IOC Report
ScreenConnect.Client.exe

loading gif

Files

File Path
Type
Category
Malicious
ScreenConnect.Client.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x22355ce4, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
OpenPGP Secret Key
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\Client.en-US.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\Client.resources
data
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\bifwfzz4.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\dy0wzbk0.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ebm2ti0m.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\f21zdeor.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\fzfeijmj.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\lflevkor.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\lvpqrc3j.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\xlluc3ct.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\GWVHVA9M.log
Unicode text, UTF-16, little-endian text, with very long lines (644), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Client.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Client.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.ClientService.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.ClientService.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.ClientService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Core.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Windows.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.Windows.dll.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsBackstageShell.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsBackstageShell.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsClient.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsClient.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsClient.exe.genman
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsClient.exe.manifest
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsClient.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsFileManager.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Deployment\7MK1B1AL.8X2\77AVXK2Q.JNH\ScreenConnect.WindowsFileManager.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Deployment\EBRQWVRV.QGM\L491RQB0.EZ7.application
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
There are 63 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\ScreenConnect.Client.exe
"C:\Users\user\Desktop\ScreenConnect.Client.exe"
 malicious
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.WindowsClient.exe"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ci40ys-relay.screenconnect.com&p=443&s=f5fa31ab-3d6b-4ee5-bfb2-5ad29218d79d&k=BgIAAACkAABSU0ExAAgAAAEAAQD9W8zoNnWPJoC76yT2IsLormUE81mBMnaWjFNs3fZDUt%2fuPrvind%2f8vwd0BQl3L0KToJz0OEFRb9JGHP3C35cRcpSBwPza6Nz%2fkAsAH0ilFSAm8EWT2EeRPlbvdxwcDAiKBZ83L%2buWfTmIYPnucJuK3Ilz9SL%2ffGZRWRlZKvsfRj3gKzbvZ1GMSafa1764zjIi6OZySfgjZVNBAxrg21rNeq4Q4RYmuEHkOyZ0quLNNoGAclMpQWUsVu3cBwsmOWEqC%2fG4l1BxM563kpsC1GTA3rjAUmyvvkBXzg9HU7hKY%2bllFed5jp%2fhAgzJv6mqZQpOpRNIzwXj41kCzYdVD%2bu0&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.ClientService.exe
"C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ci40ys-relay.screenconnect.com&p=443&s=f5fa31ab-3d6b-4ee5-bfb2-5ad29218d79d&k=BgIAAACkAABSU0ExAAgAAAEAAQD9W8zoNnWPJoC76yT2IsLormUE81mBMnaWjFNs3fZDUt%2fuPrvind%2f8vwd0BQl3L0KToJz0OEFRb9JGHP3C35cRcpSBwPza6Nz%2fkAsAH0ilFSAm8EWT2EeRPlbvdxwcDAiKBZ83L%2buWfTmIYPnucJuK3Ilz9SL%2ffGZRWRlZKvsfRj3gKzbvZ1GMSafa1764zjIi6OZySfgjZVNBAxrg21rNeq4Q4RYmuEHkOyZ0quLNNoGAclMpQWUsVu3cBwsmOWEqC%2fG4l1BxM563kpsC1GTA3rjAUmyvvkBXzg9HU7hKY%2bllFed5jp%2fhAgzJv6mqZQpOpRNIzwXj41kCzYdVD%2bu0&r=&i=Untitled%20Session" "1"
malicious
C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.WindowsClient.exe
"C:\Users\user\AppData\Local\Apps\2.0\BOZA6RRY.O1R\27GOBDJK.3ZX\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\ScreenConnect.WindowsClient.exe" "RunRole" "00bf8db2-e7be-4b91-a934-0cef64fa5596" "User"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

URLs

Name
IP
Malicious
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.config
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Wind
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.manifest
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe~
unknown
http://instance-ci40ys-relay.screenconnect.com:443/
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.ClientSe
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configKP
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe.config4
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.manifestk
unknown
https://marcile61.screenconnect.com
unknown
http://instance-ci40ys-relay.screenconnect.com:443/)
unknown
https://marcile61.scree
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsBackstage
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe
147.28.128.254
http://schemas.microso
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application96jG
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instance-ci40ys-relay.screenconnect.com&p=443&s=f5fa31ab-3d6b-4ee5-bfb2-5ad29218d79d&k=BgIAAACkAABSU0ExAAgAAAEAAQD9W8zoNnWPJoC76yT2IsLormUE81mBMnaWjFNs3fZDUt%2fuPrvind%2f8vwd0BQl3L0KToJz0OEFRb9JGHP3C35cRcpSBwPza6Nz%2fkAsAH0ilFSAm8EWT2EeRPlbvdxwcDAiKBZ83L%2buWfTmIYPnucJuK3Ilz9SL%2ffGZRWRlZKvsfRj3gKzbvZ1GMSafa1764zjIi6OZySfgjZVNBAxrg21rNeq4Q4RYmuEHkOyZ0quLNNoGAclMpQWUsVu3cBwsmOWEqC%2fG4l1BxM563kpsC1GTA3rjAUmyvvkBXzg9HU7hKY%2bllFed5jp%2fhAgzJv6mqZQpOpRNIzwXj41kCzYdVD%2bu0&r=&i=Untitled%20Session
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.dll
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application~
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient
unknown
http://www.xrml.org/schema/2001/11/xrml2coreS
unknown
https://marcile61.screenco
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.ex
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.configj
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Windows.dll
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.manifestE
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManagp
unknown
http://www.w3.o
unknown
http://instance-ci40ys-relay.screenconnect.com:443/?
unknown
http://server-nixeba81050-web.screenconnect.com0
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application0898jQ
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsClient.exx
unknown
http://marcile61.screenconnect.com
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.applicationX
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsClient.exe
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Core.dll
147.28.128.254
http://www.xrml.org/schema/2001/11/xrml2core
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=instanc
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsC
unknown
http://www.w3.or
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
http://crl.ver)
unknown
http://instance-ci40ys-relay.screenconnect.com:443/d
unknown
http://instance-ci40ys-relay.screenconnect.com:443/c
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.ClientService.dll
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.manifest2
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.e
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsClient.exeF
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.ClientService.exe
147.28.128.254
https://marcile61.screenconnect.com/Bin/ScreenConnect.WindowsFileManager.exe.config
147.28.128.254
https://g.live.com/odclientsettings/Prod1C:
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.application9
unknown
http://www.w3.or0
unknown
http://server-nixeba81050-web.screenconnect.com
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Core.dllKL
unknown
https://feedback.screenconnect.com/Feedback.axd
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.Client.applicationB
unknown
https://marcile61.screenconnect.com/Bin/ScreenConnect.ClientService.exeH
unknown
There are 52 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
server-nixeba81050-relay.screenconnect.com
147.28.128.252
server-nixeba81050-web.screenconnect.com
147.28.128.254
fp2e7a.wpc.phicdn.net
192.229.211.108
marcile61.screenconnect.com
unknown
instance-ci40ys-relay.screenconnect.com
unknown

IPs

IP
Domain
Country
Malicious
147.28.128.252
server-nixeba81050-relay.screenconnect.com
United States
147.28.128.254
server-nixeba81050-web.screenconnect.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
Blob
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
ComponentStore_RandomString
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
StateStore_RandomString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
FileDirectory
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
{c989bb7a-8385-4715-98cf-a741a8edb823}!ApplicationTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!01000000986bba0818040000e40a00000000000000000000b5c586252897da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
NonCanonicalData
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ApplicationSourceUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsFullTrust
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!IsShellVisible
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PreviousBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!ExcludedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!PendingDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!DeploymentProviderUri
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!MinimumRequiredVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!LastCheckTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkippedDeployment
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!UpdateSkipTime
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!AppType
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
{2ad613da-6fdb-4671-af9e-18ab2e4df4d8}!CurrentBind
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
appid
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
implication!scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_e781b1ee36f7c0e0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daa
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_8650d921a383663c\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26be
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_6492277df2db17d2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fc0d83aff7df0b5b
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_b96889d378047e27
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files
ScreenConnect.Client.dll_fc1d7bd48553fcab
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
SizeOfStronglyNamedComponent
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
DigestValue
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
Transform
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
DigestMethod
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_e781b1c636f7bfae
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment
OnlineAppQuotaUsageEstimate
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!10000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!0e000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!0c000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!0a000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!08000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!06000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!04000000de99d40818040000e40a00000000000000000000325d3b242c97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
identity
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
PreparedForExecution
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
lock!11000000a752dd0818040000e40a0000000000000000000007e0eb782d97da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.ClientService.exe_5e8c1e841cd8db20
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdc
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8a
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsClient.exe.config_432322067acab5c0
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files
ScreenConnect.WindowsFileManager.exe_74b82db4db38179e
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files
ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9ee
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files
ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files
ScreenConnect.Core.dll_963930cc5ced28c7
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files
ScreenConnect.Client.dll_7b0ea606092ddbcb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files
ScreenConnect.Windows.dll_fa5f7fd8f7c108bb
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
SubstructureCreated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!0e000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!0c000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!0a000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!08000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!06000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!04000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!02000000e48f610010020000c419000000000000000000001ee04c15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9
lock!1c000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd
lock!1a000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9
lock!18000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6
lock!16000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924
lock!14000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445
lock!12000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28
lock!10000000f38f610010020000c41900000000000000000000bc424f15e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
lock!1d0000000390610010020000c41900000000000000000000e9a45115e295da01
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_5de5164ff8887441
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_160a536e6cfd35e2
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd
LastRunVersion
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0009_5f48168e1f3e9187
HasRunBefore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ScreenConnect Client (f5fa31ab-3d6b-4ee5-bfb2-5ad29218d79d)
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\ScreenConnect
EventMessageFile
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ScreenConnect_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (f5fa31ab-3d6b-4ee5-bfb2-5ad29218d79d)
ImagePath
There are 166 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
11F0000
heap
page read and write
7FFD347BB000
trusted library allocation
page execute and read and write
4B20000
unkown
page readonly
104F8620000
trusted library allocation
page read and write
BCB000
trusted library allocation
page execute and read and write
3792000
trusted library allocation
page read and write
21557E000
stack
page read and write
38B9000
trusted library allocation
page read and write
E49000
heap
page read and write
492B000
stack
page read and write
53EE000
stack
page read and write
92B000
trusted library allocation
page execute and read and write
2CD6C62B000
heap
page read and write
2EA0000
heap
page execute and read and write
2CD6E051000
heap
page read and write
2CD63FA6000
trusted library allocation
page read and write
2162FE000
unkown
page readonly
17D0000
heap
page read and write
104F39D0000
trusted library allocation
page read and write
104F3270000
heap
page read and write
7FFD347A4000
trusted library allocation
page read and write
398000
stack
page read and write
2CD54068000
trusted library allocation
page read and write
2CD6DD8A000
heap
page read and write
2CD54535000
trusted library allocation
page read and write
2CD6C639000
heap
page read and write
7FFD34CA0000
trusted library allocation
page read and write
7FFD34C40000
trusted library allocation
page read and write
2BB1000
trusted library allocation
page read and write
EF74BFF000
stack
page read and write
2CD524F0000
heap
page read and write
2CD6CC50000
heap
page read and write
7FFD34940000
trusted library allocation
page read and write
90000
unkown
page readonly
104F3A02000
heap
page read and write
12EBF000
trusted library allocation
page read and write
38B0000
trusted library allocation
page read and write
2155FE000
unkown
page readonly
2CD53DD0000
heap
page read and write
2153FE000
unkown
page readonly
EF757FE000
stack
page read and write
4BB0000
heap
page execute and read and write
BAD000
trusted library allocation
page execute and read and write
3FE0000
trusted library allocation
page execute and read and write
104F87A0000
remote allocation
page read and write
3180000
heap
page read and write
2CD54591000
trusted library allocation
page read and write
1836000
trusted library allocation
page read and write
12B0000
trusted library allocation
page read and write
DC6000
heap
page read and write
2CD6CC90000
heap
page read and write
1BA00000
heap
page read and write
97D000
trusted library allocation
page execute and read and write
1B860000
heap
page read and write
2CD52310000
heap
page read and write
BC2000
trusted library allocation
page read and write
2351000
trusted library allocation
page read and write
2CD541D9000
trusted library allocation
page read and write
4CAA000
stack
page read and write
7FFD34960000
trusted library allocation
page read and write
1B982000
heap
page read and write
2CD540D3000
trusted library allocation
page read and write
3810000
trusted library allocation
page read and write
104F86D0000
trusted library allocation
page read and write
104F31E1000
trusted library allocation
page read and write
7FFD34949000
trusted library allocation
page read and write
104F85E0000
trusted library allocation
page read and write
2CD6E09F000
heap
page read and write
7FFD347FC000
trusted library allocation
page execute and read and write
2CD6E04D000
heap
page read and write
7FFD347A0000
trusted library allocation
page read and write
2CD54074000
trusted library allocation
page read and write
1B5E3000
heap
page read and write
2560000
trusted library allocation
page read and write
7FFD347BD000
trusted library allocation
page execute and read and write
104F326D000
heap
page read and write
2159FB000
stack
page read and write
2145FE000
stack
page read and write
12AC000
stack
page read and write
39AE000
stack
page read and write
7EE000
heap
page read and write
104F3200000
heap
page read and write
104F8863000
heap
page read and write
7FFD34890000
trusted library allocation
page execute and read and write
104F8913000
heap
page read and write
EF74EFD000
stack
page read and write
7FFD34794000
trusted library allocation
page read and write
7FFD34770000
trusted library allocation
page read and write
2CD7038E000
heap
page read and write
3F50000
trusted library allocation
page read and write
104F88D8000
heap
page read and write
2CD70290000
heap
page read and write
BF1000
unkown
page execute read
7FFD34790000
trusted library allocation
page read and write
7FFD34A80000
trusted library allocation
page read and write
7FFD34930000
trusted library allocation
page read and write
1B965000
heap
page read and write
1B5D0000
trusted library allocation
page read and write
1277000
heap
page read and write
7FFD34990000
trusted library allocation
page read and write
EF755FD000
stack
page read and write
1B44D000
stack
page read and write
2CD52425000
heap
page read and write
1250000
trusted library section
page read and write
BB0000
trusted library allocation
page read and write
E3E000
stack
page read and write
BA7000
trusted library allocation
page read and write
DBB000
heap
page read and write
104F8902000
heap
page read and write
CA2000
unkown
page readonly
910000
trusted library allocation
page read and write
7A6000
heap
page read and write
7FFD34820000
trusted library allocation
page read and write
2CD6CC74000
heap
page read and write
90000
unkown
page readonly
2CD524B0000
trusted library allocation
page read and write
7FFD34850000
trusted library allocation
page read and write
7FFD34AC0000
trusted library allocation
page read and write
39B0000
unkown
page readonly
7FFD34840000
trusted library allocation
page read and write
2CD5426A000
trusted library allocation
page read and write
7FFD34C5C000
trusted library allocation
page read and write
104F8630000
trusted library allocation
page read and write
2CD6C6D0000
heap
page read and write
2B70000
unkown
page readonly
974000
trusted library allocation
page read and write
3B20000
unkown
page readonly
7FFD34A00000
trusted library allocation
page read and write
38F7000
trusted library allocation
page read and write
2CD6DFE0000
heap
page read and write
7FFD349B0000
trusted library allocation
page read and write
4FD000
stack
page read and write
104F3B1A000
heap
page read and write
F80000
heap
page read and write
215AFE000
unkown
page readonly
79E000
stack
page read and write
173E000
stack
page read and write
474E000
stack
page read and write
379C000
trusted library allocation
page read and write
7FFD3495D000
trusted library allocation
page read and write
104F880D000
heap
page read and write
104F4200000
trusted library section
page readonly
2CD6C688000
heap
page read and write
104F8905000
heap
page read and write
BFD000
unkown
page readonly
1C3C0000
heap
page read and write
104F88C4000
heap
page read and write
DC0000
heap
page read and write
7FFD349F0000
trusted library allocation
page read and write
2CD63EA3000
trusted library allocation
page read and write
7FFD34990000
trusted library allocation
page read and write
104F32B2000
heap
page read and write
7FFD34AD0000
trusted library allocation
page read and write
2CD6E442000
trusted library allocation
page read and write
DDC000
heap
page read and write
2F9B000
trusted library allocation
page read and write
A90000
heap
page read and write
98E000
stack
page read and write
1260000
heap
page read and write
104F3302000
heap
page read and write
7FFD34AFC000
trusted library allocation
page read and write
2CD52420000
heap
page read and write
5C0000
heap
page read and write
2CD53D30000
heap
page execute and read and write
12BB1000
trusted library allocation
page read and write
1B94B000
heap
page read and write
1B8CF000
heap
page read and write
4A60000
trusted library allocation
page execute and read and write
8F3000
trusted library allocation
page execute and read and write
2149F9000
stack
page read and write
2CD63FF6000
trusted library allocation
page read and write
104F8644000
trusted library allocation
page read and write
2147FC000
stack
page read and write
DFE000
stack
page read and write
7FFD34856000
trusted library allocation
page execute and read and write
2CD6DD74000
heap
page read and write
21577E000
stack
page read and write
7FFD34846000
trusted library allocation
page read and write
1B933000
heap
page read and write
9CB000
heap
page read and write
15E6000
heap
page read and write
C06000
unkown
page readonly
2CD63FB5000
trusted library allocation
page read and write
2CD6E14C000
heap
page read and write
18DF000
stack
page read and write
344E000
stack
page read and write
173C000
trusted library allocation
page read and write
2CD54070000
trusted library allocation
page read and write
2CD702C0000
heap
page read and write
1351000
trusted library allocation
page read and write
7FFD349B0000
trusted library allocation
page read and write
37E0000
trusted library allocation
page read and write
7FFD34A30000
trusted library allocation
page read and write
104F4120000
trusted library allocation
page read and write
2CD5226C000
heap
page read and write
A88000
stack
page read and write
9D8000
heap
page read and write
2CD6E143000
heap
page read and write
3960000
heap
page execute and read and write
BB6000
trusted library allocation
page execute and read and write
7FFD34856000
trusted library allocation
page read and write
1490000
heap
page read and write
104F3313000
heap
page read and write
7FFD349D0000
trusted library allocation
page read and write
4DED000
stack
page read and write
2CD6CA20000
heap
page read and write
1BEF8000
stack
page read and write
1BF80000
heap
page execute and read and write
1075000
heap
page read and write
2CD54662000
trusted library allocation
page read and write
2CD702D0000
heap
page read and write
7FFD349E4000
trusted library allocation
page read and write
2CD6DD67000
heap
page read and write
7FFD34A60000
trusted library allocation
page read and write
104F32A0000
heap
page read and write
143E000
trusted library allocation
page read and write
7FFD349E6000
trusted library allocation
page read and write
2CD5401A000
trusted library allocation
page read and write
3F80000
trusted library allocation
page read and write
7FFD34C80000
trusted library allocation
page read and write
2CD5428D000
trusted library allocation
page read and write
7FFD34ACC000
trusted library allocation
page read and write
7A0000
heap
page read and write
2CD6CC40000
heap
page read and write
1C156000
unkown
page readonly
2CD541D7000
trusted library allocation
page read and write
104F3F40000
trusted library allocation
page read and write
EF74FF4000
stack
page read and write
2CD6DD7B000
heap
page read and write
7FFD34965000
trusted library allocation
page read and write
2CD6C1AC000
heap
page read and write
1C3B9000
heap
page read and write
129F000
heap
page read and write
104F88EF000
heap
page read and write
3320000
heap
page read and write
25A0000
heap
page read and write
550000
heap
page read and write
950000
trusted library section
page read and write
7FFD34970000
trusted library allocation
page read and write
104F87A0000
remote allocation
page read and write
1B820000
heap
page read and write
2CD64032000
trusted library allocation
page read and write
7FFD34C3C000
trusted library allocation
page read and write
2520000
trusted library allocation
page read and write
7FFD347B3000
trusted library allocation
page read and write
1BA60000
heap
page read and write
2CD52450000
heap
page read and write
104F3020000
heap
page read and write
1050000
heap
page read and write
37D0000
trusted library allocation
page read and write
104F8902000
heap
page read and write
1B910000
heap
page read and write
5A0000
heap
page read and write
104F3290000
heap
page read and write
104F32FE000
heap
page read and write
DA7000
heap
page read and write
970000
trusted library allocation
page read and write
7FFD34990000
trusted library allocation
page execute and read and write
171A000
trusted library allocation
page read and write
183B000
trusted library allocation
page read and write
91000
unkown
page execute read
4EFE000
heap
page read and write
2CD6E06A000
heap
page read and write
11B0000
trusted library allocation
page execute and read and write
14E3000
heap
page read and write
4B22000
unkown
page readonly
7FFD347A3000
trusted library allocation
page execute and read and write
A3000
unkown
page readonly
2CD6402F000
trusted library allocation
page read and write
4A2D000
stack
page read and write
2CD54525000
trusted library allocation
page read and write
2CD6C720000
heap
page execute and read and write
1B5E0000
heap
page read and write
104F8601000
trusted library allocation
page read and write
1B959000
heap
page read and write
2CD53E9F000
trusted library allocation
page read and write
2CD54060000
trusted library allocation
page read and write
7FFD34988000
trusted library allocation
page read and write
7FFD349A4000
trusted library allocation
page read and write
12EB1000
trusted library allocation
page read and write
4DF0000
heap
page read and write
4F11000
heap
page read and write
B8F000
stack
page read and write
14E6000
heap
page read and write
14F2000
unkown
page readonly
1070000
heap
page read and write
2158FE000
unkown
page readonly
25B1000
trusted library allocation
page read and write
916000
trusted library allocation
page execute and read and write
7FFD349D0000
trusted library allocation
page read and write
104F8600000
trusted library allocation
page read and write
2144FE000
unkown
page readonly
14E0000
heap
page read and write
7FFD34B10000
trusted library allocation
page read and write
2CD53DE0000
heap
page read and write
104F8750000
trusted library allocation
page read and write
7FFD3485C000
trusted library allocation
page execute and read and write
2CD5406C000
trusted library allocation
page read and write
7FFD34910000
trusted library allocation
page read and write
2CD6E0B2000
heap
page read and write
562E000
stack
page read and write
1BF83000
heap
page execute and read and write
3F94000
trusted library allocation
page read and write
2502000
unkown
page readonly
E08000
heap
page read and write
1300000
trusted library allocation
page read and write
12FB000
heap
page read and write
1BC6E000
stack
page read and write
7FFD34970000
trusted library allocation
page read and write
11C0000
heap
page read and write
4A50000
heap
page read and write
7FFD34793000
trusted library allocation
page execute and read and write
1339000
trusted library allocation
page read and write
12BD000
heap
page read and write
EF749FE000
stack
page read and write
1B8A6000
heap
page read and write
BB2000
trusted library allocation
page read and write
4F06000
heap
page read and write
7FFD3477D000
trusted library allocation
page execute and read and write
1330000
trusted library allocation
page read and write
2CD54531000
trusted library allocation
page read and write
7FFD347CD000
trusted library allocation
page execute and read and write
11AF000
stack
page read and write
5770000
heap
page read and write
12EBD000
trusted library allocation
page read and write
3AF0000
trusted library allocation
page read and write
7FFD34930000
trusted library allocation
page read and write
7FFD34C30000
trusted library allocation
page read and write
2CD6DD40000
heap
page read and write
104F87A0000
remote allocation
page read and write
99B000
heap
page read and write
E02000
heap
page read and write
127E000
stack
page read and write
7FFD34ACE000
trusted library allocation
page read and write
89A000
heap
page read and write
423D000
stack
page read and write
32CE000
stack
page read and write
7FFD34794000
trusted library allocation
page read and write
1770000
trusted library allocation
page read and write
7FFD349A0000
trusted library allocation
page read and write
104F4220000
trusted library section
page readonly
90D000
trusted library allocation
page execute and read and write
7FFD34774000
trusted library allocation
page read and write
8F0000
trusted library allocation
page read and write
21547E000
stack
page read and write
2CD53E3A000
trusted library allocation
page read and write
104F45A0000
trusted library allocation
page read and write
7FFD347A2000
trusted library allocation
page read and write
2CD540CF000
trusted library allocation
page read and write
104F3295000
heap
page read and write
EF74AFB000
stack
page read and write
134A000
heap
page read and write
1336000
heap
page read and write
21627E000
stack
page read and write
1B8D7000
heap
page read and write
8F4000
trusted library allocation
page read and write
3E4E000
stack
page read and write
F50000
heap
page read and write
D50000
heap
page read and write
104F885C000
heap
page read and write
7FFD34953000
trusted library allocation
page read and write
16FF000
stack
page read and write
2CD6C692000
heap
page read and write
7FFD34941000
trusted library allocation
page read and write
CA0000
unkown
page readonly
7FFD34A70000
trusted library allocation
page read and write
BC5000
trusted library allocation
page execute and read and write
1C086000
stack
page read and write
7FFD347C4000
trusted library allocation
page read and write
1B58E000
stack
page read and write
2CD523F0000
heap
page read and write
1804000
trusted library allocation
page read and write
2CD6E022000
heap
page read and write
D80000
heap
page read and write
2CD6402C000
trusted library allocation
page read and write
2143F7000
stack
page read and write
1682000
trusted library allocation
page read and write
D3C000
stack
page read and write
1B8AD000
heap
page read and write
2CD52297000
heap
page read and write
4A30000
trusted library allocation
page read and write
1ED000
stack
page read and write
11F0000
trusted library allocation
page read and write
7FFD349C0000
trusted library allocation
page read and write
2CD702D9000
heap
page read and write
2CD5225A000
heap
page read and write
2CD6E109000
heap
page read and write
1BFB2000
unkown
page readonly
214EFE000
unkown
page readonly
7FFD34C60000
trusted library allocation
page read and write
10F4000
stack
page read and write
214CFE000
unkown
page readonly
2CD54466000
trusted library allocation
page read and write
1340000
heap
page execute and read and write
7FFD3482C000
trusted library allocation
page execute and read and write
2B0E000
stack
page read and write
1B896000
heap
page read and write
104F3120000
heap
page read and write
104F8640000
trusted library allocation
page read and write
960000
trusted library allocation
page read and write
900000
trusted library allocation
page read and write
104F3B13000
heap
page read and write
2CD6E115000
heap
page read and write
104F322A000
heap
page read and write
1265000
heap
page read and write
973000
trusted library allocation
page execute and read and write
21537E000
stack
page read and write
7FFD349B0000
trusted library allocation
page read and write
8AF000
stack
page read and write
7FFD347AD000
trusted library allocation
page execute and read and write
2150FE000
unkown
page readonly
7FFD34945000
trusted library allocation
page read and write
104F8740000
trusted library allocation
page read and write
1BEF0000
heap
page execute and read and write
2CD54064000
trusted library allocation
page read and write
CA0000
unkown
page readonly
7FFD34980000
trusted library allocation
page execute and read and write
3AEE000
stack
page read and write
A1000
unkown
page read and write
38C0000
trusted library allocation
page read and write
512B000
stack
page read and write
6E0000
heap
page read and write
E70000
heap
page read and write
5C6000
heap
page read and write
2CD6CC7F000
heap
page read and write
1C3D1000
heap
page read and write
8EC000
stack
page read and write
104F8911000
heap
page read and write
2CD53EAC000
trusted library allocation
page read and write
104F8850000
heap
page read and write
2CD63EB3000
trusted library allocation
page read and write
7FFD34C20000
trusted library allocation
page read and write
2CD524F5000
heap
page read and write
41F0000
trusted library allocation
page read and write
1210000
trusted library allocation
page read and write
7FFD34960000
trusted library allocation
page read and write
2CD6E0D6000
heap
page read and write
2CD540FF000
trusted library allocation
page read and write
2CD64119000
trusted library allocation
page read and write
2CD6CAF3000
heap
page read and write
10AE000
stack
page read and write
7FFD34970000
trusted library allocation
page read and write
24F2000
unkown
page readonly
EF752FE000
stack
page read and write
7FFD34C90000
trusted library allocation
page read and write
1B94F000
heap
page read and write
7FFD3484C000
trusted library allocation
page execute and read and write
2CD540D5000
trusted library allocation
page read and write
12A2000
heap
page read and write
2CD64084000
trusted library allocation
page read and write
7FFD34BA0000
trusted library allocation
page execute and read and write
7FFD34960000
trusted library allocation
page read and write
104F3C91000
trusted library allocation
page read and write
7FFD3479B000
trusted library allocation
page execute and read and write
2CD545EB000
trusted library allocation
page read and write
1522000
unkown
page readonly
1B850000
trusted library section
page readonly
1BD6E000
stack
page read and write
104F8800000
heap
page read and write
7FFD34850000
trusted library allocation
page execute and read and write
15E0000
heap
page read and write
7FFD34996000
trusted library allocation
page read and write
15FE000
stack
page read and write
DA0000
heap
page read and write
3F4E000
stack
page read and write
7FFD34A50000
trusted library allocation
page read and write
3FDD000
stack
page read and write
526F000
stack
page read and write
7FFD34C38000
trusted library allocation
page read and write
7FFD34A00000
trusted library allocation
page read and write
1B979000
heap
page read and write
15BA000
trusted library allocation
page read and write
7FFD349F0000
trusted library allocation
page read and write
2CD54400000
trusted library allocation
page read and write
1B907000
heap
page read and write
1B94C000
heap
page read and write
7FFD347AD000
trusted library allocation
page execute and read and write
7FFD34B90000
trusted library allocation
page execute and read and write
1B8C3000
heap
page read and write
215BFC000
stack
page read and write
600000
heap
page read and write
7FFD349A0000
trusted library allocation
page read and write
7FFD349C0000
trusted library allocation
page read and write
7FFD34A01000
trusted library allocation
page read and write
2CD7032E000
heap
page read and write
1C3B0000
heap
page read and write
990000
heap
page read and write
1B8B6000
heap
page read and write
2CD6BE20000
trusted library allocation
page read and write
2CD54079000
trusted library allocation
page read and write
104F3B5B000
heap
page read and write
2154FE000
unkown
page readonly
EF74DFC000
stack
page read and write
104E000
stack
page read and write
C04000
unkown
page read and write
2CD6DD82000
heap
page read and write
2CD53DA0000
trusted library section
page readonly
35B1000
trusted library allocation
page read and write
7FFD34B80000
trusted library allocation
page read and write
502E000
stack
page read and write
104F32A4000
heap
page read and write
104F4230000
trusted library section
page readonly
2CD6E0ED000
heap
page read and write
7FFD34ACA000
trusted library allocation
page read and write
2CD52250000
heap
page read and write
2CD53DB0000
heap
page read and write
21517E000
stack
page read and write
7FFD348B0000
trusted library allocation
page execute and read and write
4EF5000
heap
page read and write
7FFD34956000
trusted library allocation
page read and write
C04000
unkown
page write copy
D11000
stack
page read and write
214DFB000
stack
page read and write
104F8905000
heap
page read and write
2EB1000
trusted library allocation
page read and write
104F88E1000
heap
page read and write
104F88F5000
heap
page read and write
2CD6E057000
heap
page read and write
7FFD347EC000
trusted library allocation
page execute and read and write
2CD6E11D000
heap
page read and write
2CD53E21000
trusted library allocation
page read and write
8FD000
trusted library allocation
page execute and read and write
2148FE000
unkown
page readonly
4B6C000
stack
page read and write
11D0000
heap
page read and write
1200000
heap
page execute and read and write
7FFD34826000
trusted library allocation
page read and write
41CD000
stack
page read and write
12B5000
heap
page read and write
2CD6C680000
heap
page read and write
2CD6E0DF000
heap
page read and write
7FFD34B00000
trusted library allocation
page read and write
104F865E000
trusted library allocation
page read and write
104F3267000
heap
page read and write
1B88F000
stack
page read and write
7FFD347B0000
trusted library allocation
page read and write
2CD6CC99000
heap
page read and write
104F86D0000
trusted library allocation
page read and write
7FFD34830000
trusted library allocation
page execute and read and write
7FFD34C3A000
trusted library allocation
page read and write
7FFD34860000
trusted library allocation
page execute and read and write
104F3B1A000
heap
page read and write
7FFD34A20000
trusted library allocation
page read and write
8A3000
heap
page read and write
7FFD347A2000
trusted library allocation
page read and write
7FFD34B40000
trusted library allocation
page read and write
11D0000
trusted library allocation
page read and write
2CD70280000
heap
page read and write
750000
heap
page read and write
7FFD349E0000
trusted library allocation
page read and write
99E000
heap
page read and write
12B2000
heap
page read and write
7FFD347CC000
trusted library allocation
page execute and read and write
177E000
stack
page read and write
F8E000
heap
page read and write
24AF000
stack
page read and write
1357000
heap
page read and write
2357000
trusted library allocation
page read and write
2CD6CAF0000
heap
page read and write
2CD52430000
heap
page read and write
1BB6E000
stack
page read and write
1080000
heap
page read and write
7FFD34A40000
trusted library allocation
page read and write
1586000
trusted library allocation
page read and write
1363000
heap
page read and write
104F3040000
heap
page read and write
7FFD34AB0000
trusted library allocation
page read and write
BF0000
unkown
page readonly
C04000
unkown
page read and write
38E0000
trusted library allocation
page read and write
104F88FA000
heap
page read and write
1320000
trusted library allocation
page read and write
EF753FF000
stack
page read and write
2CD6DD78000
heap
page read and write
104F8917000
heap
page read and write
12D3000
heap
page read and write
7FFD347B4000
trusted library allocation
page read and write
F8A000
heap
page read and write
7FFD349A0000
trusted library allocation
page execute and read and write
3796000
trusted library allocation
page read and write
EF746F3000
stack
page read and write
2CD53E10000
heap
page read and write
2CD6E1C7000
heap
page read and write
7FFD347C0000
trusted library allocation
page read and write
7FFD34A10000
trusted library allocation
page read and write
566E000
stack
page read and write
912000
trusted library allocation
page read and write
2CD54519000
trusted library allocation
page read and write
7FF45CBB0000
trusted library allocation
page execute and read and write
12C1000
heap
page read and write
7FFD34783000
trusted library allocation
page read and write
2CD6BE50000
trusted library allocation
page read and write
104F8856000
heap
page read and write
3D0E000
stack
page read and write
2CD6CCA9000
heap
page read and write
2CD5423E000
trusted library allocation
page read and write
104F8750000
trusted library allocation
page read and write
2CD6E0EB000
heap
page read and write
7FFD349D0000
trusted library allocation
page read and write
9B000
unkown
page readonly
17B8000
trusted library allocation
page read and write
2CD6E1C1000
heap
page read and write
104F4210000
trusted library section
page readonly
14F0000
unkown
page readonly
7FFD349E0000
trusted library allocation
page read and write
1BD70000
unkown
page readonly
2F37000
trusted library allocation
page read and write
7FFD34773000
trusted library allocation
page execute and read and write
922000
trusted library allocation
page read and write
1B898000
heap
page read and write
7FFD3479D000
trusted library allocation
page execute and read and write
91A000
trusted library allocation
page execute and read and write
2F0B000
trusted library allocation
page read and write
2CD52295000
heap
page read and write
7FFD34C50000
trusted library allocation
page read and write
BB0000
heap
page read and write
104F4250000
trusted library section
page readonly
13B0000
trusted library allocation
page read and write
104F325C000
heap
page read and write
4A40000
trusted library allocation
page read and write
2CD54521000
trusted library allocation
page read and write
7FFD34C77000
trusted library allocation
page read and write
BA0000
trusted library allocation
page read and write
1B890000
heap
page read and write
7FFD34B50000
trusted library allocation
page read and write
2156FE000
stack
page read and write
104F881D000
heap
page read and write
41E0000
trusted library allocation
page read and write
2CD6DD91000
heap
page read and write
2CD6E0BE000
heap
page read and write
2CD52490000
trusted library allocation
page read and write
7FFD34920000
trusted library allocation
page read and write
2CD70331000
heap
page read and write
EF7439E000
stack
page read and write
2CD53EA8000
trusted library allocation
page read and write
104F88C0000
heap
page read and write
927000
trusted library allocation
page execute and read and write
2C68000
trusted library allocation
page read and write
21507E000
stack
page read and write
104F3213000
heap
page read and write
104F3A00000
heap
page read and write
2CD53EB0000
trusted library allocation
page read and write
980000
heap
page read and write
2CD6CCB3000
heap
page read and write
2CD5452D000
trusted library allocation
page read and write
BC7000
trusted library allocation
page execute and read and write
15DF000
trusted library allocation
page read and write
15E4000
heap
page read and write
516E000
stack
page read and write
91000
unkown
page execute read
EF7435E000
stack
page read and write
317E000
stack
page read and write
7FFD34A90000
trusted library allocation
page read and write
15E1000
trusted library allocation
page read and write
7B8000
heap
page read and write
37C5000
trusted library allocation
page read and write
DB0000
heap
page read and write
2CD6C6BB000
heap
page read and write
21587E000
unkown
page readonly
2CD63E21000
trusted library allocation
page read and write
FA1000
heap
page read and write
7FFD349C0000
trusted library allocation
page read and write
7FFD34876000
trusted library allocation
page execute and read and write
2CD53D10000
heap
page read and write
EF759FE000
stack
page read and write
104F8730000
trusted library allocation
page read and write
7FFD34B70000
trusted library allocation
page read and write
2CD6C5F0000
heap
page read and write
104F8760000
trusted library allocation
page read and write
552D000
stack
page read and write
427E000
stack
page read and write
EF758FE000
stack
page read and write
EF754FD000
stack
page read and write
1B8F7000
heap
page read and write
72E000
stack
page read and write
24EE000
stack
page read and write
1B7EE000
stack
page read and write
2CD541CC000
trusted library allocation
page read and write
104F3150000
trusted library allocation
page read and write
41D0000
trusted library allocation
page read and write
1213000
trusted library allocation
page read and write
4EF0000
heap
page read and write
7FFD34940000
trusted library allocation
page read and write
2CD53CB0000
trusted library allocation
page read and write
EF750FA000
stack
page read and write
1BFB0000
unkown
page readonly
2CD542B9000
trusted library allocation
page read and write
17BE000
stack
page read and write
2151FE000
unkown
page readonly
21407B000
stack
page read and write
D30000
unkown
page readonly
148D000
trusted library allocation
page read and write
7B0000
heap
page read and write
DD0000
heap
page read and write
2CD522D5000
heap
page read and write
214FFE000
unkown
page readonly
7FFD34980000
trusted library allocation
page read and write
3F70000
trusted library allocation
page read and write
1250000
trusted library allocation
page read and write
1230000
trusted library allocation
page read and write
104F3160000
trusted library section
page read and write
8B0000
heap
page read and write
3F60000
trusted library allocation
page execute and read and write
12FF000
heap
page read and write
104F3329000
heap
page read and write
2CD63F11000
trusted library allocation
page read and write
7FFD347A0000
trusted library allocation
page read and write
3F90000
trusted library allocation
page read and write
2510000
trusted library allocation
page read and write
7FFD34886000
trusted library allocation
page execute and read and write
2CD6E0B5000
heap
page read and write
7FFD34A20000
trusted library allocation
page read and write
1C3EE000
stack
page read and write
BFD000
unkown
page readonly
215CFE000
unkown
page readonly
3B10000
trusted library allocation
page read and write
8E0000
trusted library allocation
page read and write
16BE000
trusted library allocation
page read and write
2CD54017000
trusted library allocation
page read and write
925000
trusted library allocation
page execute and read and write
1C37D000
stack
page read and write
2CD6CC6A000
heap
page read and write
104F888D000
heap
page read and write
214BFB000
stack
page read and write
153E000
trusted library allocation
page read and write
7FFD34AF0000
trusted library allocation
page read and write
7FFD348C0000
trusted library allocation
page execute and read and write
2146FE000
unkown
page readonly
3900000
trusted library allocation
page read and write
2EC0000
trusted library allocation
page read and write
7FFD34B60000
trusted library allocation
page execute and read and write
38D0000
trusted library allocation
page execute and read and write
1310000
trusted library allocation
page read and write
104F4240000
trusted library section
page readonly
104F88BE000
heap
page read and write
2CD5224C000
heap
page read and write
134D000
heap
page read and write
2CD54529000
trusted library allocation
page read and write
9B000
unkown
page readonly
7FFD34A08000
trusted library allocation
page read and write
2CD545A1000
trusted library allocation
page read and write
987000
heap
page read and write
1C187000
stack
page read and write
104F890C000
heap
page read and write
104F882A000
heap
page read and write
7FFD347B0000
trusted library allocation
page read and write
2CD6C723000
heap
page execute and read and write
2CD6C650000
heap
page read and write
7FFD349E0000
trusted library allocation
page read and write
104F890A000
heap
page read and write
29C000
stack
page read and write
B90000
trusted library allocation
page execute and read and write
E04000
heap
page read and write
104F88E3000
heap
page read and write
342F000
stack
page read and write
C3B000
stack
page read and write
1D4C0000
heap
page read and write
1B950000
heap
page read and write
104F8843000
heap
page read and write
37B1000
trusted library allocation
page read and write
104F85F0000
trusted library allocation
page read and write
7FFD34986000
trusted library allocation
page read and write
2CD5229B000
heap
page read and write
104F88F5000
heap
page read and write
150B000
trusted library allocation
page read and write
7FFD34B30000
trusted library allocation
page read and write
2CD53DB5000
heap
page read and write
7FFD34B20000
trusted library allocation
page read and write
104F3B00000
heap
page read and write
7FFD34958000
trusted library allocation
page read and write
133B000
trusted library allocation
page read and write
7FFD3499E000
trusted library allocation
page read and write
328E000
stack
page read and write
1270000
heap
page read and write
104F8630000
trusted library allocation
page read and write
104F88FA000
heap
page read and write
117E000
stack
page read and write
576E000
stack
page read and write
2CD6E0A7000
heap
page read and write
104F8600000
trusted library allocation
page read and write
7FFD34950000
trusted library allocation
page read and write
7FFD3478D000
trusted library allocation
page execute and read and write
214AFE000
unkown
page readonly
A97000
heap
page read and write
7A0000
trusted library section
page read and write
BE0000
trusted library allocation
page read and write
930000
heap
page read and write
2CD52210000
heap
page read and write
2CD5451D000
trusted library allocation
page read and write
2CD6E0F2000
heap
page read and write
11D8000
trusted library allocation
page read and write
86E000
heap
page read and write
3B00000
trusted library allocation
page read and write
24F0000
unkown
page readonly
1B5A0000
heap
page execute and read and write
214F7E000
stack
page read and write
104F3A15000
heap
page read and write
7FFD34A10000
trusted library allocation
page read and write
7FFD3497C000
trusted library allocation
page read and write
EF74CF8000
stack
page read and write
2CD6E1CF000
heap
page read and write
DA0000
heap
page read and write
2BA0000
heap
page read and write
D60000
heap
page read and write
7FFD34A0B000
trusted library allocation
page read and write
7FFD347CB000
trusted library allocation
page execute and read and write
3E0E000
stack
page read and write
2540000
heap
page execute and read and write
7FFD349BB000
trusted library allocation
page read and write
DC2000
heap
page read and write
11D0000
trusted library allocation
page read and write
12F9000
heap
page read and write
54EE000
stack
page read and write
7FFD34790000
trusted library allocation
page read and write
2CD5442E000
trusted library allocation
page read and write
7FFD34AA0000
trusted library allocation
page read and write
BC0000
trusted library allocation
page read and write
BA0000
trusted library allocation
page read and write
2E8F000
stack
page read and write
37AE000
trusted library allocation
page read and write
A1000
unkown
page write copy
4CEE000
stack
page read and write
2CD6E03A000
heap
page read and write
7FFD347BD000
trusted library allocation
page execute and read and write
104F3B02000
heap
page read and write
146F000
stack
page read and write
2CD54337000
trusted library allocation
page read and write
7FFD3494C000
trusted library allocation
page read and write
418B000
stack
page read and write
4BAD000
stack
page read and write
104F39E0000
trusted library allocation
page read and write
A3000
unkown
page readonly
7FFD349B6000
trusted library allocation
page read and write
7FFD34AE0000
trusted library allocation
page read and write
2CD53D50000
heap
page execute and read and write
1B14D000
stack
page read and write
104F86E0000
trusted library allocation
page read and write
104F328C000
heap
page read and write
7FFD34C70000
trusted library allocation
page read and write
104F3243000
heap
page read and write
There are 830 hidden memdumps, click here to show them.