Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 10:08

General

  • Target

    9b7cdf3c7c71ce90aeff29d38794856f65aa1196438fd19dca9d3c5fc05f34a1.exe

  • Size

    84KB

  • MD5

    57de29d9191eeaab3247c3733e5010e8

  • SHA1

    ed060ed784e1b6e316b6932b10532ade97007025

  • SHA256

    9b7cdf3c7c71ce90aeff29d38794856f65aa1196438fd19dca9d3c5fc05f34a1

  • SHA512

    69ce89e315efb902aeb28bb46afc6827176ffdbd711002fd1f1a340411c47135e4ddffbe80e3b6570006852e960ae8a8bcabbd0a851ff74b78b7911bf9d4de51

  • SSDEEP

    1536:0azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7QYxrp:AFNpo6rIKlUE8fbkqRfbaQlaYYS5

Malware Config

Signatures

  • Downloads MZ/PE file
  • Manipulates Digital Signatures 1 TTPs 4 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 16 IoCs
  • Drops file in System32 directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 10 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b7cdf3c7c71ce90aeff29d38794856f65aa1196438fd19dca9d3c5fc05f34a1.exe
    "C:\Users\Admin\AppData\Local\Temp\9b7cdf3c7c71ce90aeff29d38794856f65aa1196438fd19dca9d3c5fc05f34a1.exe"
    1⤵
    • Manipulates Digital Signatures
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe
        "C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2620
        • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.ClientService.exe
          "C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-xvhd3k-relay.screenconnect.com&p=443&s=35ccad11-d68b-4ebe-bee1-01cd060da88d&k=BgIAAACkAABSU0ExAAgAAAEAAQBpfb7QjKuA9X3MCcsURMe973hton4y3Sf6f%2bLe9%2flHdWhDmJgeBGv9WpW6a69tuZMpsA%2fY9czVzG9vYYMyhJM8vu5DtXdtMxk43oM21PSSG8nVcZXMlcwPn4hzqCdUUjnHtyXXrwQ7cfsjdeJ6NP%2bHtvZKOYyHOf7lLuAsFCwpz1t8E9%2b2oVIO3oCE8tt%2fd2uHttzRfDGTAcm6v3xWaBxQbgBk9HxIoL3rJu7fpLXhlqugWTlJy%2fYvsJX6F3jvSCTz0x0OX8%2b5CsHxWLmW8y1zedBpY6M8mUqoUW%2feoFKhqTSg1FS8agMXikgaRkdli93ZqRPURacFDys9adXl8PPZ&r=&i=" "1"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:740
  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.ClientService.exe
    "C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-xvhd3k-relay.screenconnect.com&p=443&s=35ccad11-d68b-4ebe-bee1-01cd060da88d&k=BgIAAACkAABSU0ExAAgAAAEAAQBpfb7QjKuA9X3MCcsURMe973hton4y3Sf6f%2bLe9%2flHdWhDmJgeBGv9WpW6a69tuZMpsA%2fY9czVzG9vYYMyhJM8vu5DtXdtMxk43oM21PSSG8nVcZXMlcwPn4hzqCdUUjnHtyXXrwQ7cfsjdeJ6NP%2bHtvZKOYyHOf7lLuAsFCwpz1t8E9%2b2oVIO3oCE8tt%2fd2uHttzRfDGTAcm6v3xWaBxQbgBk9HxIoL3rJu7fpLXhlqugWTlJy%2fYvsJX6F3jvSCTz0x0OX8%2b5CsHxWLmW8y1zedBpY6M8mUqoUW%2feoFKhqTSg1FS8agMXikgaRkdli93ZqRPURacFDys9adXl8PPZ&r=&i=" "1"
    1⤵
    • Sets service image path in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe
      "C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe" "RunRole" "e22dcf02-d9f2-4a03-92f5-1b5973e6a85f" "User"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2124
    • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe
      "C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\ScreenConnect.WindowsClient.exe" "RunRole" "739e8ea5-1c15-4c95-bf89-6ef31d92bc4e" "System"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Checks processor information in registry
      • Modifies data under HKEY_USERS
      PID:3404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre...exe_25b0fbb6ef7eb094_0018.0001_none_9783907e4366b7cd.cdf-ms

    Filesize

    24KB

    MD5

    dd24cc8f2cef61bd9327bae12cd2c380

    SHA1

    fc05e569b26f11ccfb699798582222cb65d6ab40

    SHA256

    04f4b2c70c5c07e4b8da1c1748cd473879bafa38d0845bd8d6d777c69b374be9

    SHA512

    cda0c4a3aee29473a9465f2e922bb5278de9b98999ab00e381d6c84884444b408201f639706e9bfc8d55a7d496dbc1352ebc39630eed63a780ab41f1982cd165

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..core_4b14c015c87c1ad8_0018.0001_none_52ecf209ff31b941.cdf-ms

    Filesize

    3KB

    MD5

    ee5fe508cb64b4026d9dedd8497d9a5c

    SHA1

    77fd77f7919076fd99ada1889a94f3194cebb1bf

    SHA256

    b9df2d382ce28b251e4c7b49e25c4669157944552119949c4cf071f8735450b2

    SHA512

    4ef50edfa402122ac2723603385433af1fd2d15f352e60f5c7c5f44e897df2431f29b2a76f232c0f4806fcc983259e36678e596ab5e6bb772490c5d0617e34fb

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..dows_4b14c015c87c1ad8_0018.0001_none_5764c9eb3b7fcc71.cdf-ms

    Filesize

    5KB

    MD5

    9574f069d31f6df245b641f14056e017

    SHA1

    fd032c3e6599bbcc26e3463d1b7e435eaf9a49dc

    SHA256

    f98bbbad95b02f7a2637b37a859a328ede7ff386f3c1f55b0f548ac4010fe013

    SHA512

    1cf42b18b42a8ba4d8af6e5e57e2769c6412350c241593cc8addb9c6029eca1eeeb0ac04c9666b5638a75b4ce75597ff09fd11be90a9774d863d713fef824efe

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_b433cb2de8159c4e.cdf-ms

    Filesize

    6KB

    MD5

    5d6cdd95a78e0e62088e98e03e1d037f

    SHA1

    9a29f5c7531130b8cecb4f0b78ffddfd3fbe0552

    SHA256

    4789bc673f8eb537df33d7b33296c83eb9ad9c10c44f454a6a64ea864a446041

    SHA512

    d1fdd6557ccab8b470cf917635a141e79ca36f65fd2d997cde24ed4dcc5b4754dca7c7fa1220bd5c140bd0de1b10e771b429fc72313a21515460a79f1775995f

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..ient_4b14c015c87c1ad8_0018.0001_none_e9024fdc0e810f45.cdf-ms

    Filesize

    2KB

    MD5

    ecb672c085bd3de9bd3941e33f8eb3bd

    SHA1

    541ef4751cccde7bcfbba14dd727997ebcfead98

    SHA256

    a9a130e2f5c8c9eec49f434ca1240b54409a858908379a3dfc2355aa6988cacd

    SHA512

    32c794b66eed163108712b8bc620c524ab5d6e9e9a9a4550e6bd0e3698e90b825d91434172da42860c225ba597edcda663d4d85258e5ece3299a939e50e0b018

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..tion_25b0fbb6ef7eb094_0018.0001_none_3877ca14a9e581b0.cdf-ms

    Filesize

    14KB

    MD5

    840eb94cde4f5e522b8ebe7e700c02f6

    SHA1

    eb7168edf45ad7a98cf3e4042aa21f7473ca7972

    SHA256

    9beaf7f14630cb5091546a472cb103353efe6d29799f5c429a340c00bbffc711

    SHA512

    857ee63c3be7911765cdc4d481fb8d239832e906c2524848ed003b7bc6a5b12ed506abc7ce7827499e6058226a0fdf9d6e8e7012418a28a88acdd0caad4faf9d

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\manifests\scre..vice_4b14c015c87c1ad8_0018.0001_none_04408a5294f11cac.cdf-ms

    Filesize

    4KB

    MD5

    7e61ac7993567837f0bf225032f8ca6e

    SHA1

    4b45a77c4959102a511cebdccb70676437b0a988

    SHA256

    7579485315dc36a8a887f4e551aba0b0b559bd47403890898b9b6aef734bd528

    SHA512

    4d14ba3097cd006a4a5af7041ddc9976ac95b8b01dcd792a4b0f085c9bd07ac00090411db15fe1aa8b9fc23668fff6788b24b119290220d1522ed9ebdea59ca1

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre...exe_25b0fbb6ef7eb094_0018.0001_none_9783907e4366b7cd\ScreenConnect.ClientService.exe

    Filesize

    93KB

    MD5

    826314610d9e854477b08666330940b5

    SHA1

    65b601d60042cf6f263cd38ac2f63cd06a9de159

    SHA256

    e54963cb63c9e471e2d3d59e55e4c7aeedccafdd616b99c4b3af230608e4bcc9

    SHA512

    5c01d6de25d60eb6b1eb72b7fa6401b71153c2a740c41aeeb2bd302cc4e80f5c1a388b647ee16da196705ac8edbc60abda49b9a531517bb85959cc018fb5d1fb

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\Client.en-US.resources

    Filesize

    48KB

    MD5

    511202ed0ba32d7f09eab394c917d067

    SHA1

    dbd611720fd1730198f72dec09e8e23e6d6488f8

    SHA256

    f8398a235b29af6569f2b116e0299b95512d042f5a4cd38c98c79729a5fbdb9d

    SHA512

    f04b08938f3ebf8cfa1a1157a94da3ae4699494bdce566619afa5b13a8f6ebe556d522c064e5ea02e343b59a489343f77e3ea2bb2ea390aae35a626f41cadc77

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\Client.resources

    Filesize

    26KB

    MD5

    5cd580b22da0c33ec6730b10a6c74932

    SHA1

    0b6bded7936178d80841b289769c6ff0c8eead2d

    SHA256

    de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

    SHA512

    c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

  • C:\Users\Admin\AppData\Local\Apps\2.0\XJOCKMCC.LM9\KBZN78T1.OT0\scre..tion_25b0fbb6ef7eb094_0018.0001_6016f41330c0a693\user.config

    Filesize

    587B

    MD5

    3e10208ff2eef9679d6e7db06b526691

    SHA1

    8b70c7ed7f7c730da1e050810062d4d054b13afd

    SHA256

    b210d67584d8f9c94bcd411fc1a32015e984cde1247f57527850490cc3abb4c4

    SHA512

    1d08ad1e75b4f82bb9cc63006cadb08f01d43d2e5d8ad03216320002bcadec15b3b49b69d2b66ae31726f0152f3efe245b0fe15c29014acc6f780b551a461465

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

    Filesize

    1KB

    MD5

    efd934620fb989581d19963e3fbb6d58

    SHA1

    63b103bb53e254a999eb842ef90462f208e20162

    SHA256

    3af88293fb19b74f43b351ed49ccc031727f389c7ca509eece181da5763a492f

    SHA512

    6061817547280c5cf5d2cd50fa76b92aa9c1cfc433f17d6b545192e1098281394562adb773931cecd15d1b594d3b9c03855b70682fe6c54df5912c185b54670b

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Client.dll

    Filesize

    192KB

    MD5

    f311a8217807f6c85817058522e234a2

    SHA1

    ceb586b3cf7b0ee86ea8242d9b3d8641c9444cd1

    SHA256

    032450cd037d9e0eec49e0b4ff44073d539775633fb4af6fd76d4cb19116aac9

    SHA512

    5ef1f6b595af9cc7f788680ac3f3e9b8b12baafe734a8e2f675baa57f5ef2c69806492911bda54f11c5a4b8cf3cced82cfc6e0ecf214e45083e9f9aa6a83d039

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Client.dll.genman

    Filesize

    1KB

    MD5

    1d12540663f1fb2301012661bf6acd00

    SHA1

    4ba4abc78378f9bf0a31fc9bf35103137d3ec42d

    SHA256

    8f8c299ab74f38ddf6c041a37d56020e607b94a4ce6fa3b5e16f9c70e35c6798

    SHA512

    216f218785daff94173ab1448a1e4809075b6912b97608351c4048bee0df8ede12e520ecff7af1817fbe3d38ea075da6581226463fa3c58635797422b4e3fef4

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.ClientService.dll

    Filesize

    66KB

    MD5

    3ff07c657068430ef677181d1f67066d

    SHA1

    37f7e9d2ccb65b4ea2733393015635ea1b43393e

    SHA256

    d17cf13612039f6a4ca17b56c32399ccbe279a499c8d2f8e910b1fd6f4fff2b1

    SHA512

    5552208b5649ceac2b32510ea12d409a85643d27e6a9c335e049195a507ae9211aee77574376fde059747998b60ae041e191635a67c3461585aba7f9b877b095

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.ClientService.dll.genman

    Filesize

    1KB

    MD5

    a7bfcd734995f2fe641c5ebd637c59ae

    SHA1

    92e7258a10bec08ff63385331a5d78f3459cfa64

    SHA256

    1ea7f246f1325ccf9898118f7b1eefca497ac4f7e1b6b1f90ebfe31ac6cc40f8

    SHA512

    981de1dd6fbd686303dfd2efb025a689d459b0f479c0abde9f8ff553e8c07349e95bf2632f96b2f50b0bc9148de806a5a6638e65206580f37a766efbd92f59d6

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Core.dll

    Filesize

    533KB

    MD5

    3b1ba4bebefdc8a95b0f2f0b4e50c527

    SHA1

    15551d2e8bfb829f3a96d161b43de820c0d417ce

    SHA256

    a843b3a4549c43ef5bd8470cacf5d2f0f3b3c8110441fcc10079facc7db3de29

    SHA512

    f41595586cd5330537f5f02b392310b028e36f618e2583d125430ecd103ebbf6d2cf6befcfb1b32279eeb9fd7ef018f49131e3906fb61bc324da85d93a9a18c7

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Core.dll.genman

    Filesize

    1KB

    MD5

    12963223cb801dd760d52e26bf1c06e3

    SHA1

    4fe312faea4edc5c53aadb85f7e976bf506e34a3

    SHA256

    df4cc32f0279bab39a5fb939227e1b30c5a237d461dd240168030b108143ca3b

    SHA512

    f3226d37872495aacb9749de550f422331f0c997e3b1ad169bd56948395d7894429783c5e59315371441822d0ebc4e403ac3d62f41dd53611582e17ee87b1544

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Windows.dll

    Filesize

    1.6MB

    MD5

    d196174cf03f86c8776e717f07d5d19f

    SHA1

    bbd2c6a59229b3e4ec7c5742248f3f55a61dd216

    SHA256

    a1edd67a131505cc84d76601474c53874a56b5437b835838e4a866e20f6cd264

    SHA512

    cf4d159bcb42a1a7ea03f8877736cace109ae79998906b9178c74f7a9b63030cddc2bc94ef6c5f718e99c2d0039cf3589f8c4f2bf5b67db94b3b96d2c988b45b

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.Windows.dll.genman

    Filesize

    1KB

    MD5

    85d7a5adb4c9afce8b3121e95ee9fe86

    SHA1

    2c671bccefc8269429f2a7fd69ae6054456058a8

    SHA256

    c7af60c3d92876b1949f5f2e5a038d9a06c26a00b39a4efa3a88ffeadb9218cf

    SHA512

    4353cfe464ca168c0c3889dea155d55dbc4b587eb5065d532921e7d7066db92e73da04fadf71e69aafcea50fd821ef513700180d646ae59d035b9236db583a36

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsBackstageShell.exe

    Filesize

    59KB

    MD5

    c1f206b0c0058dc4cc7b9f3125f61e20

    SHA1

    541a1564799da24c48be188888f306381ef23728

    SHA256

    94e711fd79fc81084fb222ff927893669ddba9890c6622dd4981fb5766438a63

    SHA512

    6163a255daf2dc9ec14391f31ca09a466b7b33662f2215b9941add59b46cd1177e9240d2b1c42e41ea0ac9ae2efa03f6a2d3e80497d32f6e505b813ed66da2ad

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsClient.exe

    Filesize

    584KB

    MD5

    ab5fa8d90645878d587f386d0e276c02

    SHA1

    a602a20735a1104851f293965f1fe4ab678bf627

    SHA256

    316bbf433f1f803d113adf060c528ccc636656cee26b90f5fea011c1c73c7d16

    SHA512

    a181e23c8fa01bc1d9f0f9f95a5ca6112e2b61f34f4c1da696d3ccabbbd942bcc81a3f4a60921328a6020d28aed8711c22be33761cb685921d50fea8b1d7b986

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsClient.exe.config

    Filesize

    266B

    MD5

    728175e20ffbceb46760bb5e1112f38b

    SHA1

    2421add1f3c9c5ed9c80b339881d08ab10b340e3

    SHA256

    87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

    SHA512

    fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsClient.exe.genman

    Filesize

    2KB

    MD5

    9213f10454e76c8ef6bed0f67743171d

    SHA1

    df15bae2396a52f7843bf39624e165f521ffd830

    SHA256

    d53f371ff1adec304daa458cb58f4e18bb75449150bf568aa2642d8684f3a550

    SHA512

    01af85e53e347843cbbd225b05b9667e54eed70e4cf2ca81904e8dadd6bc088059a5e8508003e86413dfa7435a5c17e59a954829c6ec0fc6491478ea03533680

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsClient.exe.manifest

    Filesize

    17KB

    MD5

    c2fa5a6421a4cba85b0f0217b5903da4

    SHA1

    d1fc53bc44d76f865ff1c85e216ec94c963ee0e9

    SHA256

    71b54f811b26371d90514a0d8145075f8b6ea96682150f6f1fb6cf80e191d98d

    SHA512

    218d94966fe59d9c68164d515b9bd17d049b011a5f8e2b9fd375ef36df142954346200d229968cad6b5057d7af892ab31b9ec092fc4388d0a1c2ac8a32b9aa78

  • C:\Users\Admin\AppData\Local\Temp\Deployment\20LWBRE8.WD4\7VH3E4AG.DH1\ScreenConnect.WindowsFileManager.exe

    Filesize

    79KB

    MD5

    2c158a30f7274e1931860e434de808a2

    SHA1

    f649a56c9a598117d68cc6999627a937305db6c7

    SHA256

    b623e67bea356c1793f3c921c5838719ed8b879efcd966e97ee753498b1618b5

    SHA512

    14bd481bf183cacae210eb06aff04870c6d53d3e7f095ea7f96a7ea227167e6a38eb20c9ede9f36bf23d02c36182a463239b3a835d0bd28e8666c378f76fe64d

  • C:\Users\Admin\AppData\Local\Temp\Deployment\BJE4HAO2.VLW\YGDBZZR9.72T.application

    Filesize

    111KB

    MD5

    63bde9bfd040bb26709d5841388f6bd7

    SHA1

    72e21ab0803409de6ae65d1dfd97bb46528ed91c

    SHA256

    a74a8522a051c423f87db3e783b6691c66651d9f14f69a3662ac1a1f6a6eaaf0

    SHA512

    a97ff8c70a592da75c65ef1fa5e2faefe813b49af7b13590105edc6f025d12d9a6e5d627f52d9b78c49155b0f118ea38e2dd12c3c982e21b130bc1ae1173dcd6

  • memory/740-370-0x0000000000BF0000-0x0000000000C08000-memory.dmp

    Filesize

    96KB

  • memory/740-375-0x0000000004C00000-0x0000000004C8C000-memory.dmp

    Filesize

    560KB

  • memory/2124-403-0x0000000002670000-0x0000000002688000-memory.dmp

    Filesize

    96KB

  • memory/2124-413-0x000000001BE00000-0x000000001BFA9000-memory.dmp

    Filesize

    1.7MB

  • memory/2620-346-0x0000000000B80000-0x0000000000C16000-memory.dmp

    Filesize

    600KB

  • memory/3404-410-0x000000001C660000-0x000000001C809000-memory.dmp

    Filesize

    1.7MB

  • memory/4392-54-0x000001DEFB770000-0x000001DEFB91A000-memory.dmp

    Filesize

    1.7MB

  • memory/4392-7-0x000001DEFAD40000-0x000001DEFAD90000-memory.dmp

    Filesize

    320KB

  • memory/4392-345-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-60-0x000001DEFAD10000-0x000001DEFAD28000-memory.dmp

    Filesize

    96KB

  • memory/4392-0-0x00007FF9C4903000-0x00007FF9C4905000-memory.dmp

    Filesize

    8KB

  • memory/4392-48-0x000001DEFADD0000-0x000001DEFAE06000-memory.dmp

    Filesize

    216KB

  • memory/4392-382-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-1-0x000001DEF57F0000-0x000001DEF57F8000-memory.dmp

    Filesize

    32KB

  • memory/4392-411-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-2-0x000001DEF7D80000-0x000001DEF7F06000-memory.dmp

    Filesize

    1.5MB

  • memory/4392-3-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-4-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-395-0x00007FF9C4900000-0x00007FF9C53C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4392-396-0x000001DEF8100000-0x000001DEF82A9000-memory.dmp

    Filesize

    1.7MB

  • memory/4392-42-0x000001DEFB4B0000-0x000001DEFB546000-memory.dmp

    Filesize

    600KB

  • memory/4392-36-0x000001DEFB4A0000-0x000001DEFB52C000-memory.dmp

    Filesize

    560KB

  • memory/4392-336-0x00007FF9C4903000-0x00007FF9C4905000-memory.dmp

    Filesize

    8KB

  • memory/4692-394-0x0000000003C40000-0x0000000003CD2000-memory.dmp

    Filesize

    584KB

  • memory/4692-393-0x00000000039B0000-0x00000000039E6000-memory.dmp

    Filesize

    216KB

  • memory/4692-390-0x0000000003960000-0x00000000039B0000-memory.dmp

    Filesize

    320KB

  • memory/4692-388-0x00000000041F0000-0x0000000004794000-memory.dmp

    Filesize

    5.6MB

  • memory/4692-387-0x0000000003A90000-0x0000000003C3A000-memory.dmp

    Filesize

    1.7MB