Edit tour

Windows Analysis Report
bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe

Overview

General Information

Sample name:	bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe
Analysis ID:	1654099
MD5:	9a8228b84352a3138c09493077974b01
SHA1:	c848f6f7e0ebce7d6b85679d337b2ae6f19bd684
SHA256:	449b25e8a0010b4ac48038f16f120170b50b763cb8bd528dbb83a2e0d57ff1ac
Infos:

Detection

Score:	51
Range:	0 - 100
Confidence:	100%

Compliance

Score:	46
Range:	0 - 100

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)

Deletes itself after installation

Enables network access during safeboot for specific services

Installs new ROOT certificates

Joe Sandbox ML detected suspicious sample

Possible COM Object hijacking

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe (PID: 7372 cmdline: "C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe" MD5: 9A8228B84352A3138C09493077974B01)

cmd.exe (PID: 7408 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsh56ED.tmpspinner-$SPIN_INSTANCE\start.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

spinner.exe (PID: 7460 cmdline: "C:\Users\user\AppData\Local\Temp\nsh56ED.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON MD5: F75B0280498302548ADC5DC10762A2A0)

bomgar-scc.exe (PID: 7512 cmdline: "C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe" -install1 "C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop" MD5: E871884A7AC0B31081638A240A03BA4E)

bomgar-scc.exe (PID: 7540 cmdline: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe -install2 C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\ C:\ProgramData\bomgar-scc-0x67ec57df\ --installer-pwd C:\Users\user\Desktop MD5: E871884A7AC0B31081638A240A03BA4E)

bomgar-scc.exe (PID: 7704 cmdline: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe -proxydetect MD5: E871884A7AC0B31081638A240A03BA4E)

bomgar-scc.exe (PID: 7804 cmdline: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe -elevate silent MD5: E871884A7AC0B31081638A240A03BA4E)

svchost.exe (PID: 7604 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

bomgar-scc.exe (PID: 7840 cmdline: "C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe" -service:run MD5: E871884A7AC0B31081638A240A03BA4E)

bomgar-scc.exe (PID: 8004 cmdline: "C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe" -drone MD5: E871884A7AC0B31081638A240A03BA4E)

svchost.exe (PID: 8048 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

SgrmBroker.exe (PID: 8084 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)

svchost.exe (PID: 8124 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 8152 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 7216 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

MpCmdRun.exe (PID: 5860 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)

conhost.exe (PID: 6132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: cp, EventID: 13, EventType: SetValue, Image: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe, ProcessId: 7840, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{224add2f-4e02-4bf7-b434-c72d4a3fe0f2}\(Default)

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7604, ProcessName: svchost.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-01T23:17:27.301615+0200	2803305	3	Unknown Traffic	192.168.2.4	49725	3.233.108.128	443	TCP

Joe Sandbox Signatures

• AV Detection
• Compliance
• Spreading
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection
• Lowering of HIPS / PFW / Operating System Security Settings
• Stealing of Sensitive Information

Click to jump to signature section

Show All Signature Results

AV Detection

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Neural Call Log Analysis: 87.1%

Compliance

Uses 32bit PE files

Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe

Static PE information: certificate valid

Binary contains paths to debug symbols

Source:	Binary string: cp-x64.pdb source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: embedhook-x64.pdb source: bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239662146.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245371538.0000020D31326000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bomgar-scc-x64.pdbe source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000000.1180913298.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000002.1198005578.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000000.1192599137.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000002.1254315960.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1210768995.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1237279844.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1241981659.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1253370616.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000002.3028237608.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000000.1247234440.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: embedhook-x86.pdb source: bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x86.pdb source: bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239310690.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245062425.0000020D31324000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bomgar-scc-x64.pdb source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000000.1180913298.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000002.1198005578.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000000.1192599137.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000002.1254315960.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1210768995.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1237279844.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1241981659.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1253370616.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000002.3028237608.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000000.1247234440.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x64.pdb source: bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1244921389.0000020D31324000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: spinner-x64.pdb source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, spinner.exe, 00000003.00000000.1166233416.00007FF77B6FD000.00000002.00000001.01000000.00000007.sdmp, spinner.exe, 00000003.00000002.1281719692.00007FF77B6FD000.00000002.00000001.01000000.00000007.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245735423.0000020D3131C000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\nsh56ED.tmpspinner-$SPIN_INSTANCE\	Jump to behavior

Networking

Enables network access during safeboot for specific services

Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe

Registry value created: NULL Service

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /?c=fiservatlas&v=22.2.2&a=x86_64&g=8.18.18.20&i=scc&O=337118209&o=10.0.19045&r=1d8542da51e0a5b20954e0a324023846367e17cb&s=1714082&t=Windows%2010%20Pro%20%2822H2%29 HTTP/1.0Host: license.bomgar.com
Source: global traffic	HTTP traffic detected: GET /get_rdf?comp=sdcust&gskey=7f1bee431c9446aece42dd5a98405120 HTTP/1.0

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 3.233.108.128 3.233.108.128

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49725 -> 3.233.108.128:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?c=fiservatlas&v=22.2.2&a=x86_64&g=8.18.18.20&i=scc&O=337118209&o=10.0.19045&r=1d8542da51e0a5b20954e0a324023846367e17cb&s=1714082&t=Windows%2010%20Pro%20%2822H2%29 HTTP/1.0Host: license.bomgar.com
Source: global traffic	HTTP traffic detected: GET /get_rdf?comp=sdcust&gskey=7f1bee431c9446aece42dd5a98405120 HTTP/1.0

Source: global traffic	DNS traffic detected: DNS query: start.fiservcorp.net
Source: global traffic	DNS traffic detected: DNS query: start.remoteservices.fiserv.com
Source: global traffic	DNS traffic detected: DNS query: license.bomgar.com

Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: bomgar-scc.exe, 00000008.00000002.1251189095.0000020D312E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSeE3Wn
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000002.1195680208.00000172A43DD000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194758520.00000172A43D1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194893972.00000172A43DC000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189904226.00000172A4418000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: svchost.exe, 00000006.00000002.2516488341.00000244FDC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2515570510.00000244FDC15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Di
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: bomgar-scc.exe, 00000009.00000002.3027113908.000001DCAD7F5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000009.00000002.3027198709.000001DCADB40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDF17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000000.1180913298.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000002.1198005578.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000000.1192599137.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000002.1254315960.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1210768995.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1237279844.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1241981659.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1253370616.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000002.3028237608.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000000.1247234440.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 0000000A.00000000.1261562131.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://launchwinapp.exemicrosoft-edge:about:blank
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000000.1157672198.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245522840.0000020D3131C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000000.1157672198.0000000000409000.00000008.00000001.01000000.00000003.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245522840.0000020D3131C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: bomgar-scc.exe, 00000008.00000002.1251189095.0000020D3130B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.c
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000002.1195680208.00000172A43DD000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194758520.00000172A43D1000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194893972.00000172A43DC000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189904226.00000172A4418000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net02
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: bomgar-scc.exe, 0000000A.00000003.1279391304.00000226FFB3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qt.digia.com/
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000000.1180913298.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000002.1198005578.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000000.1192599137.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000002.1254315960.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5D5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000000.1210768995.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5B3000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5BD000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1237279844.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1241981659.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1253370616.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000002.3028237608.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000000.1247234440.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 0000000A.00000000.1261562131.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://wpad/wpad.dat
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000000.1180913298.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000004.00000002.1198005578.00007FF65D9A1000.00000002.00000001.01000000.0000000A.sdmp, bomgar-scc.exe, 00000005.00000000.1192599137.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000005.00000002.1254315960.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000000.1210768995.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000007.00000002.1237279844.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000000.1241981659.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000008.00000002.1253370616.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000002.3028237608.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 00000009.00000000.1247234440.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp, bomgar-scc.exe, 0000000A.00000000.1261562131.00007FF7077F1000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://wpad/wpad.datAttempting
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.datver
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185319035.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/rpa03
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE66000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1206975928.00000244FDE1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDEB3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1206975928.00000244FDF17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000006.00000003.1206975928.00000244FDE66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://start.remoteservices.fiserv.com/
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://start.remoteservices.fiserv.com/W
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5D5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000007.00000002.1236527012.000001692B5A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://start.remoteservices.fiserv.com:443
Source: bomgar-scc.exe, 00000009.00000002.3027113908.000001DCAD7F5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000009.00000002.3027198709.000001DCADB40000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 0000000A.00000002.3027050993.00000226800D5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 0000000A.00000002.3028235505.00000226FFBB6000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 0000000A.00000003.1277973254.00000226FDD05000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 0000000A.00000002.3027635396.00000226FDD08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/
Source: bomgar-scc.exe, 00000008.00000002.1250806571.0000020D2F5A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/$
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185487542.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1182805082.00000172A6128000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193565379.00000172A6121000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195897846.00000172A5DD5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1186505216.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1193613924.00000172A4435000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1242498346.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239537509.000001DBBE56B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239074979.000001DBBE569000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239104317.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/0
Source: bomgar-scc.exe, 00000005.00000002.1252995011.000001DBBE530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/7
Source: bomgar-scc.exe, 00000005.00000002.1251186616.000001DBBC7EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/9
Source: bomgar-scc.exe, 00000009.00000002.3026557034.000001DCAD22D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/B
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/D
Source: bomgar-scc.exe, 00000009.00000002.3026557034.000001DCAD22D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/M
Source: bomgar-scc.exe, 0000000A.00000002.3027050993.00000226800D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/W
Source: bomgar-scc.exe, 00000004.00000003.1193994950.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000002.1195739591.00000172A441F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1194068173.00000172A441F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/d
Source: bomgar-scc.exe, 00000005.00000002.1251186616.000001DBBC7EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/m
Source: bomgar-scc.exe, 00000007.00000002.1236527012.000001692B561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/o
Source: bomgar-scc.exe, 00000005.00000003.1242519732.000001DBBC85C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/q
Source: bomgar-scc.exe, 0000000A.00000002.3027050993.00000226800D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/s
Source: bomgar-scc.exe, 00000005.00000002.1252995011.000001DBBE530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/t
Source: bomgar-scc.exe, 00000008.00000003.1249865166.0000020D2F5EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.beyondtrust.com/u
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1207381835.0000000000409000.00000004.00000001.01000000.00000003.sdmp, bomgar-scc.exe, 00000004.00000003.1187311591.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1189783327.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1188214475.00000172A441B000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000004.00000003.1185292608.00000172A441C000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1238712052.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239171825.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239211050.000001DBBE567000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240041505.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240175406.000001DBBC85E000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239797364.000001DBBE56D000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1240092433.000001DBBE571000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000003.1239884286.000001DBBE56F000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000005.00000002.1252124476.000001DBBE1E5000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245582173.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245863914.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245657174.0000020D2F604000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000002.1251115896.0000020D30F95000.00000004.00000020.00020000.00000000.sdmp, bomgar-scc.exe, 00000008.00000003.1245461625.0000020D31327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa0

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

System Summary

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Sample file is different than original file name gathered from version info

Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000003.1160346964.00000000006DF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamespinner.exe> vs bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe
Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe, 00000000.00000002.1208693705.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecp.dll\ vs bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe

Uses 32bit PE files

Source: bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal51.spyw.evad.winEXE@27/113@50/3

Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe

File created: C:\Users\user\AppData\Local\007BCF33-BCC5-4ADF-8AF3-9068ED3C8E96.txt

Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x67ec57df_secure.ini
Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x67ec57df_settings-cc.ini
Source: C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsh56ED.tmpb_proxy-settings-cc.ini
Source: C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsh56ED.tmpb_settings.ini
Source: C:\Users\user\Desktop\bomgar-scc-w05c301wi6xxghi5dggfzx5xg8yy7zdegj7i8jc40jc90.exe	Mutant created: \Sessions\1\BaseNamedObjects\BF13227E-B446-4E12-913E-7E5FBBEE54F6
Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x67ec57df_settings.ini
Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_ProgramData_bomgar-scc-0x67ec57df_proxy-settings-cc.ini
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6132:120:WilError_03
Source: C:\ProgramData\bomgar-scc-0x67ec57df\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Roaming_Mozilla_Firefox_profiles.ini
Source: C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsh56ED.tmpb_settings-cc.ini
Source: C:\Users\user\AppData\Local\Temp\nsh56ED.tmpb\bomgar-scc.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\BOMGAR-INI-LOCK:C:_Users_user_AppData_Local_Temp_nsh56ED.tmpb_secure.ini