ec868c3afd5037cb16e9735a2cdb0a87928f91704cb330b8a9e8a1a2c48d02b9

Analysis

max time kernel
135s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trueconf_client_x64.exe
Size

165.6MB
MD5

d03ef1d566dcac5f9e2d49f4ed84e53a
SHA1

cfac2dd529b0bb1b3876d7a704980a2bcd755c54
SHA256

ec868c3afd5037cb16e9735a2cdb0a87928f91704cb330b8a9e8a1a2c48d02b9
SHA512

e61a742615632cfb19b2fa57520ffeb54462cecc0eb88f2fea1090fc7e3b26dad04c1575a0645aa85c071fdb15cbf7b4e16dbca4516a22448cb1f71ec71db074
SSDEEP

3145728:W6U4S+4K0osmMZIXg08WLDcaNvmy6/KveF+r+xDCSs7kl2EnKglmkA2pgHzOo:WySw01BIQCmyW7R4LEnKJIgHzOo

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 4 IoCs

evasion

Windows Service

T1543.003

pid	Process
4216	netsh.exe
3636	netsh.exe
4132	netsh.exe
3144	netsh.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TrueConf = "C:\\Program Files\\TrueConf\\Client\\TrueConf.exe --min"	trueconf_client_x64.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Material\is-9UJUP.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Window.2\is-C8113.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-ENIKP.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-RENCK.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-2CVOG.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-5FHP4.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-LF074.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-2HPSR.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-LMK3J.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Imagine\is-QUPHT.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\is-AH9AN.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtWebChannel\is-N1O5R.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\qmltooling\qmldbg_tcp.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-Q5T9D.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-1CK0E.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-22FID.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-DFJV1.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-7QLTU.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Imagine\is-H2B5M.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\qml\is-3EDJ4.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\api-ms-win-crt-runtime-l1-1-0.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\images\is-U95SO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Desktop\is-QD172.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-797VQ.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Material\is-RHQM8.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick.2\is-TKC6O.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-CIA4Q.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-6CI6H.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\WinExtensionsUWP.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-TPE5A.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\images\is-CGTQH.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-6II7E.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-NB8FH.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-P7DCF.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Imagine\is-VR6JT.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-3ARH6.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\is-2LDGD.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\fonts\is-0TC6N.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-9TSTV.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\openvino_ir_frontend.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtGraphicalEffects\is-HG9PC.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\images\is-245CO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-G3H6S.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Dialogs\is-5RCF1.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-T7EVB.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-IP8TQ.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\msvcp140_1.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Private\is-QV5MD.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-9L02E.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\api-ms-win-crt-filesystem-l1-1-0.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls.2\Universal\is-GDKTC.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\icudt58.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\Styles\Base\is-Q30O5.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-4683K.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\api-ms-win-crt-math-l1-1-0.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-JMA4L.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\QtQuick\Controls\is-NS8L0.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\Qt5WebEngine.dll	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\api-ms-win-core-sysinfo-l1-2-0.dll	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-DJ3RO.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-EMD6M.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\is-FAVC5.tmp	trueconf_client_x64.tmp
File created	C:\Program Files\TrueConf\Client\fonts\is-2JKM4.tmp	trueconf_client_x64.tmp
File opened for modification	C:\Program Files\TrueConf\Client\imageformats\qjpeg.dll	trueconf_client_x64.tmp

Executes dropped EXE 2 IoCs

pid	Process
60	trueconf_client_x64.tmp
1976	TrueConf.exe

Loads dropped DLL 62 IoCs

pid	Process
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with WMI 1 IoCs

evasion

pid	Process
3320	WMIC.exe

Modifies registry class 36 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\shell\open	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\shell\open	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\DefaultIcon\ = "C:\\Program Files\\TrueConf\\Client\\mainicon.ico"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\DefaultIcon	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\DefaultIcon\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\",0"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open\command	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" visicall %1"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\ = "TrueConf.Slideshow.1"	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\shell	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\DefaultIcon	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\visicall\URL Protocol	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\shell	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" trueconf %1"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.slides\DefaultIcon	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" trueconf %1"	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\trueconf\shell\open\command	trueconf_client_x64.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\shell\open\command\ = "\"C:\\Program Files\\TrueConf\\Client\\TrueConf.exe\" visicall %1"	trueconf_client_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trueconf\shell\open\command	trueconf_client_x64.tmp
Key created	\REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000_Classes\visicall\shell\open\command	trueconf_client_x64.tmp

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1976	TrueConf.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
60	trueconf_client_x64.tmp
60	trueconf_client_x64.tmp
1976	TrueConf.exe
1976	TrueConf.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1976	TrueConf.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3320	WMIC.exe
Token: SeSecurityPrivilege	3320	WMIC.exe
Token: SeTakeOwnershipPrivilege	3320	WMIC.exe
Token: SeLoadDriverPrivilege	3320	WMIC.exe
Token: SeSystemProfilePrivilege	3320	WMIC.exe
Token: SeSystemtimePrivilege	3320	WMIC.exe
Token: SeProfSingleProcessPrivilege	3320	WMIC.exe
Token: SeIncBasePriorityPrivilege	3320	WMIC.exe
Token: SeCreatePagefilePrivilege	3320	WMIC.exe
Token: SeBackupPrivilege	3320	WMIC.exe
Token: SeRestorePrivilege	3320	WMIC.exe
Token: SeShutdownPrivilege	3320	WMIC.exe
Token: SeDebugPrivilege	3320	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3320	WMIC.exe
Token: SeRemoteShutdownPrivilege	3320	WMIC.exe
Token: SeUndockPrivilege	3320	WMIC.exe
Token: SeManageVolumePrivilege	3320	WMIC.exe
Token: 33	3320	WMIC.exe
Token: 34	3320	WMIC.exe
Token: 35	3320	WMIC.exe
Token: 36	3320	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3320	WMIC.exe
Token: SeSecurityPrivilege	3320	WMIC.exe
Token: SeTakeOwnershipPrivilege	3320	WMIC.exe
Token: SeLoadDriverPrivilege	3320	WMIC.exe
Token: SeSystemProfilePrivilege	3320	WMIC.exe
Token: SeSystemtimePrivilege	3320	WMIC.exe
Token: SeProfSingleProcessPrivilege	3320	WMIC.exe
Token: SeIncBasePriorityPrivilege	3320	WMIC.exe
Token: SeCreatePagefilePrivilege	3320	WMIC.exe
Token: SeBackupPrivilege	3320	WMIC.exe
Token: SeRestorePrivilege	3320	WMIC.exe
Token: SeShutdownPrivilege	3320	WMIC.exe
Token: SeDebugPrivilege	3320	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3320	WMIC.exe
Token: SeRemoteShutdownPrivilege	3320	WMIC.exe
Token: SeUndockPrivilege	3320	WMIC.exe
Token: SeManageVolumePrivilege	3320	WMIC.exe
Token: 33	3320	WMIC.exe
Token: 34	3320	WMIC.exe
Token: 35	3320	WMIC.exe
Token: 36	3320	WMIC.exe
Token: 33	888	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	888	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
60	trueconf_client_x64.tmp
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe
1976	TrueConf.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 60	2444	trueconf_client_x64.exe	90
PID 2444 wrote to memory of 60	2444	trueconf_client_x64.exe	90
PID 2444 wrote to memory of 60	2444	trueconf_client_x64.exe	90
PID 60 wrote to memory of 3320	60	trueconf_client_x64.tmp	92
PID 60 wrote to memory of 3320	60	trueconf_client_x64.tmp	92
PID 60 wrote to memory of 4216	60	trueconf_client_x64.tmp	97
PID 60 wrote to memory of 4216	60	trueconf_client_x64.tmp	97
PID 60 wrote to memory of 3636	60	trueconf_client_x64.tmp	100
PID 60 wrote to memory of 3636	60	trueconf_client_x64.tmp	100
PID 60 wrote to memory of 4132	60	trueconf_client_x64.tmp	102
PID 60 wrote to memory of 4132	60	trueconf_client_x64.tmp	102
PID 60 wrote to memory of 3144	60	trueconf_client_x64.tmp	104
PID 60 wrote to memory of 3144	60	trueconf_client_x64.tmp	104
PID 60 wrote to memory of 1976	60	trueconf_client_x64.tmp	106
PID 60 wrote to memory of 1976	60	trueconf_client_x64.tmp	106

C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe
"C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\is-6U4H6.tmp\trueconf_client_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6U4H6.tmp\trueconf_client_x64.tmp" /SL5="$80062,172591767,1112064,C:\Users\Admin\AppData\Local\Temp\trueconf_client_x64.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:60
- - C:\Windows\System32\Wbem\WMIC.exe
    "WMIC" PROCESS WHERE name="Trueconf.exe" call terminate
    3⤵
    - Kills process with WMI
    - Suspicious use of AdjustPrivilegeToken
    PID:3320
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall delete rule name="TrueConf.exe" program="C:\Program Files\TrueConf\Client\TrueConf.exe"
    3⤵
    - Modifies Windows Firewall
    PID:4216
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall delete rule name="ExecutorServer.exe" program="C:\Program Files\TrueConf\Client\ExecutorServer.exe"
    3⤵
    - Modifies Windows Firewall
    PID:3636
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall add rule name="TrueConf.exe" dir=in action=allow program="C:\Program Files\TrueConf\Client\TrueConf.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    PID:4132
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall add rule name="ExecutorServer.exe" dir=in action=allow program="C:\Program Files\TrueConf\Client\ExecutorServer.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    PID:3144
- - C:\Program Files\TrueConf\Client\TrueConf.exe
    "C:\Program Files\TrueConf\Client\TrueConf.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\TrueConf\Client\HidLib.dll

Filesize
86KB

MD5
acace5f52cd7d26aaeab955f89720474

SHA1
14ab6b340ba96a5cb575d54298af387777411b4a

SHA256
e2b1a657580b1e4ad72b981856d0608f3151dca27e50c6cf2671fd19901d8f31

SHA512
212b30b0633df9a884199372249729bbfdf941c1b162d2e3e6a1ad63423e5e397b0e4363913a1f441bdb9454871120100f69828a821ade44b81997213ab41838

Download Submit
C:\Program Files\TrueConf\Client\HidLib.dll

Filesize
86KB

MD5
acace5f52cd7d26aaeab955f89720474

SHA1
14ab6b340ba96a5cb575d54298af387777411b4a

SHA256
e2b1a657580b1e4ad72b981856d0608f3151dca27e50c6cf2671fd19901d8f31

SHA512
212b30b0633df9a884199372249729bbfdf941c1b162d2e3e6a1ad63423e5e397b0e4363913a1f441bdb9454871120100f69828a821ade44b81997213ab41838

Download Submit
C:\Program Files\TrueConf\Client\MSVCP140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
C:\Program Files\TrueConf\Client\MSVCP140_CODECVT_IDS.dll

Filesize
19KB

MD5
c262acbf93db7a12ee5741641bf96c9b

SHA1
8a109e0b3be05b96e463dbbba93a89d94e8e6e16

SHA256
ad8627ab2af003e47f62ed2b4e41460cd4b66b06b63f573456f2db41d60ad180

SHA512
77afbded95416b007e54e562c40b0dfe9e2687387b96e200f8cf8e1bcebd221e47de2127a143784d4e39bcae09b1d3d3e722a1106ff6ad6e61b37c0481d6a1ff

Download Submit
C:\Program Files\TrueConf\Client\Qt5Concurrent.dll

Filesize
36KB

MD5
0c002615be4b6da9411ff31a14fa4d11

SHA1
3cb34ec4dfce44333baea06b605c2f2e63fabf0a

SHA256
2d4528d0127fd16341f829c0a946718d6ac919df28a0dfb62c23ea96cf582be4

SHA512
e47e0fffe7774c09e8e5c98fefcaaad0ed10880a668f4b1c8613d9228a742d3768c47fe5f8ec8903026269dc53bd90b1c919553a976aa4917d98eff72f2fa5fd

Download Submit
C:\Program Files\TrueConf\Client\Qt5Concurrent.dll

Filesize
36KB

MD5
0c002615be4b6da9411ff31a14fa4d11

SHA1
3cb34ec4dfce44333baea06b605c2f2e63fabf0a

SHA256
2d4528d0127fd16341f829c0a946718d6ac919df28a0dfb62c23ea96cf582be4

SHA512
e47e0fffe7774c09e8e5c98fefcaaad0ed10880a668f4b1c8613d9228a742d3768c47fe5f8ec8903026269dc53bd90b1c919553a976aa4917d98eff72f2fa5fd

Download Submit
C:\Program Files\TrueConf\Client\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\TrueConf\Client\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Program Files\TrueConf\Client\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\TrueConf\Client\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Program Files\TrueConf\Client\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\TrueConf\Client\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Program Files\TrueConf\Client\Qt5Positioning.dll

Filesize
319KB

MD5
951a620ea4e74688712d9bb812c9f574

SHA1
8358633194c217616632ccdaa2b608666411ca10

SHA256
f72b4755f55399a9f4c4c773a0d33255167d780ce4453ed6a46ea5b68c7e4187

SHA512
680fe2eed8324d7bbff0d5580a9cc2f7191334e340252996375d944b23e7360b830a578f3ce6f9ba640e5cf18a0d286bb98b3511130b974896b54002d18f0b70

Download Submit
C:\Program Files\TrueConf\Client\Qt5Positioning.dll

Filesize
319KB

MD5
951a620ea4e74688712d9bb812c9f574

SHA1
8358633194c217616632ccdaa2b608666411ca10

SHA256
f72b4755f55399a9f4c4c773a0d33255167d780ce4453ed6a46ea5b68c7e4187

SHA512
680fe2eed8324d7bbff0d5580a9cc2f7191334e340252996375d944b23e7360b830a578f3ce6f9ba640e5cf18a0d286bb98b3511130b974896b54002d18f0b70

Download Submit
C:\Program Files\TrueConf\Client\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
C:\Program Files\TrueConf\Client\Qt5Qml.dll

Filesize
3.8MB

MD5
bb53b42e1676fcdb5d5e71664ca592ba

SHA1
a781aaf2600658e868ba6950721ad8ced6ffb6d4

SHA256
a473856364e00c6fc9c25508089f078665464a64d5b50c8a1b48a853709bcf23

SHA512
53e6f72516f71b54179935829d1b425a43e5e65a211759bb2f1ef44815d6cc0e09cc651919436402983b41e51dc683d45c4683ae7131a0aa056244d3508e4e48

Download Submit
C:\Program Files\TrueConf\Client\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
C:\Program Files\TrueConf\Client\Qt5Quick.dll

Filesize
3.6MB

MD5
c01cab6389a0b21d61bb77e56fd898aa

SHA1
84153b02aec718ae0881158dec3c5de257ef89f7

SHA256
d93f6a371e4fd92740d0c46dbf4a9ac82f2e79444a34a36d0be82266ed4fd93a

SHA512
3a351b5d71a7b0711d9117bb0ed04ca194e77684bd57314939e5dcbc4430b0f6fb8865f2f3427e0c9c0a1e662048fbd79f020b7e64bd3e3e4759f83fab103d16

Download Submit
C:\Program Files\TrueConf\Client\Qt5Svg.dll

Filesize
336KB

MD5
9ada34c1b3c0165abee9a3194c543e35

SHA1
c7343fb2d1d13852084f5831b3c63c71ffa9cf3e

SHA256
c795950ce4a2c34a0973738376118fb2172af588430d5eb8527dd6f0d4ca3d1f

SHA512
ff13346545b9eb2bdfd77869f27a826a5214fda723eef3c8f9f8151fd6a7f57773ae185d12bbc91278ca9ce24d40dc97e703f5febdc6d8564197d7fff17a977d

Download Submit
C:\Program Files\TrueConf\Client\Qt5Svg.dll

Filesize
336KB

MD5
9ada34c1b3c0165abee9a3194c543e35

SHA1
c7343fb2d1d13852084f5831b3c63c71ffa9cf3e

SHA256
c795950ce4a2c34a0973738376118fb2172af588430d5eb8527dd6f0d4ca3d1f

SHA512
ff13346545b9eb2bdfd77869f27a826a5214fda723eef3c8f9f8151fd6a7f57773ae185d12bbc91278ca9ce24d40dc97e703f5febdc6d8564197d7fff17a977d

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebChannel.dll

Filesize
124KB

MD5
a98a422c79998435fff87542b96e2f14

SHA1
9e4f98170e4da22ae57d5b5591ef88f4585fd324

SHA256
7b831c470cfb32990b68320d8eaf5665f21c4c98107b8b38a8f37adfa2df7204

SHA512
97e1ef94f03133a9cb684a08eb08f6055133812f560e937607072f9288a659b1b9fd7d6ee3fbf9adf3172b7cae8a2d92961e7610e7a9237cab34e5701f3102ac

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebChannel.dll

Filesize
124KB

MD5
a98a422c79998435fff87542b96e2f14

SHA1
9e4f98170e4da22ae57d5b5591ef88f4585fd324

SHA256
7b831c470cfb32990b68320d8eaf5665f21c4c98107b8b38a8f37adfa2df7204

SHA512
97e1ef94f03133a9cb684a08eb08f6055133812f560e937607072f9288a659b1b9fd7d6ee3fbf9adf3172b7cae8a2d92961e7610e7a9237cab34e5701f3102ac

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebEngine.dll

Filesize
349KB

MD5
21b79689fd3c9d28c8ce10d34b7cb23a

SHA1
25dd3be75b8f208267101b21eebfdd11ffa2a520

SHA256
9df0cef7a8e9b33058df0e9b08c33f9de56465893ae517448b23495212d92eb9

SHA512
7451ecd1cac937ca27c6dbfea8a8e4289366cc293d37f96f091742b616d5e6a36edee3941a46d3916004e117e42adc4fe7bf215da6c1d7300367b9e541ca873a

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebEngine.dll

Filesize
349KB

MD5
21b79689fd3c9d28c8ce10d34b7cb23a

SHA1
25dd3be75b8f208267101b21eebfdd11ffa2a520

SHA256
9df0cef7a8e9b33058df0e9b08c33f9de56465893ae517448b23495212d92eb9

SHA512
7451ecd1cac937ca27c6dbfea8a8e4289366cc293d37f96f091742b616d5e6a36edee3941a46d3916004e117e42adc4fe7bf215da6c1d7300367b9e541ca873a

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebEngineCore.dll

Filesize
78.0MB

MD5
f58c2126274f4ee7398398f5934085d2

SHA1
64a71637bc7aeb8fbf9b17cc97d8424ce44d079e

SHA256
18330b85f98919fcde596c4b4d48105581e7e7a93a5392bef0ac4f538a8f2c63

SHA512
19b57bd60cb1ecbe40a54d1312be3481664681a321497a8c65889a592680a8b6a9a7e7d0a7a50289f445ada62d1c6f37fcd5991eab5c18a168ec531b471d704f

Download Submit
C:\Program Files\TrueConf\Client\Qt5WebEngineCore.dll

Filesize
78.0MB

MD5
f58c2126274f4ee7398398f5934085d2

SHA1
64a71637bc7aeb8fbf9b17cc97d8424ce44d079e

SHA256
18330b85f98919fcde596c4b4d48105581e7e7a93a5392bef0ac4f538a8f2c63

SHA512
19b57bd60cb1ecbe40a54d1312be3481664681a321497a8c65889a592680a8b6a9a7e7d0a7a50289f445ada62d1c6f37fcd5991eab5c18a168ec531b471d704f

Download Submit
C:\Program Files\TrueConf\Client\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Program Files\TrueConf\Client\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Program Files\TrueConf\Client\Qt5Xml.dll

Filesize
197KB

MD5
8a8a6fda645d90d62fd966ee17a33c62

SHA1
ef9196a9e1c19010c3698c36fd89578d6c059e20

SHA256
1996cf6d04213cba1d56c29085d266e4d5e09a6607f825cbc24cdc0d288cb838

SHA512
b4eff5cfa1d23024252396cb2e5f34512f676ab354f59ce4d5751ca2379768c9b1afc3c7eea2e181df280fec1a3cd0a891719dc67136267d6babf8c25bfcbeeb

Download Submit
C:\Program Files\TrueConf\Client\Qt5Xml.dll

Filesize
197KB

MD5
8a8a6fda645d90d62fd966ee17a33c62

SHA1
ef9196a9e1c19010c3698c36fd89578d6c059e20

SHA256
1996cf6d04213cba1d56c29085d266e4d5e09a6607f825cbc24cdc0d288cb838

SHA512
b4eff5cfa1d23024252396cb2e5f34512f676ab354f59ce4d5751ca2379768c9b1afc3c7eea2e181df280fec1a3cd0a891719dc67136267d6babf8c25bfcbeeb

Download Submit
C:\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
C:\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
C:\Program Files\TrueConf\Client\TrueConf.exe

Filesize
114.3MB

MD5
d007ad7d7a1c756433ab842b13f861ea

SHA1
92064dc22b356fc5137e3ecb81c4fb7b5d93efe9

SHA256
ebee3ea8762fc4726c5becac1005232b0a1f136d23a12fce65dce04fc2e5e130

SHA512
9d5c6734aac89c015ccbef32c9ed45cb16bcb2404568f5c6b4596b576e376d198fad7a8e9c6ac135436e97eb3a68044a37b07548a2362981e6fa95faad0bb91d

Download Submit
C:\Program Files\TrueConf\Client\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Program Files\TrueConf\Client\VCRUNTIME140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Program Files\TrueConf\Client\archive.dll

Filesize
870KB

MD5
dc581e89113f1c494683dda1d0a092c7

SHA1
14527c46792c8f7ecf0ce87645e142784dde2949

SHA256
22364d6db00cbcbd85abe34a1288be044c7911a4bc587cac75f3833a5cef57fc

SHA512
509535befddcb6679ce31d846399b40e156c18828d3a0091f6b72c30280773910545722e1ad8b0ac10c1847a457eb61e92a2ce30b717e541f2df54dc09a822b2

Download Submit
C:\Program Files\TrueConf\Client\archive.dll

Filesize
870KB

MD5
dc581e89113f1c494683dda1d0a092c7

SHA1
14527c46792c8f7ecf0ce87645e142784dde2949

SHA256
22364d6db00cbcbd85abe34a1288be044c7911a4bc587cac75f3833a5cef57fc

SHA512
509535befddcb6679ce31d846399b40e156c18828d3a0091f6b72c30280773910545722e1ad8b0ac10c1847a457eb61e92a2ce30b717e541f2df54dc09a822b2

Download Submit
C:\Program Files\TrueConf\Client\driver_black_list.json

Filesize
1KB

MD5
22903b266aaea9247b3680cbf5bab13b

SHA1
0875b50ce0b69fec009e338844e6131c398fb48b

SHA256
cb011feb5e4cfc03879585600f3513dcf77dae03a6edf28762a86e9bb2f862c4

SHA512
413f717e67dcf3ec8c6ee2f255e1d160294f44ffd13c26c44af70b674a4f381e089e54c5a0237a6c2f0691e377b7a7cb9b68134f4139b04fd780eaed89d84269

Download Submit
C:\Program Files\TrueConf\Client\gsl.dll

Filesize
2.6MB

MD5
a639979567332dac956838da35d38222

SHA1
a4c3e4f331ba3f1954768f91cd5f42434c350719

SHA256
4753a31849d23ec8e39fb9db77afaca42970a79780f10747142dfd88a6ff0ac9

SHA512
fd1879d7a33cbf7fc3cb7b6d9f680e88f0bc2e2ac6d9e985e930c1e276145005fd2b79a6bf4d0d0c4c33eef50492282c23728b7199c67c5f6a677c6a8813ada7

Download Submit
C:\Program Files\TrueConf\Client\gsl.dll

Filesize
2.6MB

MD5
a639979567332dac956838da35d38222

SHA1
a4c3e4f331ba3f1954768f91cd5f42434c350719

SHA256
4753a31849d23ec8e39fb9db77afaca42970a79780f10747142dfd88a6ff0ac9

SHA512
fd1879d7a33cbf7fc3cb7b6d9f680e88f0bc2e2ac6d9e985e930c1e276145005fd2b79a6bf4d0d0c4c33eef50492282c23728b7199c67c5f6a677c6a8813ada7

Download Submit
C:\Program Files\TrueConf\Client\gslcblas.dll

Filesize
407KB

MD5
398fdbf2636f24d6b0cbfcc855445b3c

SHA1
0365ddd205cab9b588c6948fc8cf57f0a09d5ab6

SHA256
b06eba177babf8397541979d008636d4519c58102452fd7f62b729c130da1aff

SHA512
d5f9868afb0b49715022223579318d3f49dd188acacb634806ecf9e4d7b9605d674642de5482923bd0cd4b7dc6cd675bf5419b08239bdeae734078a71bf1f0f2

Download Submit
C:\Program Files\TrueConf\Client\gslcblas.dll

Filesize
407KB

MD5
398fdbf2636f24d6b0cbfcc855445b3c

SHA1
0365ddd205cab9b588c6948fc8cf57f0a09d5ab6

SHA256
b06eba177babf8397541979d008636d4519c58102452fd7f62b729c130da1aff

SHA512
d5f9868afb0b49715022223579318d3f49dd188acacb634806ecf9e4d7b9605d674642de5482923bd0cd4b7dc6cd675bf5419b08239bdeae734078a71bf1f0f2

Download Submit
C:\Program Files\TrueConf\Client\icudt58.dll

Filesize
25.0MB

MD5
226c9eac6300980edb488b0bd20d502f

SHA1
7c0b130978ec6f44d0096a46acb957170741a084

SHA256
080826054aa27c2ced8ae7be485e4cc62a352844be7ee458d483f08d5b412516

SHA512
2ea672bfe6dd88da4a98fc1288c2849961bca71cf62123060b179185d88ffc2bbca820c0b2f4b302ee57fa8920f3b6f9e8624a8c058435f821cdb95cec3f755a

Download Submit
C:\Program Files\TrueConf\Client\icudt58.dll

Filesize
25.0MB

MD5
226c9eac6300980edb488b0bd20d502f

SHA1
7c0b130978ec6f44d0096a46acb957170741a084

SHA256
080826054aa27c2ced8ae7be485e4cc62a352844be7ee458d483f08d5b412516

SHA512
2ea672bfe6dd88da4a98fc1288c2849961bca71cf62123060b179185d88ffc2bbca820c0b2f4b302ee57fa8920f3b6f9e8624a8c058435f821cdb95cec3f755a

Download Submit
C:\Program Files\TrueConf\Client\icudt58.dll

Filesize
25.0MB

MD5
226c9eac6300980edb488b0bd20d502f

SHA1
7c0b130978ec6f44d0096a46acb957170741a084

SHA256
080826054aa27c2ced8ae7be485e4cc62a352844be7ee458d483f08d5b412516

SHA512
2ea672bfe6dd88da4a98fc1288c2849961bca71cf62123060b179185d88ffc2bbca820c0b2f4b302ee57fa8920f3b6f9e8624a8c058435f821cdb95cec3f755a

Download Submit
C:\Program Files\TrueConf\Client\icuin58.dll

Filesize
2.0MB

MD5
9575faf927fcc0a94acf0f2d0ee4cf6d

SHA1
2a548436f1a7c6266a0bdf11029e0fedc6491b94

SHA256
e17ca1abed6fda40b3c5bc904547940e27e76b1bb0ad098e33c98528971f064b

SHA512
c13848c7c15da758d0ba1b926742755acd6615c9f071cde51b24ec8e5188661878ca85fee251c7ad86ad504437afc47b191248e103c89855e82b71568b04923e

Download Submit
C:\Program Files\TrueConf\Client\icuin58.dll

Filesize
2.0MB

MD5
9575faf927fcc0a94acf0f2d0ee4cf6d

SHA1
2a548436f1a7c6266a0bdf11029e0fedc6491b94

SHA256
e17ca1abed6fda40b3c5bc904547940e27e76b1bb0ad098e33c98528971f064b

SHA512
c13848c7c15da758d0ba1b926742755acd6615c9f071cde51b24ec8e5188661878ca85fee251c7ad86ad504437afc47b191248e103c89855e82b71568b04923e

Download Submit
C:\Program Files\TrueConf\Client\icuuc58.dll

Filesize
1.4MB

MD5
73143a8be38b4895bc3bfde4682f23d6

SHA1
4dea4ad44a51ba10a1a1beb70831ac02ea7fcb2a

SHA256
31146e391c488b32867a8fe708d28ef9953bfe79738b4b21738c779595b82be1

SHA512
a45997edf17ce101b7b815f3e3b2d7c706a4eeaea1be260210dd779cb3ab635e8bccc6cb538b723abdc3da03e6cbec647a61df55f82f9433d8518210f1613d75

Download Submit
C:\Program Files\TrueConf\Client\icuuc58.dll

Filesize
1.4MB

MD5
73143a8be38b4895bc3bfde4682f23d6

SHA1
4dea4ad44a51ba10a1a1beb70831ac02ea7fcb2a

SHA256
31146e391c488b32867a8fe708d28ef9953bfe79738b4b21738c779595b82be1

SHA512
a45997edf17ce101b7b815f3e3b2d7c706a4eeaea1be260210dd779cb3ab635e8bccc6cb538b723abdc3da03e6cbec647a61df55f82f9433d8518210f1613d75

Download Submit
C:\Program Files\TrueConf\Client\libEGL.dll

Filesize
27KB

MD5
185c660a9f1bec716a5d8ceaa936ae9e

SHA1
1c6ac11bd9803bf293b0115f32d17e6f3b2715a5

SHA256
d2a16238e769a4554fc2bcbb50521bdcc92e128b2f2c0b9ad2ed55104d79a3ef

SHA512
7f8e89cd866ffdf5ba8d8c7312b15296801fb60eec94e5144128fe86344b019639b00df3c786a9019efc2ca851365767f9673f5bc5551d1bb8c5694b96fa7b8f

Download Submit
C:\Program Files\TrueConf\Client\libEGL.dll

Filesize
27KB

MD5
185c660a9f1bec716a5d8ceaa936ae9e

SHA1
1c6ac11bd9803bf293b0115f32d17e6f3b2715a5

SHA256
d2a16238e769a4554fc2bcbb50521bdcc92e128b2f2c0b9ad2ed55104d79a3ef

SHA512
7f8e89cd866ffdf5ba8d8c7312b15296801fb60eec94e5144128fe86344b019639b00df3c786a9019efc2ca851365767f9673f5bc5551d1bb8c5694b96fa7b8f

Download Submit
C:\Program Files\TrueConf\Client\libGLESV2.dll

Filesize
3.4MB

MD5
a24dbe7f6dc8a5c8ed76a97379e0c35f

SHA1
3618b0350a07c45b59702b251fef951f4d33aafa

SHA256
ab9da3ae64bc7fd2278324c2fe8802b4cd59fb9930fcc1da541c33fe6da07f02

SHA512
1069c8bada360966e386c543ae6ce431a7aaab72cfc2d6aa4d426e1e044474517bece8e8d91185a3a109f586aca7187093d5ec980cf4f7170788707a5ffaa589

Download Submit
C:\Program Files\TrueConf\Client\libGLESv2.dll

Filesize
3.4MB

MD5
a24dbe7f6dc8a5c8ed76a97379e0c35f

SHA1
3618b0350a07c45b59702b251fef951f4d33aafa

SHA256
ab9da3ae64bc7fd2278324c2fe8802b4cd59fb9930fcc1da541c33fe6da07f02

SHA512
1069c8bada360966e386c543ae6ce431a7aaab72cfc2d6aa4d426e1e044474517bece8e8d91185a3a109f586aca7187093d5ec980cf4f7170788707a5ffaa589

Download Submit
C:\Program Files\TrueConf\Client\libmp3lame.DLL

Filesize
888KB

MD5
981f506a319af92d3cdf066c8c3ef57c

SHA1
bb9a84dacab40f4beb971eb9981c28e03f0f4e49

SHA256
4b8a9f37eae21a097f3cf189070111415d2656dcbef40926057cc0bea5c9588d

SHA512
916f1c4ca7503942a7a286c129536930a89bddad62d40f259e0813c3d3faa36ec64d8520c65972d07c7118bc63591f255d679a87d12f09d6e3d496b532dac459

Download Submit
C:\Program Files\TrueConf\Client\libmp3lame.dll

Filesize
888KB

MD5
981f506a319af92d3cdf066c8c3ef57c

SHA1
bb9a84dacab40f4beb971eb9981c28e03f0f4e49

SHA256
4b8a9f37eae21a097f3cf189070111415d2656dcbef40926057cc0bea5c9588d

SHA512
916f1c4ca7503942a7a286c129536930a89bddad62d40f259e0813c3d3faa36ec64d8520c65972d07c7118bc63591f255d679a87d12f09d6e3d496b532dac459

Download Submit
C:\Program Files\TrueConf\Client\msvcp140.dll

Filesize
552KB

MD5
cb75d6437418afe1a7b52acf75730ff1

SHA1
54c2da9552671b161cc87eb50fbdb86319b00f56

SHA256
7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

SHA512
f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

Download Submit
C:\Program Files\TrueConf\Client\msvcp140_codecvt_ids.dll

Filesize
19KB

MD5
c262acbf93db7a12ee5741641bf96c9b

SHA1
8a109e0b3be05b96e463dbbba93a89d94e8e6e16

SHA256
ad8627ab2af003e47f62ed2b4e41460cd4b66b06b63f573456f2db41d60ad180

SHA512
77afbded95416b007e54e562c40b0dfe9e2687387b96e200f8cf8e1bcebd221e47de2127a143784d4e39bcae09b1d3d3e722a1106ff6ad6e61b37c0481d6a1ff

Download Submit
C:\Program Files\TrueConf\Client\openvino.dll

Filesize
10.5MB

MD5
c7f28c322c6f2196e1aabf4c3f55b93c

SHA1
e783c4bcc9920d8be0ac9b6152c47a9f2772ad95

SHA256
21baabbe6853dfb2e90cd435550d25b22dc5cfef1b8d5672395a3582ecbbe92c

SHA512
6d7189cdc71cb6129a62cd9fd676b3700320e246a6ac7e363d436be2d0a1093db9bc6b30c683e32d44fbe1a25ea03ff7d2e72a835b7aecb825ac1f8b54f69e9c

Download Submit
C:\Program Files\TrueConf\Client\openvino.dll

Filesize
10.5MB

MD5
c7f28c322c6f2196e1aabf4c3f55b93c

SHA1
e783c4bcc9920d8be0ac9b6152c47a9f2772ad95

SHA256
21baabbe6853dfb2e90cd435550d25b22dc5cfef1b8d5672395a3582ecbbe92c

SHA512
6d7189cdc71cb6129a62cd9fd676b3700320e246a6ac7e363d436be2d0a1093db9bc6b30c683e32d44fbe1a25ea03ff7d2e72a835b7aecb825ac1f8b54f69e9c

Download Submit
C:\Program Files\TrueConf\Client\tbb.dll

Filesize
391KB

MD5
b3422bcea38764a86721325cbc8dc78f

SHA1
fb492dae194a40383da3c6380d7bfa4a1a6b1daa

SHA256
65c44672160aee781bfcccb915af2e14299d1fa53461df8d5e1f7ca4c3f58095

SHA512
0c9bb6b817295f3313069c05f8c8f95a136b75e165a661292532525e98e2652bc4731a497195182069dba80282bf15af89aef4c653082ecca1c75eadff51ee4d

Download Submit
C:\Program Files\TrueConf\Client\tbb.dll

Filesize
391KB

MD5
b3422bcea38764a86721325cbc8dc78f

SHA1
fb492dae194a40383da3c6380d7bfa4a1a6b1daa

SHA256
65c44672160aee781bfcccb915af2e14299d1fa53461df8d5e1f7ca4c3f58095

SHA512
0c9bb6b817295f3313069c05f8c8f95a136b75e165a661292532525e98e2652bc4731a497195182069dba80282bf15af89aef4c653082ecca1c75eadff51ee4d

Download Submit
C:\Program Files\TrueConf\Client\unins000.exe

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
C:\Program Files\TrueConf\Client\vcruntime140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Program Files\TrueConf\Client\vcruntime140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6U4H6.tmp\trueconf_client_x64.tmp

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6U4H6.tmp\trueconf_client_x64.tmp

Filesize
3.3MB

MD5
e373fc29d7f2bed479e62a9aa485c414

SHA1
b3e69315a05f741959396e0693cfd89e595c7dcd

SHA256
62750d7403cdfbf4cd168d93d48277471865368dbad976b14f2b5c3247aa75d3

SHA512
ea380ed2f15c605d240526d16272f9e31c52cb088dcd6978068998934cfde4556b8123cd7dd49d5fc37f96d7359b1f32f4cbbc8804d577e438fccef421948ab2

Download Submit
memory/60-1768-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-9-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-1852-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-6-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/60-10-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/60-59-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-1621-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-1848-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/60-1781-0x0000000000400000-0x0000000000758000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1877-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1888-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1839-0x00007FFAD53B0000-0x00007FFAD5905000-memory.dmp

Filesize
5.3MB

Download
memory/1976-1911-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/1976-1910-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/1976-1841-0x00007FF668CD0000-0x00007FF669CD0000-memory.dmp

Filesize
16.0MB

Download
memory/1976-1867-0x000001F30F950000-0x000001F30FD90000-memory.dmp

Filesize
4.2MB

Download
memory/1976-1869-0x000001F30E360000-0x000001F30E560000-memory.dmp

Filesize
2.0MB

Download
memory/1976-1872-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1871-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1874-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1875-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1876-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1840-0x00007FFAD6530000-0x00007FFAD68D8000-memory.dmp

Filesize
3.7MB

Download
memory/1976-1878-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1879-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1880-0x000001F30E5B0000-0x000001F30E5B1000-memory.dmp

Filesize
4KB

Download
memory/1976-1882-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1881-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1884-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1885-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1886-0x000001F30E5D0000-0x000001F30E5D1000-memory.dmp

Filesize
4KB

Download
memory/1976-1887-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1909-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/1976-1889-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1891-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1890-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1892-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1893-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1894-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1896-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1895-0x000001F312860000-0x000001F312861000-memory.dmp

Filesize
4KB

Download
memory/1976-1898-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1899-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1900-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1901-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1902-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1904-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/1976-1906-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1905-0x000001F312870000-0x000001F312871000-memory.dmp

Filesize
4KB

Download
memory/1976-1907-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/1976-1908-0x000001F312880000-0x000001F312881000-memory.dmp

Filesize
4KB

Download
memory/2444-1-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2444-1857-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2444-8-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download