Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Facture_160087511.html
|
HTML document, ASCII text, with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.ClientService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Windows.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsBackstageShell.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsFileManager.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\Downloads\ScreenConnect.Client.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Downloads\Unconfirmed 748427.crdownload
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Downloads\a859b993-1a6c-433e-adfe-3c7effaf6efb.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
|
Certificate, Version=3
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
|
data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\5yliz2fi.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\Client.en-US.resources
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\Client.resources
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\guhv21ht.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\iil0umr4.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\k2d0ckb5.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\misekgib.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\oqecrn00.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\pz05t2zv.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\user.config
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\xd1yuia0.newcfg
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\ACGAD3OU.log
|
Unicode text, UTF-16, little-endian text, with very long lines (649), with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Client.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Core.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Windows.dll.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe.genman
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Deployment\OOG971H4.9P9\Y7E97099.YRX.application
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:42 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
There are 47 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Desktop/Facture_160087511.html
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
server-ovh5023507-web.screenconnect.com
|
158.69.9.165
|
||
server-ovh5023507-relay.screenconnect.com
|
148.113.163.9
|
||
svacamp.com
|
163.44.198.43
|
||
www.google.com
|
142.251.167.106
|
||
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
instance-tboidi-relay.screenconnect.com
|
unknown
|
||
barmaxminerals.screenconnect.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
72.21.81.240
|
unknown
|
United States
|
||
23.52.162.98
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
142.251.111.84
|
unknown
|
United States
|
||
163.44.198.43
|
svacamp.com
|
Singapore
|
||
192.168.2.17
|
unknown
|
unknown
|
||
142.251.163.113
|
unknown
|
United States
|
||
142.251.167.106
|
www.google.com
|
United States
|
||
172.253.63.113
|
unknown
|
United States
|
||
142.251.167.94
|
unknown
|
United States
|
||
192.229.211.108
|
fp2e7a.wpc.phicdn.net
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
20.190.190.129
|
unknown
|
United States
|
||
142.250.31.94
|
unknown
|
United States
|
||
158.69.9.165
|
server-ovh5023507-web.screenconnect.com
|
Canada
|
||
148.113.163.9
|
server-ovh5023507-relay.screenconnect.com
|
United States
|
||
104.96.221.75
|
unknown
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
There are 8 hidden IPs, click here to show them.