and write
1F6B40D5000
heap
page read and write
1BC1E000
stack
page read and write
44C7000
trusted library allocation
page read and write
1B369000
heap
page read and write
136197E000
stack
page read and write
23332F65000
trusted library allocation
page read and write
4C342FE000
unkown
page readonly
4C349FE000
unkown
page readonly
136167D000
stack
page read and write
1F6CE6B7000
heap
page read and write
4C331FE000
unkown
page readonly
23333220000
remote allocation
page read and write
7FFD9B772000
trusted library allocation
page read and write
23333054000
heap
page read and write
1188000
heap
page read and write
1F6C5BB4000
trusted library allocation
page read and write
1F6B5D4E000
trusted library allocation
page read and write
643E000
stack
page read and write
945000
heap
page read and write
7FFD9BA15000
trusted library allocation
page read and write
7FFD9B890000
trusted library allocation
page execute and read and write
1BA0E000
stack
page read and write
1F6B5D96000
trusted library allocation
page read and write
1F6CE6EC000
heap
page read and write
E7E000
stack
page read and write
1F6CFFFD000
heap
page read and write
B8B000
heap
page read and write
1F6CE2F0000
heap
page read and write
1BA7000
trusted library allocation
page execute and read and write
7FFD9B986000
trusted library allocation
page read and write
1D0000
heap
page read and write
4CD0000
trusted library allocation
page execute and read and write
9BF000
stack
page read and write
233330F4000
heap
page read and write
E00000
trusted library allocation
page read and write
1F6B60BC000
trusted library allocation
page read and write
1198000
heap
page read and write
12D5F000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
63FE000
stack
page read and write
1F6C5CB1000
trusted library allocation
page read and write
1F6B4280000
trusted library allocation
page read and write
23333102000
heap
page read and write
2332D9D0000
trusted library allocation
page read and write
AC0000
unkown
page readonly
1F6B5D5E000
trusted library allocation
page read and write
1B7A6000
heap
page read and write
2332E9E0000
trusted library allocation
page read and write
104E000
stack
page read and write
1F6C5CF3000
trusted library allocation
page read and write
21770D13000
heap
page read and write
7FFD9B92E000
trusted library allocation
page read and write
4C3427E000
stack
page read and write
1F6D07F9000
heap
page read and write
1360DF8000
stack
page read and write
23332F60000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
1B3EB000
heap
page read and write
7FFD9B915000
trusted library allocation
page read and write
7FFD9B94D000
trusted library allocation
page read and write
DF0000
trusted library allocation
page read and write
1F6D0816000
heap
page read and write
1F6B5E19000
trusted library allocation
page read and write
1BA20000
heap
page read and write
1DE0000
heap
page execute and read and write
7FFD9B774000
trusted library allocation
page read and write
1B73B000
heap
page read and write
1F6D0716000
heap
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
7E0000
heap
page read and write
1B377000
heap
page read and write
2332E302000
heap
page read and write
7FFD9B9A8000
trusted library allocation
page read and write
2332E31A000
heap
page read and write
4C3397E000
stack
page read and write
1B90E000
stack
page read and write
BE0000
heap
page read and write
7FFD9BB90000
trusted library allocation
page read and write
2332E200000
heap
page read and write
1BA13000
heap
page execute and read and write
23332F50000
trusted library allocation
page read and write
1F6C5CE4000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page read and write
1F6D074A000
heap
page read and write
2530000
heap
page read and write
21770D00000
heap
page read and write
B7E000
stack
page read and write
4C333FE000
unkown
page readonly
1F6D069B000
heap
page read and write
7FFD9BB40000
trusted library allocation
page read and write
77C000
stack
page read and write
1F6D0882000
heap
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
2332DA78000
heap
page read and write
233330BE000
heap
page read and write
7FFD9B774000
trusted library allocation
page read and write
1F6D0831000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
7FFD9B830000
trusted library allocation
page execute and read and write
622D000
stack
page read and write
288E000
stack
page read and write
2332E8F0000
trusted library section
page readonly
1F6B5B10000
heap
page execute and read and write
23334000000
heap
page read and write
1F6D01C0000
heap
page read and write
4C339FE000
unkown
page readonly
11BD000
heap
page read and write
4F10000
trusted library allocation
page read and write
104B000
heap
page read and write
1B3D6000
heap
page read and write
7FFD9BA20000
trusted library allocation
page read and write
C90000
unkown
page readonly
1176000
heap
page read and write
1F6CE393000
heap
page execute and read and write
12641000
trusted library allocation
page read and write
7FFD9BA01000
trusted library allocation
page read and write
1360E3E000
stack
page read and write
4C344FE000
unkown
page readonly
C91000
unkown
page execute read
4C33E7E000
stack
page read and write
7FFD9BC54000
trusted library allocation
page read and write
59D0000
heap
page read and write
1B670000
heap
page execute and read and write
263E000
stack
page read and write
1F6CEBA0000
heap
page read and write
44A0000
trusted library allocation
page execute and read and write
2332E1F0000
trusted library allocation
page read and write
7FFD9BBA0000
trusted library allocation
page execute and read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
1F6B5D6A000
trusted library allocation
page read and write
1F6CE360000
heap
page read and write
1BD20000
heap
page read and write
21770B02000
trusted library allocation
page read and write
4B70000
trusted library allocation
page read and write
F01000
unkown
page read and write
7FFD9B782000
trusted library allocation
page read and write
1057000
heap
page read and write
1F6D0736000
heap
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
900000
heap
page read and write
7FFD9BC60000
trusted library allocation
page read and write
2ABB000
trusted library allocation
page read and write
7FFD9B927000
trusted library allocation
page read and write
1BA10000
heap
page execute and read and write
7FFD9B9B0000
trusted library allocation
page read and write
2810000
heap
page execute and read and write
4B00000
trusted library allocation
page read and write
6CA000
heap
page read and write
2DF1000
trusted library allocation
page read and write
1F6D07AA000
heap
page read and write
136187D000
stack
page read and write
7FFD9B959000
trusted library allocation
page read and write
BFF000
stack
page read and write
4BAE000
stack
page read and write
2A20000
heap
page read and write
4CE0000
trusted library allocation
page read and write
2332D9A0000
heap
page read and write
23332F71000
trusted library allocation
page read and write
2332DA9E000
heap
page read and write
1F6B5FE9000
trusted library allocation
page read and write
7FFD9BAF4000
trusted library allocation
page read and write
E06000
trusted library allocation
page execute and read and write
1BA2000
trusted library allocation
page read and write
2C7F000
stack
page read and write
1C0E000
stack
page read and write
612D000
stack
page read and write
430E000
trusted library allocation
page read and write
1F6CEA3F000
heap
page read and write
1B700000
heap
page read and write
42F6000
trusted library allocation
page read and write
7FFD9B856000
trusted library allocation
page execute and read and write
7FFD9B773000
trusted library allocation
page execute and read and write
7FFD9B820000
trusted library allocation
page read and write
2332D9E0000
trusted library section
page read and write
E50000
trusted library allocation
page execute and read and write
1B80000
trusted library allocation
page read and write
7FFD9BC50000
trusted library allocation
page read and write
4F04000
unkown
page readonly
C20000
trusted library section
page read and write
43E0000
trusted library allocation
page read and write
AC2000
unkown
page readonly
21770B15000
trusted library allocation
page read and write
23332F7C000
trusted library allocation
page read and write
1F6CE66C000
heap
page read and write
7FFD9B7CC000
trusted library allocation
page execute and read and write
7FFD9B9DE000
trusted library allocation
page read and write
1F6D0106000
heap
page read and write
B80000
heap
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
1B87000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
2333304D000
heap
page read and write
2332D8A0000
heap
page read and write
1B3F4000
heap
page read and write
136117E000
stack
page read and write
1BB0F000
stack
page read and write
23332E88000
trusted library allocation
page read and write
1B70000
trusted library allocation
page read and write
4C345FE000
unkown
page readonly
23332E70000
trusted library allocation
page read and write
1F6C5CF6000
trusted library allocation
page read and write
7FFD9B932000
trusted library allocation
page read and write
1ABCD000
stack
page read and write
4C351FE000
unkown
page readonly
4B80000
trusted library allocation
page execute and read and write
23332EF2000
trusted library allocation
page read and write
23332F74000
trusted library allocation
page read and write
2332E1C1000
trusted library allocation
page read and write
14D7000
heap
page read and write
4C33C7E000
stack
page read and write
7FFD9B940000
trusted library allocation
page read and write
1F6CEA1D000
heap
page read and write
1F6D07FC000
heap
page read and write
1B280000
trusted library section
page readonly
23333220000
remote allocation
page read and write
28A0000
trusted library allocation
page read and write
7FFD9B919000
trusted library allocation
page read and write
1B746000
heap
page read and write
60D0000
heap
page read and write
2332E202000
heap
page read and write
F89000
heap
page read and write
23333013000
heap
page read and write
23332E95000
trusted library allocation
page read and write
BB9000
heap
page read and write
1059000
heap
page read and write
233330C0000
heap
page read and write
2E01000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
136147F000
stack
page read and write
DD0000
heap
page read and write
1140000
heap
page read and write
8B0000
trusted library allocation
page read and write
7FFD9B856000
trusted library allocation
page execute and read and write
1F6B4315000
heap
page read and write
AF8000
stack
page read and write
2CF0000
unkown
page readonly
4EF2000
unkown
page readonly
1E9F000
trusted library allocation
page read and write
E60000
heap
page read and write
1F6D0726000
heap
page read and write
1F6B62A7000
trusted library allocation
page read and write
1B820000
heap
page read and write
1360CFD000
stack
page read and write
233330C3000
heap
page read and write
FC3000
heap
page read and write
7FFD9BC5A000
trusted library allocation
page read and write
1F6CE9F0000
heap
page read and write
1F6D010C000
heap
page read and write
810000
heap
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
1CD0000
heap
page read and write
42B0000
heap
page execute and read and write
1BD1D000
stack
page read and write
23332EB0000
trusted library allocation
page read and write
21770A13000
unkown
page read and write
136137E000
stack
page read and write
477E000
stack
page read and write
44B0000
trusted library allocation
page read and write
54A0000
trusted library allocation
page read and write
F80000
heap
page read and write
1F6CEBA5000
heap
page read and write
1F6B5D19000
trusted library allocation
page read and write
1F6CE9F6000
heap
page read and write
1F6D0802000
heap
page read and write
71B000
heap
page read and write
23332FC0000
trusted library allocation
page read and write
1E58C000
heap
page read and write
1F6D0761000
heap
page read and write
1270000
trusted library allocation
page read and write
7FFD9BAF6000
trusted library allocation
page read and write
442A000
trusted library allocation
page read and write
42F2000
trusted library allocation
page read and write
1F6CE3E0000
trusted library section
page readonly
28C0000
heap
page execute and read and write
FCD000
heap
page read and write
1F6B629F000
trusted library allocation
page read and write
1BC0000
trusted library allocation
page read and write
2332E313000
heap
page read and write
1F6B60C4000
trusted library allocation
page read and write
7FFD9B947000
trusted library allocation
page read and write
7FFD9B794000
trusted library allocation
page read and write
7FFD9B82C000
trusted library allocation
page execute and read and write
4340000
trusted library allocation
page read and write
1F6B5B98000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
1F6D073A000
heap
page read and write
1F6C5CC0000
trusted library allocation
page read and write
23332EC4000
trusted library allocation
page read and write
23332FD0000
trusted library allocation
page read and write
23332E60000
trusted library allocation
page read and write
DE4000
trusted library allocation
page read and write
23333220000
remote allocation
page read and write
7FFD9B95C000
trusted library allocation
page read and write
AFE000
stack
page read and write
7FFD9B7CC000
trusted library allocation
page execute and read and write
1F6CE3F0000
heap
page read and write
1F6CFBD2000
trusted library allocation
page read and write
EF1000
unkown
page execute read
7FFD9BA90000
trusted library allocation
page read and write
FA0000
heap
page read and write
2332E300000
heap
page read and write
23332EEC000
trusted library allocation
page read and write
23332E00000
trusted library allocation
page read and write
830000
heap
page read and write
21770C02000
heap
page read and write
7FFD9B820000
trusted library allocation
page read and write
4C80000
trusted library allocation
page read and write
4C332FB000
stack
page read and write
1F6B6038000
trusted library allocation
page read and write
1010000
heap
page read and write
21770D02000
heap
page read and write
AC0000
unkown
page readonly
653E000
stack
page read and write
2CF2000
unkown
page readonly
7FFD9B96C000
trusted library allocation
page read and write
28B0000
trusted library allocation
page read and write
23332FD0000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
2332DB02000
heap
page read and write
2333305A000
heap
page read and write
12650000
trusted library allocation
page read and write
24A0000
heap
page execute and read and write
13609FE000
stack
page read and write
7FFD9BAD0000
trusted library allocation
page read and write
21770C00000
heap
page read and write
E27000
trusted library allocation
page execute and read and write
23333000000
heap
page read and write
29B7000
trusted library allocation
page read and write
1F6CDEA9000
heap
page read and write
20DE000
trusted library allocation
page read and write
1F6B5D6E000
trusted library allocation
page read and write
4311000
trusted library allocation
page read and write
7FFD9B773000
trusted library allocation
page execute and read and write
7FFD9BCB0000
trusted library allocation
page read and write
7FFD9B960000
trusted library allocation
page read and write
EF1000
unkown
page execute read
12D51000
trusted library allocation
page read and write
62B0000
heap
page read and write
1F6C5D48000
trusted library allocation
page read and write
E02000
trusted library allocation
page read and write
11FC000
heap
page read and write
1E580000
heap
page read and write
7FFD9B826000
trusted library allocation
page read and write
1F6D076E000
heap
page read and write
CA4000
unkown
page write copy
1B430000
heap
page read and write
4FC000
stack
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
29D1000
trusted library allocation
page read and write
7FFD9B968000
trusted library allocation
page read and write
4B6F000
trusted library allocation
page read and write
7FFD9B82C000
trusted library allocation
page execute and read and write
B3E000
stack
page read and write
941000
heap
page read and write
1F6B5D56000
trusted library allocation
page read and write
7FFD9BB20000
trusted library allocation
page read and write
1EE3000
trusted library allocation
page read and write
There are 888 hidden memdumps, click here to show them.