63da0ed31ae7059b18004656066c66006c20f7dde752b4732457dd358d3e4a41

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2023 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.HEUR.3488.8075.exe
Size

84KB
MD5

22b396c9773c17a68b7c1beda334c6c9
SHA1

a4630ce224402e7fe26c8d910a2db71c4047a8bf
SHA256

63da0ed31ae7059b18004656066c66006c20f7dde752b4732457dd358d3e4a41
SHA512

efc37d846d4ef504b0c1d61a5f0a41a87be2eda29099839cbeba01468eaae94b9011f18724667ca2de35884a18e99004ac654285e74b8927fe0120296793424a
SSDEEP

1536:bazWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYY27QkPx37k:pFNpo6rIKlUE8fbkqRfbaQlaYY2Lx37k

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (dd863c88-148d-428d-bcaf-3d1076dc9add)\ImagePath = "\"C:\\Users\\Admin\\AppData\\Local\\Apps\\2.0\\8XPAZ5J6.NHZ\\PTDLJA1B.QAN\\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\\ScreenConnect.ClientService.exe\" \"?y=Guest&h=instance-gegn9m-relay.screenconnect.com&p=443&s=dd863c88-148d-428d-bcaf-3d1076dc9add&k=BgIAAACkAABSU0ExAAgAAAEAAQARPZITg4LvW3f8Cg30eBRW9dPe9TraqTXIcYXFB9oYIZjdoSL840t3TlDDNG4PWSRI46YKO1FsDCUcjjzgAsNgIkAingDv%2bvI0ebqbT%2bBjGM1JNn2CDHzyxG3pbrhGa%2fHZXdoXBGyVH4RqW%2f%2fVrLArjW9jFyQWHNUS5B%2bmu5Ur7cMNUQF789r8Jp7J4rORY1YYrYcPyahFhKycHl%2fKculNylivH2UlP7SkjqrIe%2f5dx%2bN85uUJHrT5bG8sd1%2bA2PvKxbUn9kp9CHtepWNolPgjKMSqtMijuHdxWN%2fhXA4UebKeDkHH491TmBVZWCYX8THtQqV4QSenDLRUENzBaaa5&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAPkSR2jIlQEOM9OTJVIfargAAAAACAAAAAAAQZgAAAAEAACAAAACqsQtcoSG7LhM79hAuta8ls%2f6GGPJy76ePQIywDv8PrQAAAAAOgAAAAAIAACAAAADahNdCJKVbMKIi39GgAIwHZaBDzgmzuyF13JJrln4GDqAEAAAxrh4XsSb7jnCAYGGdrM6Rbini81NbIqKRqBfzZXCLBWRC6mpl%2bUpEG5uqFTgEozamOUymwwvpCGt69LZpXRM4avEKjYWaw6muIE3uh8%2b3T%2bKpthf5KWQWD4eCI%2fzcMZvUgRyhwORtWvG%2f%2fgyYQj9hdj5%2fWZG0ROU7Pn7uURgauatNEoQmfWjReRmWiauIeguZnMFIQ85sI5ZnYJhhxBoV4iYHXQISiprEoR0TDCWCk7okvn8FFqZH8aaFdDZJrSNuj1KvlhAAQ%2fVEg%2fBS1UqKON45CgKdtREeoxdS4exIftvsg4j6bO1qCar4m%2bv8nHAfUIukuNtyx3E3zwHzUtp%2f5beO8IAU6bVd%2b5GsYeiYM21MKqYN3Co1w7VfYm3Hziez8CXCQddvtIFZGDksb3lTVgFIoWOhI7aisyiJ%2foCwPFEvKD2x%2feq9OrgrMtddzUJZbzClSnqMqnYzIOuen8astFJAM7pIOmkDmsZMcbsheAQ7%2f2cxuWgVSbQ3d2Q4De53bU231L9OHJ%2fSUcLFElhttQQk1%2bNpJbv7x0VeY75ta%2fkLLgOLU5dxjTFWyN%2br7IHtRs5v63tMykBhTcBS%2b4Z8NDFXMka%2fks85dOzbPNj%2b%2fMs7%2fK4P6iCCeEicQ0oZRxUxTQDpAprCz5qcB9bJ3VsbBjDeNnrHkWRH%2fSLY5qlcJxKGN3XzvGDOt1hKHrBM9E4W%2bW7s2EK6tB%2bfsUt4BGvoxhnKxhh0osAGLkwD1V1ACalHz4rIsbGt1Okd3nE7an%2b9q7TCkabYoFWXmPKWItDRgWQ1f7vJE4ol5iTseTTFBuo8gwXRZDruZG9zyp7PJwFdyDmLuBvHlOoHsvx5DPZHCe%2bz1Q2haLbDMG%2flz0nPTR6f6wil9GdYIkkc6v4TBLpxwNJOFKBlPoqeNMEL3hUyMFk87S%2flI4QkU3xUEO76wxfF6nWc%2fPgUoDbDcWXaHHVaQfXep%2bkjgNF5HAGC5S2qjLDOF0V7PLQ0qS1rpqaVfIOKtET62QrbAKpi9ICq%2b6qts10L7gSJ4hxtYvGSliFa66Go0WZ9AxKWffKMXKd4W0Sp5vRIfyKtqNLV7CPmNtgOIj7Bjl5RB1bIb4iMUvmStW%2bojROb2785RnwjNjXl%2b4X7LihDGvmroho4NWwBlEi8KoeYia%2b20Ryf7uURp%2b2MhRd2uiSFni7BHQAJONWhBa519I9ZYPQbrGsMyqyOy99cthEsEuE5Mmv39Rq%2bU7VXgp3hR3N1sf1A%2bR%2fZboRrUDnTns1Pb2oC6p9MUsFEO4hewLtDWm3nEVC9fjLDbFQ%2fXtFVVJS0hTjzrRhippiBJS%2fOpyTEUbIQtHP3xS4AkZBETHUzF18A08ypxaVo9D5tWrgJzPT3X815cWWATxzCuXtY2Azf%2fsSpuZTvujJENn4maq0txux%2f4E0D5QLHGAeLr19Yij3mfSy4RMd3Qfg05rrWrxXVIwxgzek4bYK2VNnBSTgxL2NqY3qnq5rScvnvNc5Szcdvcg3KpPXGASyxYGe7Dgt%2f4ysqbSQdh3qi%2bKMu72rAXkGPqZ6z5Wa0CSWv%2bblpOT%2f8G2F0YlDeSZQ%2bk0AAAADr%2f4jj5o%2frgxxG364ecaM%2bZje4vx8n75HxWjcFmoMWVMNFsJmi3E0VlQJeWHKxFUMRdVLAlUspT%2fIgJWUHpB1X&r=&i=Untitled%20Session\" \"1\""	ScreenConnect.ClientService.exe

Executes dropped EXE 4 IoCs

pid	Process
4804	ScreenConnect.WindowsClient.exe
2960	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
64	ScreenConnect.WindowsClient.exe

Loads dropped DLL 16 IoCs

pid	Process
2960	ScreenConnect.ClientService.exe
2960	ScreenConnect.ClientService.exe
2960	ScreenConnect.ClientService.exe
2960	ScreenConnect.ClientService.exe
2960	ScreenConnect.ClientService.exe
2960	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\user.config	ScreenConnect.WindowsClient.exe
File opened for modification	C:\Windows\system32\user.config	ScreenConnect.WindowsClient.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	ScreenConnect.ClientService.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\implication!scre..tion_25b0fbb6ef7eb094_0017.0002_2f3 = 68747470733a2f2f656c6e6e2d6d652e73637265656e636f6e6e6563742e636f6d2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\SubstructureCreated = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\appid = 68747470733a2f2f656c6e6e2d6d652e73637265656e636f6e6e6563742e636f6d2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2f53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb0 = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\Files\ScreenConnect.Core.dll_b96889d378047e27 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\lock!0e00000059ca560ec41200005c0800000000000000000000 = 30303030313263342c30316439383930663461663562303535	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\identity = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\lock!10000000f2c8560e0c0f0000a80600000000000000000000 = 30303030306630632c30316439383930663436383265326163	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb0 = 3c004100700070006c00690063006100740069006f006e00540072007500730074002000760065007200730069006f006e003d002200310022000d000a00460075006c006c004e0061006d0065003d002200680074007400700073003a002f002f0065006c006e006e002d006d0065002e00730063007200650065006e0063006f006e006e006500630074002e0063006f006d002f00420069006e002f00530063007200650065006e0043006f006e006e006500630074002e0043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002300530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002c002000560065007200730069006f006e003d00320033002e0032002e0039002e0038003400360036002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002f00530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006500780065002c002000560065007200730069006f006e003d00320033002e0032002e0039002e0038003400360036002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002c00200074007900700065003d00770069006e003300320022000d000a00540072007500730074006500640054006f00520075006e003d002200740072007500650022000d000a0050006500720073006900730074003d002200740072007500650022003e000d000a003c00440065006600610075006c0074004700720061006e0074003e000d000a003c0050006f006c00690063007900530074006100740065006d0065006e0074002000760065007200730069006f006e003d002200310022003e000d000a003c005000650072006d0069007300730069006f006e00530065007400200063006c006100730073003d002200530079007300740065006d002e00530065006300750072006900740079002e005000650072006d0069007300730069006f006e0053006500740022000d000a00760065007200730069006f006e003d002200310022000d000a00490044003d00220043007500730074006f006d0022000d000a00530061006d00650053006900740065003d002200730069007400650022000d000a0055006e0072006500730074007200690063007400650064003d002200740072007500650022000d000a0078006d006c006e0073003a00610073006d00760031003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600310022000d000a0078006d006c006e0073003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600320022000d000a0078006d006c006e0073003a00610073006d00760032003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600320022000d000a0078006d006c006e0073003a007800730069003d00220068007400740070003a002f002f007700770077002e00770033002e006f00720067002f0032003000300031002f0058004d004c0053006300680065006d0061002d0069006e007300740061006e006300650022000d000a0078006d006c006e0073003a0063006f002e00760031003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a0063006c00690063006b006f006e00630065002e007600310022000d000a0078006d006c006e0073003a00610073006d00760033003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600330022000d000a0078006d006c006e0073003a0064007300690067003d00220068007400740070003a002f002f007700770077002e00770033002e006f00720067002f0032003000300030002f00300039002f0078006d006c006400730069006700230022000d000a0078006d006c006e0073003a0063006f002e00760032003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a0063006c00690063006b006f006e00630065002e007600320022003e000d000a003c0049005000650072006d0069007300730069006f006e00200063006c006100730073003d002200530079007300740065006d002e004e00650074002e005700650062005000650072006d0069007300730069006f006e002c002000530079007300740065006d002c002000560065007200730069006f006e003d0032002e0030002e0030002e0030002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d00620037003700610035006300350036003100390033003400650030003800390022000d000a00760065007200730069006f006e003d002200310022003e000d000a003c0043006f006e006e006500630074004100630063006500730073003e000d000a003c0055005200490020007500720069003d00220028006800740074007000730029003a002f002f0065006c006e006e005c002d006d0065005c002e00730063007200650065006e0063006f006e006e006500630074005c002e0063006f006d002f002e002a0022002f003e000d000a003c002f0043006f006e006e006500630074004100630063006500730073003e000d000a003c002f0049005000650072006d0069007300730069006f006e003e000d000a003c002f005000650072006d0069007300730069006f006e005300650074003e000d000a003c002f0050006f006c00690063007900530074006100740065006d0065006e0074003e000d000a003c002f00440065006600610075006c0074004700720061006e0074003e000d000a003c004500780074007200610049006e0066006f00200044006100740061003d00220030003000300031003000300030003000300030004600460046004600460046004600460030003100300030003000300030003000300030003000300030003000300030003000430030003200300030003000300030003000350037003500330037003900370033003700340036003500360044003200450035003700360039003600450036003400360046003700370037003300320045003400360036004600370032003600440037003300320043003200300035003600360035003700320037003300360039003600460036004500330044003300340032004500330030003200450033003000320045003300300032004300320030003400330037003500360043003700340037003500370032003600350033004400360045003600350037003500370034003700320036003100360043003200430032003000350030003700350036003200360043003600390036003300340042003600350037003900350034003600460036004200360035003600450033004400360032003300370033003700360031003300350036003300330035003300360033003100330039003300330033003400360035003300300033003800330039003000350030003100300030003000300030003000330030003500330037003900370033003700340036003500360044003200450035003300360035003600330037003500370032003600390037003400370039003200450035003000360046003600430036003900360033003700390032004500340031003700300037003000360043003600390036003300360031003700340036003900360046003600450035003400370032003700350037003300370034003400350037003800370034003700320036003100340039003600450036003600360046003000310030003000300030003000300031003800370032003600350037003100370035003600350037003300370034003700330035003300360038003600350036004300360043003400390036004500370034003600350036003700370032003600310037003400360039003600460036004500300030003000310030003200300030003000300030003000300030003000420022002f003e000d000a003c002f004100700070006c00690063006100740069006f006e00540072007500730074003e000d000a000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\identity = 53637265656e436f6e6e6563742e436f72652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\DigestValue = a23587d95e94d7d5222b675867b3d525c2b4db5f	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\PreparedForExecution = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Installations	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\identity = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7\identity = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\Files\ScreenConnect.ClientService.dll_e781b1c636 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\lock!06000000f2c8560e0c0f0000a80600000000000000000000 = 30303030306630632c30316439383930663436383265326163	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	ScreenConnect.WindowsClient.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "YYL9DWLJLDT4WHBJXP2R1QOJ"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb0	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\NonCanonicalData	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb0 = 680074007400700073003a002f002f0065006c006e006e002d006d0065002e00730063007200650065006e0063006f006e006e006500630074002e0063006f006d002f00420069006e002f00530063007200650065006e0043006f006e006e006500630074002e0043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002300530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002c002000560065007200730069006f006e003d00320033002e0032002e0039002e0038003400360036002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002f00530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006500780065002c002000560065007200730069006f006e003d00320033002e0032002e0039002e0038003400360036002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002c00200074007900700065003d00770069006e00330032000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2f37943c28e18bab\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\Files\ScreenConnect.WindowsClient.exe_6492277df2 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\identity = 53637265656e436f6e6e6563742e436c69656e742c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7\SizeOfStronglyNamedComponent = e9ef010000000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2f37943c28e18bab\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\Files\ScreenConnect.ClientService.exe_e781b1ee36 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\HasRunBefore = 01	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_2f37943c28e18bab	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c0 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\Transform = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd7 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8\identity = 53637265656e436f6e6e6563742e57696e646f77732c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\Transform = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb0 = 68747470733a2f2f656c6e6e2d6d652e73637265656e636f6e6e6563742e636f6d2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2f53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb0 = 54007200750065000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\DigestMethod = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\Files	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\lock!08000000f2c8560e0c0f0000a80600000000000000000000 = 30303030306630632c30316439383930663436383265326163	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_563baf66f9daa750	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\DigestValue = a229e0582dc95272bc15acd59b73b5b6c8c5abcd	dfsvc.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C	SecuriteInfo.com.HEUR.3488.8075.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e	SecuriteInfo.com.HEUR.3488.8075.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579	SecuriteInfo.com.HEUR.3488.8075.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054	SecuriteInfo.com.HEUR.3488.8075.exe
Key deleted	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C	SecuriteInfo.com.HEUR.3488.8075.exe
Key deleted	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579	SecuriteInfo.com.HEUR.3488.8075.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
64	ScreenConnect.WindowsClient.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2956	ScreenConnect.ClientService.exe
2956	ScreenConnect.ClientService.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3852	dfsvc.exe
Token: SeDebugPrivilege	2956	ScreenConnect.ClientService.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe
64	ScreenConnect.WindowsClient.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 3852	3524	SecuriteInfo.com.HEUR.3488.8075.exe	83
PID 3524 wrote to memory of 3852	3524	SecuriteInfo.com.HEUR.3488.8075.exe	83
PID 3852 wrote to memory of 4804	3852	dfsvc.exe	84
PID 3852 wrote to memory of 4804	3852	dfsvc.exe	84
PID 3852 wrote to memory of 4804	3852	dfsvc.exe	84
PID 4804 wrote to memory of 2960	4804	ScreenConnect.WindowsClient.exe	85
PID 4804 wrote to memory of 2960	4804	ScreenConnect.WindowsClient.exe	85
PID 4804 wrote to memory of 2960	4804	ScreenConnect.WindowsClient.exe	85
PID 2956 wrote to memory of 64	2956	ScreenConnect.ClientService.exe	90
PID 2956 wrote to memory of 64	2956	ScreenConnect.ClientService.exe	90
PID 2956 wrote to memory of 64	2956	ScreenConnect.ClientService.exe	90

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.HEUR.3488.8075.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.HEUR.3488.8075.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe
    "C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe
      "C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe" "?y=Guest&h=instance-gegn9m-relay.screenconnect.com&p=443&s=dd863c88-148d-428d-bcaf-3d1076dc9add&k=BgIAAACkAABSU0ExAAgAAAEAAQARPZITg4LvW3f8Cg30eBRW9dPe9TraqTXIcYXFB9oYIZjdoSL840t3TlDDNG4PWSRI46YKO1FsDCUcjjzgAsNgIkAingDv%2bvI0ebqbT%2bBjGM1JNn2CDHzyxG3pbrhGa%2fHZXdoXBGyVH4RqW%2f%2fVrLArjW9jFyQWHNUS5B%2bmu5Ur7cMNUQF789r8Jp7J4rORY1YYrYcPyahFhKycHl%2fKculNylivH2UlP7SkjqrIe%2f5dx%2bN85uUJHrT5bG8sd1%2bA2PvKxbUn9kp9CHtepWNolPgjKMSqtMijuHdxWN%2fhXA4UebKeDkHH491TmBVZWCYX8THtQqV4QSenDLRUENzBaaa5&r=&i=Untitled%20Session" "1"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2960

C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe
"C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe" "?y=Guest&h=instance-gegn9m-relay.screenconnect.com&p=443&s=dd863c88-148d-428d-bcaf-3d1076dc9add&k=BgIAAACkAABSU0ExAAgAAAEAAQARPZITg4LvW3f8Cg30eBRW9dPe9TraqTXIcYXFB9oYIZjdoSL840t3TlDDNG4PWSRI46YKO1FsDCUcjjzgAsNgIkAingDv%2bvI0ebqbT%2bBjGM1JNn2CDHzyxG3pbrhGa%2fHZXdoXBGyVH4RqW%2f%2fVrLArjW9jFyQWHNUS5B%2bmu5Ur7cMNUQF789r8Jp7J4rORY1YYrYcPyahFhKycHl%2fKculNylivH2UlP7SkjqrIe%2f5dx%2bN85uUJHrT5bG8sd1%2bA2PvKxbUn9kp9CHtepWNolPgjKMSqtMijuHdxWN%2fhXA4UebKeDkHH491TmBVZWCYX8THtQqV4QSenDLRUENzBaaa5&r=&i=Untitled%20Session" "1"
1⤵
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe
  "C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe" "RunRole" "feef32db-70ee-4d42-a5c6-aa8df10ace55" "User"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:64

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\Manifests\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7.manifest

Filesize
109KB

MD5
18ced9336f469700ef68ac7150f21d08

SHA1
903a7eb58c6849ec40e11022c16c90aef9f3346e

SHA256
fddbdc6410bf19c6fe0c7bafe0f3f0bd2e7e58829b3f431ecb58bec44ff64e04

SHA512
179670f00704b1c12b6e89a4e48d5723a2b5b0a9575282523664e24d9b2ff8358be4082086b3a02d96a3dbd701c1bd4761888a4953f98e8988455a63dff67efb

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004.cdf-ms

Filesize
23KB

MD5
92c7f2acc0b03b9e825e44da91f7e3df

SHA1
a4d6ef1a5105372da1d76085f7f747346d5ac16f

SHA256
633c84cffd657f485e41e33d7f3002f2a48a5ded390cb04cc46ed566fe7df63a

SHA512
d9c6b20aed80753a8d549f852d12de531acfc69d81ead5431fb6916abd22b97786b983b80e2d5d7d92341c387cd27b48dd8462a66f1f60c166f0f6914fbbd2f3

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004.cdf-ms

Filesize
23KB

MD5
92c7f2acc0b03b9e825e44da91f7e3df

SHA1
a4d6ef1a5105372da1d76085f7f747346d5ac16f

SHA256
633c84cffd657f485e41e33d7f3002f2a48a5ded390cb04cc46ed566fe7df63a

SHA512
d9c6b20aed80753a8d549f852d12de531acfc69d81ead5431fb6916abd22b97786b983b80e2d5d7d92341c387cd27b48dd8462a66f1f60c166f0f6914fbbd2f3

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178.cdf-ms

Filesize
3KB

MD5
e5644ccd6672f5ef335a9b78cee622d9

SHA1
92b11a0b333d0a2bc83ed93714b9f74762d3967b

SHA256
21baf07d11b57f547f0b24d7593ac33242e88dff2716cf19b0842f21ec645d6a

SHA512
ef9cb02a428277de2a0aa3887ab8029989e6d01c56ecb80ced5e108e82d4a9d00981fc4d5702edd36818caa9a9e31d17686a57d4119cd97265559d9500882955

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178.cdf-ms

Filesize
3KB

MD5
e5644ccd6672f5ef335a9b78cee622d9

SHA1
92b11a0b333d0a2bc83ed93714b9f74762d3967b

SHA256
21baf07d11b57f547f0b24d7593ac33242e88dff2716cf19b0842f21ec645d6a

SHA512
ef9cb02a428277de2a0aa3887ab8029989e6d01c56ecb80ced5e108e82d4a9d00981fc4d5702edd36818caa9a9e31d17686a57d4119cd97265559d9500882955

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8.cdf-ms

Filesize
5KB

MD5
f9ebd28efa1ebe0080d8bce5ab829fe7

SHA1
72690051addb43311a30c32e1e13b45d25ed0d86

SHA256
2b99964a114623238f366648c17a486432ce407cf40cee8a88a113ef7de69d7d

SHA512
183f4a27db5996c9f10e49894637ac9ed44f44a4dd4b729dccda8df62075a5dba7fed84f14345b88920ba294db662c59ac87bdb5e898bbcdefd5d5f8ac820e14

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8.cdf-ms

Filesize
5KB

MD5
f9ebd28efa1ebe0080d8bce5ab829fe7

SHA1
72690051addb43311a30c32e1e13b45d25ed0d86

SHA256
2b99964a114623238f366648c17a486432ce407cf40cee8a88a113ef7de69d7d

SHA512
183f4a27db5996c9f10e49894637ac9ed44f44a4dd4b729dccda8df62075a5dba7fed84f14345b88920ba294db662c59ac87bdb5e898bbcdefd5d5f8ac820e14

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485.cdf-ms

Filesize
6KB

MD5
394d8b20972d786c9990e30aff749545

SHA1
46a322b6c70f097b4aa6737e2e5e27b518f13603

SHA256
2f5ba539a04ca088066c245c6a35089f801471dd8a9721d3d277c5ea7ef7b3b0

SHA512
29359c2195bb159edc451ffd55923f130d815399a51b03183c13312eba98040f192595da8b11cd68383321e5cd63cad63f01717b68b2f00773ecc5cf1fa6a150

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485.cdf-ms

Filesize
6KB

MD5
394d8b20972d786c9990e30aff749545

SHA1
46a322b6c70f097b4aa6737e2e5e27b518f13603

SHA256
2f5ba539a04ca088066c245c6a35089f801471dd8a9721d3d277c5ea7ef7b3b0

SHA512
29359c2195bb159edc451ffd55923f130d815399a51b03183c13312eba98040f192595da8b11cd68383321e5cd63cad63f01717b68b2f00773ecc5cf1fa6a150

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c.cdf-ms

Filesize
2KB

MD5
4ce8bcc639578b850b72fc8117b9a3ca

SHA1
7368e77d547d21c767bcfa1896640fb12c2a1b81

SHA256
cf1af353928ddfdf0171908f794ed82fbd48e11693f4501c07b9662aee5daed9

SHA512
a73145e25716d63b06bef395380c8d857c0d3b2b59ef074e82a194960de11224a4739c400fef769f3e25b3bc4e40d9dd1fc78462cc7860ef1c14966a34ae8f23

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c.cdf-ms

Filesize
2KB

MD5
4ce8bcc639578b850b72fc8117b9a3ca

SHA1
7368e77d547d21c767bcfa1896640fb12c2a1b81

SHA256
cf1af353928ddfdf0171908f794ed82fbd48e11693f4501c07b9662aee5daed9

SHA512
a73145e25716d63b06bef395380c8d857c0d3b2b59ef074e82a194960de11224a4739c400fef769f3e25b3bc4e40d9dd1fc78462cc7860ef1c14966a34ae8f23

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7.cdf-ms

Filesize
14KB

MD5
3af4cbcd3a51e78ad30d286a18b6ef8b

SHA1
856e11f715928e4211c593c5de39de2169eca3a3

SHA256
83f9d607a2c376598929d6db7dcb83d8cf540276d4b405d1d881364560aa4c4a

SHA512
31199b8bb3e6aeef70f68a3f464e95d9862ba2da5b9109ed45d50ddcfcfacd531bf437ca15f4bfb030f934d440ff555daeda857c1b07976d8fad9477ac2db998

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7.cdf-ms

Filesize
14KB

MD5
3af4cbcd3a51e78ad30d286a18b6ef8b

SHA1
856e11f715928e4211c593c5de39de2169eca3a3

SHA256
83f9d607a2c376598929d6db7dcb83d8cf540276d4b405d1d881364560aa4c4a

SHA512
31199b8bb3e6aeef70f68a3f464e95d9862ba2da5b9109ed45d50ddcfcfacd531bf437ca15f4bfb030f934d440ff555daeda857c1b07976d8fad9477ac2db998

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3.cdf-ms

Filesize
4KB

MD5
ae8e69553310261db5a67cfb9123d7df

SHA1
f4d25ea71957f57595ec6c716dd3a06dd08cb010

SHA256
3145515d08207aed13519317c3c7476ec3d546233cd88517e8614f4a9d52b6a6

SHA512
ee0f1919f18639892a698066c13a1355967fba9efeb5ffb6084105a9424cbbb55b7be94229349f0197ec99b317704cddb3b8422366244a47acc2842e4524938d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\manifests\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3.cdf-ms

Filesize
4KB

MD5
ae8e69553310261db5a67cfb9123d7df

SHA1
f4d25ea71957f57595ec6c716dd3a06dd08cb010

SHA256
3145515d08207aed13519317c3c7476ec3d546233cd88517e8614f4a9d52b6a6

SHA512
ee0f1919f18639892a698066c13a1355967fba9efeb5ffb6084105a9424cbbb55b7be94229349f0197ec99b317704cddb3b8422366244a47acc2842e4524938d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\ScreenConnect.ClientService.exe

Filesize
93KB

MD5
256081d2d140ed2727c1957317627136

SHA1
6c0b6758aef7980868e56a0739c877d4fa837ed9

SHA256
72b206d8c2ea0378f096c5e7c13022f67a0a0f670a10c1534b6f7a1ba95e8be6

SHA512
40d15bfab3fcac4c1a5f9ebf4618982f600a00659e48a8bc1e7d5223852a2b6c1f047e17d93dd5545c9d8af11f943f243392f7db44ba993345e15e106a7246f0

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\Client.en-US.resources

Filesize
47KB

MD5
e5d912067630d3efe53f290b9c9d0d27

SHA1
b0fc2105716c6eab770f89b9ed88ce2a36bdb5b2

SHA256
a023527e773b886fb64c5f31de484f659c5816cf4ab696be7c98a3ea4de57d41

SHA512
13fcb0f3f0208c072c86f1df8efe73cfade2803bc4b04e666787a95e10f49289fe6c1b8e10e7dbb5071cae92345fa12139fc220dc23dee4b098cc77fc53a316b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\Client.resources

Filesize
26KB

MD5
5cd580b22da0c33ec6730b10a6c74932

SHA1
0b6bded7936178d80841b289769c6ff0c8eead2d

SHA256
de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

SHA512
c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Client.dll

Filesize
177KB

MD5
32d230704c43f4bf811ce214fa23700b

SHA1
87c48d902f206c196ed6b69747f2ff1ec401a969

SHA256
3b0cd76c1d949d6d6e4073c73e637c531bac18827f9ec02a6be6c5e6bbcfe368

SHA512
cda6fbd99180f590658b47a418e28c6456dc298f14a7c1aa229a6fd97355dc6caa9278659d2d885cee1000298f54556f16ef359990d9f3b31fd01293adb8efa1

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Client.dll

Filesize
177KB

MD5
32d230704c43f4bf811ce214fa23700b

SHA1
87c48d902f206c196ed6b69747f2ff1ec401a969

SHA256
3b0cd76c1d949d6d6e4073c73e637c531bac18827f9ec02a6be6c5e6bbcfe368

SHA512
cda6fbd99180f590658b47a418e28c6456dc298f14a7c1aa229a6fd97355dc6caa9278659d2d885cee1000298f54556f16ef359990d9f3b31fd01293adb8efa1

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Client.dll

Filesize
177KB

MD5
32d230704c43f4bf811ce214fa23700b

SHA1
87c48d902f206c196ed6b69747f2ff1ec401a969

SHA256
3b0cd76c1d949d6d6e4073c73e637c531bac18827f9ec02a6be6c5e6bbcfe368

SHA512
cda6fbd99180f590658b47a418e28c6456dc298f14a7c1aa229a6fd97355dc6caa9278659d2d885cee1000298f54556f16ef359990d9f3b31fd01293adb8efa1

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Client.manifest

Filesize
1KB

MD5
9f03e9009c7e7501e7eb2d4b11e03659

SHA1
cbb55994291a061e4dc15905436340a37f0ead40

SHA256
cb49febfd0fd89f843f7d44d64fbfd94dd23d71a19cd19a24453799d2e830a89

SHA512
e623f8f8a98c689b9a05f0e90a5fa7ac118784a2bdff7e19e1c68f65dcac7d5fb41c3ea490e132e01c02fd7603a68813e2230e0f2105c0a74fc85cfbc1ddad6d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe

Filesize
93KB

MD5
256081d2d140ed2727c1957317627136

SHA1
6c0b6758aef7980868e56a0739c877d4fa837ed9

SHA256
72b206d8c2ea0378f096c5e7c13022f67a0a0f670a10c1534b6f7a1ba95e8be6

SHA512
40d15bfab3fcac4c1a5f9ebf4618982f600a00659e48a8bc1e7d5223852a2b6c1f047e17d93dd5545c9d8af11f943f243392f7db44ba993345e15e106a7246f0

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe

Filesize
93KB

MD5
256081d2d140ed2727c1957317627136

SHA1
6c0b6758aef7980868e56a0739c877d4fa837ed9

SHA256
72b206d8c2ea0378f096c5e7c13022f67a0a0f670a10c1534b6f7a1ba95e8be6

SHA512
40d15bfab3fcac4c1a5f9ebf4618982f600a00659e48a8bc1e7d5223852a2b6c1f047e17d93dd5545c9d8af11f943f243392f7db44ba993345e15e106a7246f0

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.exe

Filesize
93KB

MD5
256081d2d140ed2727c1957317627136

SHA1
6c0b6758aef7980868e56a0739c877d4fa837ed9

SHA256
72b206d8c2ea0378f096c5e7c13022f67a0a0f670a10c1534b6f7a1ba95e8be6

SHA512
40d15bfab3fcac4c1a5f9ebf4618982f600a00659e48a8bc1e7d5223852a2b6c1f047e17d93dd5545c9d8af11f943f243392f7db44ba993345e15e106a7246f0

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.ClientService.manifest

Filesize
1KB

MD5
5ff58a84f45fb37155ad9506016e01e0

SHA1
21ad04df12e2620c71d4c389e82052d1dbe1eb89

SHA256
19793a0f7348c3ad051e370d3af533fe2d105b2187eaeab9bce49be9ac77c8d7

SHA512
26569b4058ef274e96bc327b8199b16a50883d92f3a5a63904e1c890e33de0838908565951371cd3388c8ed5920e989a1907d6e0b37d803299fb5be90abb796d

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Core.manifest

Filesize
1KB

MD5
adb6ed2710265b25f4e7e75c16fed3e3

SHA1
e86dd1f9ccee017a811bb4ca0d287ef62c9ec876

SHA256
823258438816ec648dcb31d800c1b085a303b85c2c2f43dbbf7958949e1db8f9

SHA512
9265c8e89a4db1902ac6b2ec2d50ed9226976278aef0cbfe38c7c3fe8d30cf2d76b235b6f4931837af4d47ed584ea4baaf380d88a33a7c5beee9f5fb2bb18a04

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Windows.dll

Filesize
1.6MB

MD5
254d64388c6c52228d7a921960a03f6b

SHA1
b023b69348bb06c4b4ad67bee0f55bb9cfb3748c

SHA256
05e78416a344f74095e36ff14baa719867e9e163e1ae9a96c29df8615748b0ae

SHA512
2c52f6627fd1592f7e38b82f3a2d199fbed7b27268d9251b855fe2310d757d7b98db5a0e56956612794d6fce8035d30a6b9cecbd1262c570f0c01430e6e11459

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Windows.dll

Filesize
1.6MB

MD5
254d64388c6c52228d7a921960a03f6b

SHA1
b023b69348bb06c4b4ad67bee0f55bb9cfb3748c

SHA256
05e78416a344f74095e36ff14baa719867e9e163e1ae9a96c29df8615748b0ae

SHA512
2c52f6627fd1592f7e38b82f3a2d199fbed7b27268d9251b855fe2310d757d7b98db5a0e56956612794d6fce8035d30a6b9cecbd1262c570f0c01430e6e11459

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Windows.dll

Filesize
1.6MB

MD5
254d64388c6c52228d7a921960a03f6b

SHA1
b023b69348bb06c4b4ad67bee0f55bb9cfb3748c

SHA256
05e78416a344f74095e36ff14baa719867e9e163e1ae9a96c29df8615748b0ae

SHA512
2c52f6627fd1592f7e38b82f3a2d199fbed7b27268d9251b855fe2310d757d7b98db5a0e56956612794d6fce8035d30a6b9cecbd1262c570f0c01430e6e11459

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.Windows.manifest

Filesize
1KB

MD5
9a91308c9b52b96c012f0c14581d4445

SHA1
8040d311e2b073309a11a8707ef07b9d8dced891

SHA256
293e2eafed2e158baa0e2c7c855ad68618b7fef29fbc799aa0bdf551e2c93300

SHA512
927af7affc50c8662ab140621841ec1eec07f47a51e3a590632e6977d69154c9e3d7c020754629b63b46116bb9f05cd2c38e1173879e4365f5d04751ea64941a

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsBackstageShell.exe

Filesize
52KB

MD5
dd9d8572ac8b91f6844e9e8a28684577

SHA1
5e86a97c1c51a01766715628aa5ee965fd2948ae

SHA256
a2409879344f21a45175a17f857b4c027087200f4892810994715a189f2a6280

SHA512
c89359a6fdb4bbfa19f3d1e16e8d31bcc1e2845a7eb39427063c918cdfb9c24314c28afa4c3bc7a87879dd28dcfb7fe9cd3539366b2fbeed4f78e5dbf9e1e33b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsBackstageShell.exe.config

Filesize
266B

MD5
728175e20ffbceb46760bb5e1112f38b

SHA1
2421add1f3c9c5ed9c80b339881d08ab10b340e3

SHA256
87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

SHA512
fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe

Filesize
561KB

MD5
254a33ec9d5391577b95d2cea3cf06d8

SHA1
a23587d95e94d7d5222b675867b3d525c2b4db5f

SHA256
6bd3ab0299b3826e476461caf1244e672d9f12858243921beb3939134618b790

SHA512
e9a7550678d11b86032869a888bef1fe75d89eb895ae561937a26a6b364fa78f5903c53ad0ee74bdb2e235baa5570b16cfa97133e060ceb3033d469f62712bb6

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe

Filesize
561KB

MD5
254a33ec9d5391577b95d2cea3cf06d8

SHA1
a23587d95e94d7d5222b675867b3d525c2b4db5f

SHA256
6bd3ab0299b3826e476461caf1244e672d9f12858243921beb3939134618b790

SHA512
e9a7550678d11b86032869a888bef1fe75d89eb895ae561937a26a6b364fa78f5903c53ad0ee74bdb2e235baa5570b16cfa97133e060ceb3033d469f62712bb6

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe

Filesize
561KB

MD5
254a33ec9d5391577b95d2cea3cf06d8

SHA1
a23587d95e94d7d5222b675867b3d525c2b4db5f

SHA256
6bd3ab0299b3826e476461caf1244e672d9f12858243921beb3939134618b790

SHA512
e9a7550678d11b86032869a888bef1fe75d89eb895ae561937a26a6b364fa78f5903c53ad0ee74bdb2e235baa5570b16cfa97133e060ceb3033d469f62712bb6

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe.config

Filesize
266B

MD5
728175e20ffbceb46760bb5e1112f38b

SHA1
2421add1f3c9c5ed9c80b339881d08ab10b340e3

SHA256
87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

SHA512
fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.exe.manifest

Filesize
16KB

MD5
9165412ee08839b9702bd4971864a133

SHA1
a229e0582dc95272bc15acd59b73b5b6c8c5abcd

SHA256
6bb1c1aa5663ad33eda2256037da8e7439502c206d4c0047270a2fd1f006bb50

SHA512
7b84ce7685daca320545ec6a0dd55e7f4d85bb53f58f8feb163439cc06357e17cbb4e021dd957a7af6287fe34b3379db85dd452ebe118ce4023394d5a18a62e5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\ScreenConnect.WindowsClient.manifest

Filesize
2KB

MD5
3f462b9b4d5ae0d9928a86cc95e30e95

SHA1
ab9914088776994af9df487be0453af0b825a93a

SHA256
b08049bd6006e44ec8ecb301cfde944ca29572a783cb8aee59a0accef2e9bab4

SHA512
2e1ff89dbae65e48aaf79f1e239265254a45ddf725559d078a40b59dea07f177887caa2d17d80506ac55447852e5d86863457970550b21ba884acd0f71e8957a

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\8XPAZ5J6.NHZ\PTDLJA1B.QAN\scre..tion_25b0fbb6ef7eb094_0017.0002_2bf33385804a0335\user.config

Filesize
589B

MD5
54c1bb23c84ac2b4d11a8414a945a3f2

SHA1
9c8929dc6b1130a6f18e6a8bc00f886f1e0bfed1

SHA256
b8c8e95c69effbb6a75b10c094db3947ffb9d20695f77ed5c117cd3021b06925

SHA512
5ef5cdf3c6148cc88621f4ccdaeffe4f63c00d0bb2b51fed58940bddba3874d22af642e6bc0b6623913e867b5b2ecb79d31623c84774667e112f3a71cd5ac8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

Filesize
1KB

MD5
efd934620fb989581d19963e3fbb6d58

SHA1
63b103bb53e254a999eb842ef90462f208e20162

SHA256
3af88293fb19b74f43b351ed49ccc031727f389c7ca509eece181da5763a492f

SHA512
6061817547280c5cf5d2cd50fa76b92aa9c1cfc433f17d6b545192e1098281394562adb773931cecd15d1b594d3b9c03855b70682fe6c54df5912c185b54670b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Client.dll

Filesize
177KB

MD5
32d230704c43f4bf811ce214fa23700b

SHA1
87c48d902f206c196ed6b69747f2ff1ec401a969

SHA256
3b0cd76c1d949d6d6e4073c73e637c531bac18827f9ec02a6be6c5e6bbcfe368

SHA512
cda6fbd99180f590658b47a418e28c6456dc298f14a7c1aa229a6fd97355dc6caa9278659d2d885cee1000298f54556f16ef359990d9f3b31fd01293adb8efa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Client.dll.genman

Filesize
1KB

MD5
9f03e9009c7e7501e7eb2d4b11e03659

SHA1
cbb55994291a061e4dc15905436340a37f0ead40

SHA256
cb49febfd0fd89f843f7d44d64fbfd94dd23d71a19cd19a24453799d2e830a89

SHA512
e623f8f8a98c689b9a05f0e90a5fa7ac118784a2bdff7e19e1c68f65dcac7d5fb41c3ea490e132e01c02fd7603a68813e2230e0f2105c0a74fc85cfbc1ddad6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.ClientService.dll

Filesize
58KB

MD5
b1346a9380086791abef5aa98903c80e

SHA1
ce77b0812363223bb04bfee60d383987ca405225

SHA256
43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135

SHA512
a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.ClientService.dll.genman

Filesize
1KB

MD5
5ff58a84f45fb37155ad9506016e01e0

SHA1
21ad04df12e2620c71d4c389e82052d1dbe1eb89

SHA256
19793a0f7348c3ad051e370d3af533fe2d105b2187eaeab9bce49be9ac77c8d7

SHA512
26569b4058ef274e96bc327b8199b16a50883d92f3a5a63904e1c890e33de0838908565951371cd3388c8ed5920e989a1907d6e0b37d803299fb5be90abb796d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Core.dll

Filesize
489KB

MD5
6c5d0928642bf37ceed295b984e05be2

SHA1
46be0d5a7db56cb1ad77274709d0db053a3c0999

SHA256
3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1

SHA512
bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Core.dll.genman

Filesize
1KB

MD5
adb6ed2710265b25f4e7e75c16fed3e3

SHA1
e86dd1f9ccee017a811bb4ca0d287ef62c9ec876

SHA256
823258438816ec648dcb31d800c1b085a303b85c2c2f43dbbf7958949e1db8f9

SHA512
9265c8e89a4db1902ac6b2ec2d50ed9226976278aef0cbfe38c7c3fe8d30cf2d76b235b6f4931837af4d47ed584ea4baaf380d88a33a7c5beee9f5fb2bb18a04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Windows.dll

Filesize
1.6MB

MD5
254d64388c6c52228d7a921960a03f6b

SHA1
b023b69348bb06c4b4ad67bee0f55bb9cfb3748c

SHA256
05e78416a344f74095e36ff14baa719867e9e163e1ae9a96c29df8615748b0ae

SHA512
2c52f6627fd1592f7e38b82f3a2d199fbed7b27268d9251b855fe2310d757d7b98db5a0e56956612794d6fce8035d30a6b9cecbd1262c570f0c01430e6e11459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.Windows.dll.genman

Filesize
1KB

MD5
9a91308c9b52b96c012f0c14581d4445

SHA1
8040d311e2b073309a11a8707ef07b9d8dced891

SHA256
293e2eafed2e158baa0e2c7c855ad68618b7fef29fbc799aa0bdf551e2c93300

SHA512
927af7affc50c8662ab140621841ec1eec07f47a51e3a590632e6977d69154c9e3d7c020754629b63b46116bb9f05cd2c38e1173879e4365f5d04751ea64941a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.WindowsBackstageShell.exe

Filesize
52KB

MD5
dd9d8572ac8b91f6844e9e8a28684577

SHA1
5e86a97c1c51a01766715628aa5ee965fd2948ae

SHA256
a2409879344f21a45175a17f857b4c027087200f4892810994715a189f2a6280

SHA512
c89359a6fdb4bbfa19f3d1e16e8d31bcc1e2845a7eb39427063c918cdfb9c24314c28afa4c3bc7a87879dd28dcfb7fe9cd3539366b2fbeed4f78e5dbf9e1e33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.WindowsClient.exe

Filesize
561KB

MD5
254a33ec9d5391577b95d2cea3cf06d8

SHA1
a23587d95e94d7d5222b675867b3d525c2b4db5f

SHA256
6bd3ab0299b3826e476461caf1244e672d9f12858243921beb3939134618b790

SHA512
e9a7550678d11b86032869a888bef1fe75d89eb895ae561937a26a6b364fa78f5903c53ad0ee74bdb2e235baa5570b16cfa97133e060ceb3033d469f62712bb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.WindowsClient.exe.config

Filesize
266B

MD5
728175e20ffbceb46760bb5e1112f38b

SHA1
2421add1f3c9c5ed9c80b339881d08ab10b340e3

SHA256
87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

SHA512
fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.WindowsClient.exe.genman

Filesize
2KB

MD5
3f462b9b4d5ae0d9928a86cc95e30e95

SHA1
ab9914088776994af9df487be0453af0b825a93a

SHA256
b08049bd6006e44ec8ecb301cfde944ca29572a783cb8aee59a0accef2e9bab4

SHA512
2e1ff89dbae65e48aaf79f1e239265254a45ddf725559d078a40b59dea07f177887caa2d17d80506ac55447852e5d86863457970550b21ba884acd0f71e8957a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\CMAPXJK4.7KT\1ZX5GZJN.88Q\ScreenConnect.WindowsClient.exe.manifest

Filesize
16KB

MD5
9165412ee08839b9702bd4971864a133

SHA1
a229e0582dc95272bc15acd59b73b5b6c8c5abcd

SHA256
6bb1c1aa5663ad33eda2256037da8e7439502c206d4c0047270a2fd1f006bb50

SHA512
7b84ce7685daca320545ec6a0dd55e7f4d85bb53f58f8feb163439cc06357e17cbb4e021dd957a7af6287fe34b3379db85dd452ebe118ce4023394d5a18a62e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\P2K8OY5N.PLM\9TWKPCLC.HJH.application

Filesize
109KB

MD5
18ced9336f469700ef68ac7150f21d08

SHA1
903a7eb58c6849ec40e11022c16c90aef9f3346e

SHA256
fddbdc6410bf19c6fe0c7bafe0f3f0bd2e7e58829b3f431ecb58bec44ff64e04

SHA512
179670f00704b1c12b6e89a4e48d5723a2b5b0a9575282523664e24d9b2ff8358be4082086b3a02d96a3dbd701c1bd4761888a4953f98e8988455a63dff67efb

Download Submit
memory/64-521-0x000000001B850000-0x000000001B860000-memory.dmp

Filesize
64KB

Download
memory/2956-503-0x0000000003C90000-0x0000000003CE0000-memory.dmp

Filesize
320KB

Download
memory/2956-490-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2956-506-0x0000000003CE0000-0x0000000003D12000-memory.dmp

Filesize
200KB

Download
memory/2956-520-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2956-519-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2956-493-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2956-501-0x00000000044F0000-0x0000000004A94000-memory.dmp

Filesize
5.6MB

Download
memory/2956-507-0x0000000003FE0000-0x0000000004072000-memory.dmp

Filesize
584KB

Download
memory/2956-518-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2956-500-0x0000000003DA0000-0x0000000003F40000-memory.dmp

Filesize
1.6MB

Download
memory/2956-497-0x0000000003AF0000-0x0000000003B00000-memory.dmp

Filesize
64KB

Download
memory/2960-477-0x0000000004D70000-0x0000000004D84000-memory.dmp

Filesize
80KB

Download
memory/2960-485-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/2960-482-0x0000000004E90000-0x0000000004F10000-memory.dmp

Filesize
512KB

Download
memory/2960-484-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/3852-189-0x0000015D54E40000-0x0000015D54EC0000-memory.dmp

Filesize
512KB

Download
memory/3852-134-0x0000015D503B0000-0x0000015D50536000-memory.dmp

Filesize
1.5MB

Download
memory/3852-183-0x0000015D54DC0000-0x0000015D54DF2000-memory.dmp

Filesize
200KB

Download
memory/3852-143-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-165-0x0000015D55100000-0x0000015D552A0000-memory.dmp

Filesize
1.6MB

Download
memory/3852-138-0x0000015D548D0000-0x0000015D54920000-memory.dmp

Filesize
320KB

Download
memory/3852-135-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-163-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-133-0x0000015D35DF0000-0x0000015D35DF8000-memory.dmp

Filesize
32KB

Download
memory/3852-514-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-502-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-517-0x0000015D503A0000-0x0000015D503B0000-memory.dmp

Filesize
64KB

Download
memory/3852-172-0x0000015D54830000-0x0000015D54844000-memory.dmp

Filesize
80KB

Download
memory/3852-177-0x0000015D54E50000-0x0000015D54EE0000-memory.dmp

Filesize
576KB

Download
memory/4804-483-0x0000000000BE0000-0x0000000000BF0000-memory.dmp

Filesize
64KB

Download
memory/4804-455-0x0000000000380000-0x0000000000410000-memory.dmp

Filesize
576KB

Download