Click to jump to signature section
Source: | Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbBB source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Client.pdbTV source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1821702084.00000000003D1000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.0000000000854000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\symbols\exe\ScreenConnect.WindowsClient.pdbn Fil source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\ScreenConnect.WindowsClient.pdbon source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.0000000000854000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\ScreenConnect.WindowsClient.pdbgMh source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ScreenConnect.WindowsClient.pdbo source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe |
Source: | Binary string: C:\Users\user\Desktop\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1821702084.00000000003D1000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: ws\ScreenConnect.WindowsClient.pdbpdbent.pdb\jone source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\exe\ScreenConnect.WindowsClient.pdbommon source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\ScreenConnect.WindowsClient.PDB/N source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://ocsp.digicert.com0 |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://ocsp.digicert.com0A |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://ocsp.digicert.com0X |
Source: Amcache.hve.1.dr | String found in binary or memory: http://upx.sf.net |
Source: ScreenConnect.WindowsClient.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: unknown | Process created: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe "C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe" | |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe dw20.exe -x -s 1232 | |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe dw20.exe -x -s 1232 | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: riched20.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: msls31.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: | Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbBB source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Client.pdbTV source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1821702084.00000000003D1000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.0000000000854000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\symbols\exe\ScreenConnect.WindowsClient.pdbn Fil source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\ScreenConnect.WindowsClient.pdbon source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.0000000000854000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\ScreenConnect.WindowsClient.pdbgMh source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ScreenConnect.WindowsClient.pdbo source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe |
Source: | Binary string: C:\Users\user\Desktop\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1821702084.00000000003D1000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: ws\ScreenConnect.WindowsClient.pdbpdbent.pdb\jone source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\exe\ScreenConnect.WindowsClient.pdbommon source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822708751.0000000000D76000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\ScreenConnect.WindowsClient.PDB/N source: ScreenConnect.WindowsClient.exe, 00000000.00000002.1822245852.000000000082B000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ScreenConnect.WindowsClient.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.1.dr | Binary or memory string: VMware |
Source: dw20.exe, 00000001.00000003.1820063002.0000000000681000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 00000001.00000003.1819711424.000000000067A000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 00000001.00000002.1822387679.0000000000682000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW*l |
Source: Amcache.hve.1.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.1.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.1.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.1.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.1.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.1.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.1.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: dw20.exe, 00000001.00000003.1820063002.0000000000681000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 00000001.00000003.1819711424.000000000067A000.00000004.00000020.00020000.00000000.sdmp, dw20.exe, 00000001.00000002.1822387679.0000000000682000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.1.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.1.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.1.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.1.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.1.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.1.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.1.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.1.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.1.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.1.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.1.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.1.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.1.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.1.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.1.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.1.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.1.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.1.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.1.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.1.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: dw20.exe, 00000001.00000002.1822210616.0000000000614000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW }h%SystemRoot%\system32\mswsock.dll`Jd |
Source: Amcache.hve.1.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: Yara match | File source: ScreenConnect.WindowsClient.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.ScreenConnect.WindowsClient.exe.200000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000000.1646016569.0000000000202000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 6852, type: MEMORYSTR |