Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
getscreen-156413884-x86.exe

Overview

General Information

Sample name:getscreen-156413884-x86.exe
Analysis ID:1492032
MD5:2e9de68641b502474e5ba330fe5396bb
SHA1:a7a07fcc8643fec59e4684aaa66c64c3232e693f
SHA256:f942c4a0313d288bf7a48aa6438ddcec9fbcccd0e8c0107b61b233a0a823731a
Tags:exe
Infos:

Detection

Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Modifies Internet Explorer zonemap settings
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to simulate mouse events
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample file is different than original file name gathered from version info
Sigma detected: IE Change Domain Zone
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • getscreen-156413884-x86.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\getscreen-156413884-x86.exe" MD5: 2E9DE68641B502474E5BA330FE5396BB)
    • getscreen-156413884-x86.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -gpipe \\.\pipe\PCommand97jozacdivvdywhof -gui MD5: 2E9DE68641B502474E5BA330FE5396BB)
    • getscreen-156413884-x86.exe (PID: 7512 cmdline: "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -cpipe \\.\pipe\PCommand96hbjpbtabxviuvrw -cmem 0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm -child MD5: 2E9DE68641B502474E5BA330FE5396BB)
  • apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe (PID: 7332 cmdline: "C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe" -elevate \\.\pipe\elevateGS512apiirpcewshyuslqylilsjzmfgzdtrv MD5: 2E9DE68641B502474E5BA330FE5396BB)
  • svchost.exe (PID: 7476 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: IE Change Domain Zone
Source: Registry Key setAuthor: frack113: Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\getscreen-156413884-x86.exe, ProcessId: 7288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me\http
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, ProcessId: 7476, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0137612F crypto_rsa_public_encrypt,0_2_0137612F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01452165 freerdp_assistance_encrypt_pass_stub,0_2_01452165
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01376105 crypto_rsa_private_encrypt,0_2_01376105
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0137590A crypto_cert_get_email,0_2_0137590A
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375966 crypto_cert_get_public_key,0_2_01375966
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375831 crypto_cert_free,0_2_01375831
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0137584E crypto_cert_get_dns_names,0_2_0137584E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01387B3F crypto_base64_encode,0_2_01387B3F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,0_2_01375B39
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375B24 crypto_cert_issuer,0_2_01375B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01387B24 crypto_base64_decode,0_2_01387B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375A65 crypto_cert_get_upn,0_2_01375A65
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375A61 crypto_cert_get_signature_alg,0_2_01375A61
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375ABB crypto_cert_hash,0_2_01375ABB
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375D58 crypto_cert_read,0_2_01375D58
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375DA5 crypto_cert_subject_common_name,0_2_01375DA5
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375D97 crypto_cert_subject_alt_name,0_2_01375D97
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375D82 crypto_cert_subject,0_2_01375D82
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_013CE437 _EncryptMessage@16,InitOnceExecuteOnce,0_2_013CE437
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_013CE42E _DecryptMessage@16,InitOnceExecuteOnce,0_2_013CE42E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375732 crypto_cert_dns_names_free,0_2_01375732
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01383F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,0_2_01383F1C
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0137576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,0_2_0137576E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,0_2_01375782
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,0_2_01375E14
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01452620 freerdp_assistance_get_encrypted_pass_stub,0_2_01452620
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01375ED1 crypto_reverse,0_2_01375ED1
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_0137612F crypto_rsa_public_encrypt,1_2_0137612F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01452165 freerdp_assistance_encrypt_pass_stub,1_2_01452165
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01376105 crypto_rsa_private_encrypt,1_2_01376105
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_0137590A crypto_cert_get_email,1_2_0137590A
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375966 crypto_cert_get_public_key,1_2_01375966
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375831 crypto_cert_free,1_2_01375831
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_0137584E crypto_cert_get_dns_names,1_2_0137584E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01387B3F crypto_base64_encode,1_2_01387B3F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,1_2_01375B39
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375B24 crypto_cert_issuer,1_2_01375B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01387B24 crypto_base64_decode,1_2_01387B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375A65 crypto_cert_get_upn,1_2_01375A65
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375A61 crypto_cert_get_signature_alg,1_2_01375A61
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375ABB crypto_cert_hash,1_2_01375ABB
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375D58 crypto_cert_read,1_2_01375D58
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375DA5 crypto_cert_subject_common_name,1_2_01375DA5
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375D97 crypto_cert_subject_alt_name,1_2_01375D97
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375D82 crypto_cert_subject,1_2_01375D82
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_013CE437 _EncryptMessage@16,InitOnceExecuteOnce,1_2_013CE437
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_013CE42E _DecryptMessage@16,InitOnceExecuteOnce,1_2_013CE42E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375732 crypto_cert_dns_names_free,1_2_01375732
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01383F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,1_2_01383F1C
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_0137576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,1_2_0137576E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,1_2_01375782
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,1_2_01375E14
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01452620 freerdp_assistance_get_encrypted_pass_stub,1_2_01452620
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_01375ED1 crypto_reverse,1_2_01375ED1
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5966 crypto_cert_get_public_key,2_2_014E5966
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_015C2165 freerdp_assistance_encrypt_pass_stub,2_2_015C2165
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E590A crypto_cert_get_email,2_2_014E590A
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E6105 crypto_rsa_private_encrypt,2_2_014E6105
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E612F crypto_rsa_public_encrypt,2_2_014E612F
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E584E crypto_cert_get_dns_names,2_2_014E584E
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5831 crypto_cert_free,2_2_014E5831
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5B24 crypto_cert_issuer,2_2_014E5B24
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014F7B24 crypto_base64_decode,2_2_014F7B24
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014F7B3F crypto_base64_encode,2_2_014F7B3F
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,2_2_014E5B39
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5A65 crypto_cert_get_upn,2_2_014E5A65
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5A61 crypto_cert_get_signature_alg,2_2_014E5A61
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5ABB crypto_cert_hash,2_2_014E5ABB
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5D58 crypto_cert_read,2_2_014E5D58
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5D82 crypto_cert_subject,2_2_014E5D82
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5D97 crypto_cert_subject_alt_name,2_2_014E5D97
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5DA5 crypto_cert_subject_common_name,2_2_014E5DA5
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_0153E437 _EncryptMessage@16,InitOnceExecuteOnce,2_2_0153E437
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_0153E42E _DecryptMessage@16,InitOnceExecuteOnce,2_2_0153E42E
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,2_2_014E576E
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014F3F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,2_2_014F3F1C
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5732 crypto_cert_dns_names_free,2_2_014E5732
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,2_2_014E5782
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,2_2_014E5E14
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_015C2620 freerdp_assistance_get_encrypted_pass_stub,2_2_015C2620
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_014E5ED1 crypto_reverse,2_2_014E5ED1
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_0137612F crypto_rsa_public_encrypt,4_2_0137612F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01452165 freerdp_assistance_encrypt_pass_stub,4_2_01452165
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01376105 crypto_rsa_private_encrypt,4_2_01376105
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_0137590A crypto_cert_get_email,4_2_0137590A
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375966 crypto_cert_get_public_key,4_2_01375966
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375831 crypto_cert_free,4_2_01375831
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_0137584E crypto_cert_get_dns_names,4_2_0137584E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01387B3F crypto_base64_encode,4_2_01387B3F
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,4_2_01375B39
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375B24 crypto_cert_issuer,4_2_01375B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01387B24 crypto_base64_decode,4_2_01387B24
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375A65 crypto_cert_get_upn,4_2_01375A65
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375A61 crypto_cert_get_signature_alg,4_2_01375A61
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375ABB crypto_cert_hash,4_2_01375ABB
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375D58 crypto_cert_read,4_2_01375D58
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375DA5 crypto_cert_subject_common_name,4_2_01375DA5
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375D97 crypto_cert_subject_alt_name,4_2_01375D97
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375D82 crypto_cert_subject,4_2_01375D82
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_013CE437 _EncryptMessage@16,InitOnceExecuteOnce,4_2_013CE437
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_013CE42E _DecryptMessage@16,InitOnceExecuteOnce,4_2_013CE42E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375732 crypto_cert_dns_names_free,4_2_01375732
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01383F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,4_2_01383F1C
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_0137576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,4_2_0137576E
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,4_2_01375782
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,4_2_01375E14
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01452620 freerdp_assistance_get_encrypted_pass_stub,4_2_01452620
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_01375ED1 crypto_reverse,4_2_01375ED1
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-156413884-x86.exeJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-156413884-x86.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: getscreen-156413884-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: getscreen-156413884-x86.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: getscreen-156413884-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmp
Source: Joe Sandbox ViewIP Address: 78.47.165.25 78.47.165.25
Source: Joe Sandbox ViewIP Address: 5.75.168.191 5.75.168.191
Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficDNS traffic detected: DNS query: getscreen.me
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.contoso.com:3128/
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.pcommand.com:3128
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4ZW
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4Zn
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policy
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link
Source: getscreen-156413884-x86.exe, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: unknownNetwork traffic detected: HTTP traffic on port 50693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51663 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52416 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50591 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51573 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52428 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52517
Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52515
Source: unknownNetwork traffic detected: HTTP traffic on port 52567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52519
Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52512
Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52510
Source: unknownNetwork traffic detected: HTTP traffic on port 52326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52511
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52527
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52528
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52525
Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52526
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52529
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52520
Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52453 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52523
Source: unknownNetwork traffic detected: HTTP traffic on port 51001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52524
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52521
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52522
Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52538
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52537
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51209
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52530
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52531
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52534
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52535
Source: unknownNetwork traffic detected: HTTP traffic on port 50374 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52532
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52533
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52549
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52547
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52548
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52541
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52542
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52540
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52545
Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52546
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52543
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51213
Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52544
Source: unknownNetwork traffic detected: HTTP traffic on port 52579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52441 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52592 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52477 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52580 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50619 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51409 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52465 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52506
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52503
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52509
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52507
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52508
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52502
Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52500
Source: unknownNetwork traffic detected: HTTP traffic on port 52850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52475
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52476
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52473
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52477
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51147
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52478
Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51151
Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52482
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
Source: unknownNetwork traffic detected: HTTP traffic on port 52387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52483
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52481
Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52375 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51155
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52486
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52485
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51159
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52488
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51158
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52489
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52490
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52493
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52494
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52491
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52492
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51161
Source: unknownNetwork traffic detected: HTTP traffic on port 50812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52158 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52495
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51165
Source: unknownNetwork traffic detected: HTTP traffic on port 51152 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52499
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51174
Source: unknownNetwork traffic detected: HTTP traffic on port 53196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51175
Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51179
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51183
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52439
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52437
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52438
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52431
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52432
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52430
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52435
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52436
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52433
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52434
Source: unknownNetwork traffic detected: HTTP traffic on port 50848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52448
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52449
Source: unknownNetwork traffic detected: HTTP traffic on port 52109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52442
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52440
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52441
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51115
Source: unknownNetwork traffic detected: HTTP traffic on port 52087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52446
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52447
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52444
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52445
Source: unknownNetwork traffic detected: HTTP traffic on port 53014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52450
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51128
Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52459
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52453
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52454
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52451
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52457
Source: unknownNetwork traffic detected: HTTP traffic on port 52363 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52458
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52455
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51125
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52456
Source: unknownNetwork traffic detected: HTTP traffic on port 50836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52460
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52461
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51139
Source: unknownNetwork traffic detected: HTTP traffic on port 53026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52464
Source: unknownNetwork traffic detected: HTTP traffic on port 52694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51134
Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52465
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52462
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52463
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52469
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52466
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52467
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52471
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52472
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52470
Source: unknownNetwork traffic detected: HTTP traffic on port 52099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51471 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50529 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51483 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50530 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50296 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51195
Source: unknownNetwork traffic detected: HTTP traffic on port 51994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51194
Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51198
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52669 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50554 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51490 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52218 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52280 -> 443
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DAB0800_2_00DAB080
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00D901A00_2_00D901A0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DD89A00_2_00DD89A0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DCA30D0_2_00DCA30D
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DC73000_2_00DC7300
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DC66570_2_00DC6657
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00D897000_2_00D89700
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_00DAB0801_2_00DAB080
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_00DD89A01_2_00DD89A0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_00DCA30D1_2_00DCA30D
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_00F1B0802_2_00F1B080
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_00F489A02_2_00F489A0
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_00F3A30D2_2_00F3A30D
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_00DAB0804_2_00DAB080
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_00DD89A04_2_00DD89A0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_00DCA30D4_2_00DCA30D
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: String function: 0153E717 appears 101 times
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: String function: 01532354 appears 50 times
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: String function: 013CE717 appears 303 times
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: String function: 013C2354 appears 150 times
Source: getscreen-156413884-x86.exeStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: getscreen-156413884-x86.exeStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: getscreen-156413884-x86.exeStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: getscreen-156413884-x86.exe, 00000000.00000000.1657353952.00000000024B3000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exe, 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exe, 00000001.00000000.1661340928.00000000024B3000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exe, 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exe, 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exe, 00000004.00000000.1695067585.00000000024B3000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exeBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-156413884-x86.exe
Source: getscreen-156413884-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal54.phis.evad.winEXE@8/356@5/2
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeFile created: C:\Users\user\AppData\Local\Getscreen.meJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeMutant created: \Sessions\1\BaseNamedObjects\Global\PCommandMutextTurbo96phqghum
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeFile read: C:\Users\user\Desktop\getscreen-156413884-x86.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe"
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -gpipe \\.\pipe\PCommand97jozacdivvdywhof -gui
Source: unknownProcess created: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe "C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe" -elevate \\.\pipe\elevateGS512apiirpcewshyuslqylilsjzmfgzdtrv
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -cpipe \\.\pipe\PCommand96hbjpbtabxviuvrw -cmem 0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm -child
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -gpipe \\.\pipe\PCommand97jozacdivvdywhof -guiJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -cpipe \\.\pipe\PCommand96hbjpbtabxviuvrw -cmem 0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm -childJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: sas.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dsparse.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: mfwmaaec.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: audioses.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: getscreen-156413884-x86.exeStatic PE information: certificate valid
Source: getscreen-156413884-x86.exeStatic file information: File size 3654440 > 1048576
Source: getscreen-156413884-x86.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x374e00
Source: getscreen-156413884-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_024B29E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_024B29E0
Source: getscreen-156413884-x86.exeStatic PE information: real checksum: 0x38a69d should be: 0x3882ba
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe.0.drStatic PE information: real checksum: 0x38a69d should be: 0x3882ba
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeFile created: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeFile created: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_013D7449 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_013D7449
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Size FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, Manufacturer, MACAddress, Speed, InterfaceIndex, Index, GUID FROM Win32_NetworkAdapter WHERE PhysicalAdapter=TRUE
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT DHCPServer, DNSServerSearchOrder, IPAddress FROM Win32_NetworkAdapterConfiguration WHERE InterfaceIndex = 1
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;True&apos;
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;True&apos;
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, VolumeName, FileSystem, Size, FreeSpace FROM Win32_LogicalDisk
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption FROM Win32_SoundDevice
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 615Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 1235Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 649Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 516Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 521Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 9975Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWindow / User API: threadDelayed 890Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI coverage: 2.5 %
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI coverage: 1.2 %
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7300Thread sleep count: 615 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7296Thread sleep count: 1235 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7456Thread sleep count: 649 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7460Thread sleep count: 516 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7464Thread sleep count: 521 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7324Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7412Thread sleep count: 247 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exe TID: 7548Thread sleep count: 890 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BIOSVersion, Name, ReleaseDate FROM Win32_BIOS
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model, Name, Domain, Workgroup FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: getscreen-156413884-x86.exe, 00000000.00000003.3876495046.0000000000972000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Console#0VMware Virtual RAMVMW-4096MB00000001DL
Source: getscreen-156413884-x86.exe, 00000000.00000002.4151982210.0000000006455000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: {"CPU":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","CPUSpeed":2000,"CPUCores":4,"CPUCoresLogical":1,"CPUFamily":"Intel64 Family 6 Model 143 Stepping 8","BIOS":"AP1FA24DOP","BIOSVersion":"20221121","BIOSDate":"","RAMPhys":8191,"RAMPhysAvail":2195,"RAMVirt":2047,"RAMVirtAvail":1883,"RAMPageFile":8191,"RAMBanks":[{"Bank":"RAM slot #0","Locator":"RAM slot #0","DataWidth":64,"Manufacturer":"VMware Virtual RAM","PartNumber":"VMW-4096MB","SerialNumber":"00000001","Capacity":4096}],"VideoName":"4U1TH","VideoRAM":1024,"VideoCards":[{"Name":"4U1TH","RAM":1024,"Integrated":false}],"Locale":"0809","LocaleOemPage":"1252","LocaleCountry":"Switzerland","LocaleCurrency":"CHF","LocaleTimezone":60,"LocaleFormatTime":"HH:mm:ss","LocaleFormatDate":"dd\/MM\/yyyy","ComputerModel":"PvAPkTX8","ComputerDomain":"DLRyV","ComputerWorkgroup":"WORKGROUP","ComputerName":"user-PC","ComputerIP":["192.168.2.4","fe80::29b9:a951:1791:4eb3"],"OSName":"Microsoft Windows 10 Pro","OSVersion":"10.0.19045","HDD":[{"Model":"783ZYSUU SCSI Disk Device","S
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V console (use port 2179, disable negotiation)
Source: getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMnet
Source: getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id=RT
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: RAM slot #0RAM slot #0@VMware Virtual RAMVMW-4096MB00000001
Source: getscreen-156413884-x86.exe, 00000000.00000003.2799620026.0000000000949000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"AP1FA24DOP\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2195,\"RAMVirt\":2047,\"RAMVirtAvail\":1883,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"4U1TH
Source: getscreen-156413884-x86.exe, 00000000.00000003.3961046659.0000000000940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $VMware Virtual RAMI
Source: getscreen-156413884-x86.exe, 00000000.00000003.3876495046.0000000000972000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
Source: getscreen-156413884-x86.exe, 00000000.00000002.4151982210.0000000006455000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: trdware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"AP1FA24DOP\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2195,\"RAMVirt\":2047,\"RAMVirtAvail\":1883,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"4U1TH\",\"VideoRAM\":h
Source: getscreen-156413884-x86.exe, 00000000.00000002.4138494791.00000000008E1000.00000004.00000020.00020000.00000000.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4145927342.0000000002531000.00000004.00000020.00020000.00000000.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1680813707.00000000027AE000.00000004.00000020.00020000.00000000.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1849378502.0000000002A30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI call chain: ExitProcess graph end nodegraph_0-13515
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI call chain: ExitProcess graph end nodegraph_1-12965
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeAPI call chain: ExitProcess graph end nodegraph_2-13042
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeAPI call chain: ExitProcess graph end nodegraph_4-12987
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_014261B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_014261B5
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_024B29E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_024B29E0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_014261B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_014261B5
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0141FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0141FCA9
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 1_2_0141FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0141FCA9
Source: C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exeCode function: 2_2_0158FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0158FCA9
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 4_2_0141FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0141FCA9
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_01377321 freerdp_input_send_extended_mouse_event,0_2_01377321
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-156413884-x86.exe "C:\Users\user\Desktop\getscreen-156413884-x86.exe" -cpipe \\.\pipe\PCommand96hbjpbtabxviuvrw -cmem 0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm -childJump to behavior
Source: getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd zW
Source: apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd zn
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_00DD89A0 cpuid 0_2_00DD89A0
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeCode function: 0_2_0138E4DD rfx_context_new,GetVersionExA,GetNativeSystemInfo,RegOpenKeyExA,primitives_get,CreateThreadpool,rfx_context_set_pixel_format,0_2_0138E4DD

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies Internet Explorer zonemap settings
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\Desktop\getscreen-156413884-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts631
Windows Management Instrumentation		1
Scripting		12
Process Injection		1
Masquerading		OS Credential Dumping731
Security Software Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory53
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Browser Session Hijacking		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)53
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Modify Registry		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Process Injection		LSA Secrets133
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Obfuscated Files or Information		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Software Packing		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
getscreen-156413884-x86.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe1%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
getscreen.me0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://proxy.contoso.com:3128/0%Avira URL Cloudsafe
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension0%Avira URL Cloudsafe
https://%S/%S/agent/chat$.typeoutprocessData4Zn0%Avira URL Cloudsafe
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-010%Avira URL Cloudsafe
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%Avira URL Cloudsafe
https://%S/%S/agent/chat$.typeoutprocessData4ZW0%Avira URL Cloudsafe
https://getscreen.me/signal/agent0%Avira URL Cloudsafe
http://proxy.contoso.com:3128/0%VirustotalBrowse
https://getscreen.me/agent-policy0%Avira URL Cloudsafe
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension0%VirustotalBrowse
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-010%VirustotalBrowse
https://getscreen.me/signal/agent0%VirustotalBrowse
http://proxy.pcommand.com:31280%Avira URL Cloudsafe
https://getscreen.me/agent-policy0%VirustotalBrowse
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%VirustotalBrowse
http://proxy.pcommand.com:31280%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
getscreen.me
5.75.168.191
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://getscreen.me/signal/agentfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=linkgetscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.contoso.com:3128/getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4Znapiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01getscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extensiongetscreen-156413884-x86.exe, 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4ZWgetscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://getscreen.me/agent-policygetscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.pcommand.com:3128getscreen-156413884-x86.exe, 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmp, getscreen-156413884-x86.exe, 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmp, apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe, 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmp, getscreen-156413884-x86.exe, 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
78.47.165.25
unknownGermany
24940HETZNER-ASDEfalse
5.75.168.191
getscreen.meGermany
24940HETZNER-ASDEtrue

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1492032
Start date and time:2024-08-13 08:51:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 12m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:getscreen-156413884-x86.exe
Detection:MAL
Classification:mal54.phis.evad.winEXE@8/356@5/2
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report creation exceeded maximum time and may have missing disassembly code information.
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

TimeTypeDescription
02:52:03API Interceptor9929512x Sleep call for process: getscreen-156413884-x86.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
78.47.165.25getscreen-511588515.exeGet hashmaliciousUnknownBrowse
    getscreen-973519027.exeGet hashmaliciousUnknownBrowse
      getscreen-973519027.exeGet hashmaliciousUnknownBrowse
        getscreen-959987858.exeGet hashmaliciousUnknownBrowse
          getscreen-728974364.exeGet hashmaliciousUnknownBrowse
            getscreen-728974364.exeGet hashmaliciousUnknownBrowse
              getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                  getscreen-008263870.exeGet hashmaliciousUnknownBrowse
                    getscreen-354909850.exeGet hashmaliciousUnknownBrowse
                      5.75.168.191getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                        getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                          getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                            getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                              getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                  getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                    getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                                      getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                                        getscreen-008263870.exeGet hashmaliciousUnknownBrowse

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          getscreen.megetscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                          • 78.47.165.25
                                          getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                          • 51.89.95.37
                                          getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191
                                          getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                                          • 78.47.165.25
                                          getscreen-447303723.exeGet hashmaliciousUnknownBrowse
                                          • 5.75.168.191

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          HETZNER-ASDEhoho.arm.elfGet hashmaliciousMiraiBrowse
                                          • 136.243.55.31
                                          http://www-indonesia.zee-mi.cfd/Get hashmaliciousUnknownBrowse
                                          • 135.181.63.70
                                          https://bhaez.cuakss.biz.id/Get hashmaliciousUnknownBrowse
                                          • 135.181.63.70
                                          Monica_velez Scan to View CourtOrder.docxGet hashmaliciousUnknownBrowse
                                          • 116.202.167.133
                                          file.exeGet hashmaliciousMetastealerBrowse
                                          • 188.40.187.174
                                          $RY0TBV2.exeGet hashmaliciousUnknownBrowse
                                          • 5.161.211.130
                                          $RY0TBV2.exeGet hashmaliciousUnknownBrowse
                                          • 5.161.211.130
                                          66b9d00589bbc_doz.exeGet hashmaliciousVidarBrowse
                                          • 78.46.239.218
                                          66b9d56da3bee_main.exeGet hashmaliciousVidarBrowse
                                          • 78.46.239.218
                                          http://beonlineboo.comGet hashmaliciousUnknownBrowse
                                          • 135.181.16.82
                                          HETZNER-ASDEhoho.arm.elfGet hashmaliciousMiraiBrowse
                                          • 136.243.55.31
                                          http://www-indonesia.zee-mi.cfd/Get hashmaliciousUnknownBrowse
                                          • 135.181.63.70
                                          https://bhaez.cuakss.biz.id/Get hashmaliciousUnknownBrowse
                                          • 135.181.63.70
                                          Monica_velez Scan to View CourtOrder.docxGet hashmaliciousUnknownBrowse
                                          • 116.202.167.133
                                          file.exeGet hashmaliciousMetastealerBrowse
                                          • 188.40.187.174
                                          $RY0TBV2.exeGet hashmaliciousUnknownBrowse
                                          • 5.161.211.130
                                          $RY0TBV2.exeGet hashmaliciousUnknownBrowse
                                          • 5.161.211.130
                                          66b9d00589bbc_doz.exeGet hashmaliciousVidarBrowse
                                          • 78.46.239.218
                                          66b9d56da3bee_main.exeGet hashmaliciousVidarBrowse
                                          • 78.46.239.218
                                          http://beonlineboo.comGet hashmaliciousUnknownBrowse
                                          • 135.181.16.82

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                          Category:dropped
                                          Size (bytes):3654440
                                          Entropy (8bit):7.931175512125937
                                          Encrypted:false
                                          SSDEEP:98304:w2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5Nb:w2ez4o0OmyVnvKLH
                                          MD5:2E9DE68641B502474E5BA330FE5396BB
                                          SHA1:A7A07FCC8643FEC59E4684AAA66C64C3232E693F
                                          SHA-256:F942C4A0313D288BF7A48AA6438DDCEC9FBCCCD0E8C0107B61B233A0A823731A
                                          SHA-512:B5F460EE55C415C5238D500C454F3A9AAE5ADFC9763573FA84C9694F4145AD69515FDDD46A819AFF5B5762E3DBA39888B1BA675EBE2771009A7ACA24AD4A7DEB
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Virustotal, Detection: 1%, Browse
                                          Reputation:low
                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD.D)(AD.EE5(AD9WEE.(AD-(AD./ADfPFE,(AD.BE3(AD.DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(AD>.AE,(AD>..D,(AD-(.D,(AD>.CE,(ADRich-(AD........................PE..L..../.f...............(.P7..P....=..)u...=..0u...@...........................u.......8...@..............................U..Pju......0u.P:............7.(/...qu. ............................+u.....<,u.............................................UPX0......=.............................UPX1.....P7...=..N7.................@....rsrc....P...0u..B...R7.............@..............................................................................................................................................................................................................................................................................................................4.22.UPX!....

                                          C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Reputation:high, very likely benign file
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\ProgramData\Getscreen.me\folder\settings.dat

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):64
                                          Entropy (8bit):5.84375
                                          Encrypted:false
                                          SSDEEP:3:Bvx9K2IIPhyzIOM+C8uzP:9K2buRJuj
                                          MD5:6F248BBB785B159965320DF63497E5BF
                                          SHA1:FF0E766207E6C2D1F50C1807C067C38AE5462B63
                                          SHA-256:F7A8589D1314D9DBB37A0D3793B9F63A49192171BAF6CB168CF4D1E05E4F8A70
                                          SHA-512:BEB24CBBE0FECEF4E27092A73664FCDD675B5BBEE4777ECB02D5ABC07A286D82B59E7301BD4935A601DBECD7F3A89803738EB4E31F9DF1A283318965117011F0
                                          Malicious:false
                                          Reputation:low
                                          Preview:...J.+.q....:.O..@.G.o.-....W.....,.6.<.....2.@\.%.+.#.K.jK..

                                          C:\ProgramData\Getscreen.me\logs\20240813.log

                                          Download File
                                          Process:C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):6173
                                          Entropy (8bit):5.125987722303803
                                          Encrypted:false
                                          SSDEEP:192:89fckM5IyDYark/3VaxdeYI33gz4noFGqmMBiA8:zdSxr7zA38
                                          MD5:776DDC7EDDC3A1E86350C6F05041EEED
                                          SHA1:A2F01EE2685EF6E1DCA91F0F120331E9A6071C91
                                          SHA-256:BDAA06AA6EE038D40C86B4C16E5F3B1C9C8570C0EE62F666C31641E3E4FBDD6E
                                          SHA-512:3349E16AC5A2B97879697F35B8C192FBAD5F1CA36495F0314390A98FADD31E0E43884186CB151BDAD8C2F8330387FA0366221A95795F3EAACDA9E2D440418A5B
                                          Malicious:false
                                          Reputation:low
                                          Preview:08:05:43.569.INFO.GuiSessionList created new gui session for: 1, is active: false..08:05:43.570.INFO.Server start server run....08:05:43.570.INFO.Start Getscreen.me v 2.21.3 build 2 revision 0..08:05:43.693.INFO.GUI GUI started..08:05:43.827.INFO.CGuiSessionList m_active is null..08:05:44.101.INFO.CConfigStore Loaded config from `C:\ProgramData\Getscreen.me\folder\settings.dat`..08:05:44.101.ERROR.Service service 'GetscreenSV' not found..08:05:44.224.INFO.Service service 'GetscreenSV' installed..08:05:44.635.INFO.Service service 'GetscreenSV' start success..08:05:44.680.INFO.Service get control message 1..08:05:44.746.INFO.FrameMark hide frame..08:05:45.721.INFO.Service service 'GetscreenSV' stop [0] (0)..08:05:46.235.INFO.Service service 'GetscreenSV' removed..08:05:46.261.INFO.Child success get system token..08:05:46.263.INFO.Child start child process simply..08:05:46.263.INFO

                                          C:\ProgramData\Getscreen.me\logs\20240815.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):67882
                                          Entropy (8bit):5.018432221855194
                                          Encrypted:false
                                          SSDEEP:384:IhLa8094YQZq5TTlAsbG3ZiT+yh4fZAMS5NHDJXR:Itk9gZq5O2+64x47HDJXR
                                          MD5:944CA03565E78E2A2E9EA2700E2590CA
                                          SHA1:11767CA7794AC67B9E2B32FA783B61E2D93BC785
                                          SHA-256:49257F814C45D3D7342F99E58D7F5AA95388BFF4E6B66C20D0B87B9103C6CDE7
                                          SHA-512:624BA79DDC45B6BEC03ED1FFE6AA414E09B32048CF327CC64E6D6C05076D51D40B02C52D5E057F1536B16B369798DFFA31DF33914EFBD421D3BE78716FF2D818
                                          Malicious:false
                                          Reputation:low
                                          Preview:11:30:34.842.INFO.Signaling force websocket stop..11:30:34.852.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:30:34.862.INFO.Socket connected to getscreen.me:443..11:31:49.584.INFO.WebScoket connected to getscreen.me/signal/agent:443..11:31:49.585.INFO.Signaling geting active session user..11:31:49.801.INFO.Signaling collecting hardware info..11:31:49.801.ERROR.Socket unable to read..11:31:49.801.ERROR.Socket unable to read..11:32:35.003.INFO.Signaling force websocket stop..11:32:39.601.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:32:39.606.INFO.Socket connected to getscreen.me:443..11:33:53.233.INFO.WebScoket connected to getscreen.me/signal/agent:443..11:33:53.438.INFO.Signaling geting active session user..11:33:53.440.INFO.Signaling collecting hardware info..11:33:53.440.ERROR.Socket unable to read..11:33:53.440.ERROR.Socket unab

                                          C:\ProgramData\Getscreen.me\logs\20240817.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):29659
                                          Entropy (8bit):5.011815788338019
                                          Encrypted:false
                                          SSDEEP:192:huTdGxNNrwlfOedS8USztOaWf98sxDvwwbvT/ftAWCFPPq2NKX/SXA+mbeny41t8:BU/8XHZcBLqSsZccF
                                          MD5:F3B142F48E2EE923ED92B0D9CD95A6BF
                                          SHA1:102E3B1DEDC15435B4AB6D077BDAAD9B01DBA201
                                          SHA-256:060028A7326A7D181F14D7E4CE66B3C9EC351BF09D0368FEC0ABC18C4625ADB1
                                          SHA-512:F400C4771B0677AC63D91DBA0814868E9DD8543C268DDD53D068E77084682E646AF62EB7186F58AB5E41E34AFCBEDE91B4053C4D394996A4198E07039391EB46
                                          Malicious:false
                                          Reputation:low
                                          Preview:04:56:01.212.INFO.Signaling force websocket stop..04:56:01.213.INFO.Socket connected to getscreen.me:443..04:56:03.756.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:56:03.756.ERROR.WebSocket connection error getscreen.me/signal/agent..04:58:06.999.INFO.Signaling force websocket stop..04:59:57.246.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:00:17.412.INFO.Socket connected to getscreen.me:443..05:02:01.469.INFO.Signaling force websocket stop..05:02:01.470.ERROR.Socket unable to read..05:02:01.470.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:02:13.097.ERROR.WebSocket connection error getscreen.me/signal/agent..05:04:37.569.INFO.Signaling force websocket stop..05:06:38.496.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:06:58.867.INFO.Soc

                                          C:\ProgramData\Getscreen.me\logs\20240818.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):101914
                                          Entropy (8bit):5.017334096314174
                                          Encrypted:false
                                          SSDEEP:768:NCh6nO+zGuPjQf96x2GnxvFMo/6gd7IIHdFIHrE:I6O+zGu7ssxHh5FIw
                                          MD5:98165E35D2D8BC7ED05F6061335C0C0F
                                          SHA1:B1005A84B04BCAF9B527F96133D427F2134D1C78
                                          SHA-256:2A35DD4CA8B2BA50F93821F47044C1C56D653E39E53D1784725DB0D3E8F71F4B
                                          SHA-512:E216206521B1205454F71ACD2840CF1669119B4AB5A88DCE2FFA2B9B52CBABE3A632B0E037B4BD88EF7679D7F630E96CCA02393267177DB797F5058C903870F0
                                          Malicious:false
                                          Reputation:low
                                          Preview:11:13:55.633.INFO.Signaling force websocket stop..11:13:55.647.ERROR.Socket unable to read..11:13:55.647.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:13:55.647.ERROR.WebSocket connection error getscreen.me/signal/agent..11:16:01.406.INFO.Signaling force websocket stop..11:18:07.164.INFO.Signaling force websocket stop..11:20:12.923.INFO.Signaling force websocket stop..11:22:18.679.INFO.Signaling force websocket stop..11:22:51.605.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:23:47.234.INFO.Socket connected to getscreen.me:443..11:24:56.413.INFO.Signaling force websocket stop..11:24:56.413.ERROR.Socket unable to read..11:24:56.413.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:24:56.413.ERROR.WebSocket connection error getscreen.me/signal/agent..11:27:

                                          C:\ProgramData\Getscreen.me\logs\20240820.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35642
                                          Entropy (8bit):5.023902886611142
                                          Encrypted:false
                                          SSDEEP:192:T9SMzjdNJNv9J0AQKTAnemgegtmsu59/E4cNiZp/bSEdlCtQjrHyhy1CKsRzJCAr:WG27yg0JA82VfBm3tfAqT
                                          MD5:F5DD54045C0ECB898F05F17FB2B3F251
                                          SHA1:53393BD1C2057CE550E4948F4353CC2A0702BD60
                                          SHA-256:F6F2BED60340C3595DD2AA4F6CE011F5F6C13081410696FFA269348D9F19B229
                                          SHA-512:5DBAB9565EA8A9A798AD337F6434E750479465BE6066D62AB988CF7117370BFA16A4D34423790F037DDC6763618C738CB16FB70DBE05ADC4C838D2FC5067AF1F
                                          Malicious:false
                                          Reputation:low
                                          Preview:13:09:36.239.INFO.Signaling force websocket stop..13:10:36.034.INFO.Socket connected to getscreen.me:443..13:10:36.055.ERROR.Socket unable to read..13:10:36.055.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:10:36.055.ERROR.WebSocket connection error getscreen.me/signal/agent..13:12:41.858.INFO.Signaling force websocket stop..13:13:51.601.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:14:07.126.INFO.Socket connected to getscreen.me:443..13:15:55.832.INFO.Signaling force websocket stop..13:15:55.833.ERROR.Socket unable to read..13:15:55.833.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:16:07.360.ERROR.WebSocket connection error getscreen.me/signal/agent..13:18:01.593.INFO.Signaling force websocket stop..13:20:07.351.INFO.Signaling force websocket sto

                                          C:\ProgramData\Getscreen.me\logs\20240822.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15632
                                          Entropy (8bit):5.004202196613335
                                          Encrypted:false
                                          SSDEEP:192:my/xWcltmkQvkhWkc8ke5k5JWzYyBkflkoSk7GkNOOkZokqwGkZZskxxzq3o/ny7:eO1XqpnWzYyK+cBIttq07vga2T
                                          MD5:22DD19B5117F3C21BF45FE42711CDB16
                                          SHA1:AAF86EF45A2D2BB262238EA3F5CC4CEC1FB0559C
                                          SHA-256:1A0ACCCE476C1DF15FD306525908402F4A746E2797628F0F63EB0F0760A10950
                                          SHA-512:A979314A01261C355CCA97E6C289D97927664EAABC9315CD0F01224A24D3EBFCD55560F6E5F40B0DC311165FD26D8B4C1382DAFE94A1357A672FC0A456AAEF33
                                          Malicious:false
                                          Reputation:low
                                          Preview:00:36:26.989.INFO.Signaling force websocket stop..00:38:32.769.INFO.Signaling force websocket stop..00:38:37.599.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:38:37.620.INFO.Socket connected to getscreen.me:443..00:40:42.803.INFO.Signaling force websocket stop..00:40:42.803.ERROR.Socket unable to read..00:40:42.803.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:40:42.803.ERROR.WebSocket connection error getscreen.me/signal/agent..00:42:48.570.INFO.Signaling force websocket stop..00:44:54.329.INFO.Signaling force websocket stop..00:45:14.272.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:45:25.343.INFO.Socket connected to getscreen.me:443..00:47:19.286.INFO.Signaling force websocket stop..00:47:19.286.ERROR.Socket unable to read..00:47:19.286.ERROR.SSL handshake error: error:0000

                                          C:\ProgramData\Getscreen.me\logs\20240823.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):159058
                                          Entropy (8bit):5.016872807466097
                                          Encrypted:false
                                          SSDEEP:1536:YiIDKMi2gav4jjxiEMoVUxCJG+VoYf308q6Vpg2p0:TIDJ4joCA+Vomhy
                                          MD5:F6A721E8E6AE6CF10C812C76AC42F059
                                          SHA1:9FE297342F9B3766D1FD3BEFCEBD9B6214007835
                                          SHA-256:F3A60B679D100F1AEB3A40F04BDE6B6F47B7A1A119856F4BB11011C96DEEF7BC
                                          SHA-512:5995742445600FD58239C9290BF8A2F967A6C78EA2A1BB5F38ACBC571126A852C4CCE6EC2428983FAA594C704516B420F36819DDD039C509AFB086B486EBF56A
                                          Malicious:false
                                          Reputation:low
                                          Preview:03:41:36.839.INFO.Signaling force websocket stop..03:41:36.911.ERROR.Socket unable to read..03:41:36.911.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:41:37.005.ERROR.WebSocket connection error getscreen.me/signal/agent..03:43:42.691.INFO.Signaling force websocket stop..03:45:32.359.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:45:39.556.INFO.Socket connected to getscreen.me:443..03:47:37.196.INFO.Signaling force websocket stop..03:47:37.197.ERROR.Socket unable to read..03:47:37.197.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:49:42.979.ERROR.WebSocket connection error getscreen.me/signal/agent..03:49:42.974.INFO.Signaling force websocket stop..03:51:47.119.INFO.Signaling force websocket stop..03:53:09.854.INFO.Signaling start connection to 'getscre

                                          C:\ProgramData\Getscreen.me\logs\20240825.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):32899
                                          Entropy (8bit):5.0230230412853025
                                          Encrypted:false
                                          SSDEEP:192:7T94RlKFRr7aaI3a+5XuZB/g2CYtJZfcu4tlBqp98G+u8LO1+cmg1RDNnI68kn/D:i0yEEi1RDy9hPIL
                                          MD5:D449F21C60F3D34BAE8079B7EDF3A813
                                          SHA1:4B3E2B5351FCF89F2C028DC38D1FB8EA46035793
                                          SHA-256:D973C8DE06CDF28216C352FD90FBA8CD0E830DA61C42D0D6CB5BB231FFEE24FD
                                          SHA-512:97D00DAC9032571803D36780002A3B85783AC93C728990D5DF7C28D5AC08FAEE8F49A485F26A8067DEDA05B6E0451B88F0DA4932E48D9F26750C90E52183DE31
                                          Malicious:false
                                          Preview:16:03:55.379.INFO.Signaling force websocket stop..16:03:59.082.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:04:09.187.INFO.Socket connected to getscreen.me:443..16:06:03.326.INFO.Signaling force websocket stop..16:06:03.326.ERROR.Socket unable to read..16:06:03.326.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:06:03.326.ERROR.WebSocket connection error getscreen.me/signal/agent..16:08:05.716.INFO.Signaling force websocket stop..16:09:57.708.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:10:01.030.INFO.Socket connected to getscreen.me:443..16:12:02.335.INFO.Signaling force websocket stop..16:12:02.336.ERROR.Socket unable to read..16:12:02.336.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:12:02.336.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20240826.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):214240
                                          Entropy (8bit):5.015536956886372
                                          Encrypted:false
                                          SSDEEP:768:InvIp5jZsrm3Dqcam5qdkcg6ktz4kqOKoiLcNvPAwaWgf0aBd/MmU36vtDVDqfJn:IvdcarDBktT7aWg8aP/MxyDqfJn
                                          MD5:B1FC23E9F7CB06D4E986E2BDA156C0D8
                                          SHA1:72220CEF2A61A8139893B6D095134387B71DD2AF
                                          SHA-256:8B303DEECAA24158FE2E677E94B6CFF85CE5DB5C663A6F2AD8089B4ED8E51ED2
                                          SHA-512:C614991D8FE2B1353A6BA88DB4692E165D38800DC2E8DF64022DCE031DC6A2EFE4DFDBF525707C6E526809C65F8F403EE7C6CD8002D247A12032CCC262588444
                                          Malicious:false
                                          Preview:23:12:18.578.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:13:18.584.INFO.Signaling force websocket stop..23:13:37.946.INFO.Socket connected to getscreen.me:443..23:15:24.429.INFO.Signaling force websocket stop..23:15:24.429.ERROR.Socket unable to read..23:15:24.430.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:15:24.430.ERROR.WebSocket connection error getscreen.me/signal/agent..23:17:30.210.INFO.Signaling force websocket stop..23:17:35.233.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:17:36.430.INFO.Socket connected to getscreen.me:443..23:19:40.253.INFO.Signaling force websocket stop..23:19:40.262.ERROR.Socket unable to read..23:19:40.262.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:19:40.262.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20240827.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):101362
                                          Entropy (8bit):5.018359864901162
                                          Encrypted:false
                                          SSDEEP:768:x02LnBgh1etHPk8YPbFvqG/FTxICKLtaeP4lWYFFBUPKnc3s07:xcpPbFdtTxICitaeP6FBUync807
                                          MD5:95A25D5F7B75332DDF49D2E19064BDD0
                                          SHA1:47D86D6A457F1DD1E4C26D68A4BA2CB60F3E6713
                                          SHA-256:D0B54F024479523E4BFF1F33ECE7602A079EB1D015A787C3502898F45FEF55C3
                                          SHA-512:98A0647E9E76E25BB3BC3EBEC77AABD4445B812786639A62676BF3579D0595E23314A1C65068E5BAF71ECAC9E3F042E6432CAFDBD9E58FE3D40656B28A0D34D3
                                          Malicious:false
                                          Preview:21:46:28.181.INFO.Signaling force websocket stop..21:46:28.171.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:46:41.422.INFO.Socket connected to getscreen.me:443..21:48:34.003.INFO.Signaling force websocket stop..21:48:34.004.ERROR.Socket unable to read..21:48:34.004.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:48:34.004.ERROR.WebSocket connection error getscreen.me/signal/agent..21:50:39.768.INFO.Signaling force websocket stop..21:52:45.531.INFO.Signaling force websocket stop..21:53:43.452.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:54:01.890.INFO.Socket connected to getscreen.me:443..21:55:48.853.INFO.Signaling force websocket stop..21:55:48.853.ERROR.Socket unable to read..21:55:48.853.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                          C:\ProgramData\Getscreen.me\logs\20240829.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):84459
                                          Entropy (8bit):5.013700401844728
                                          Encrypted:false
                                          SSDEEP:768:zhv1zVzV5UKjtdGcOML7eQ3EmQbvk+sgo86FnisX8/8j2DNcb:ztFvCC7eQAk+dodjGNA
                                          MD5:941DD5FA465F2C6E07DC7BDCE8E11FD8
                                          SHA1:9E41DE2C36C0D0289EA3B605FE52BF62ED85527B
                                          SHA-256:98D99F027FEF494FB40DC70BCA6E191CF55E66AACFA1227764C2766959506483
                                          SHA-512:AA7F6F00960ECED050E33AC45AB088E259F28DE3C3E0F94B1BCCE7F44D74908D7B0C86E90AF7768BC54C54A648738B9E30F22BDBF9D7F9040315C56F477864A9
                                          Malicious:false
                                          Preview:23:31:24.926.INFO.Signaling force websocket stop..23:31:24.928.INFO.Socket connected to getscreen.me:443..23:31:25.012.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:31:25.012.ERROR.WebSocket connection error getscreen.me/signal/agent..23:33:30.793.INFO.Signaling force websocket stop..23:35:36.558.INFO.Signaling force websocket stop..23:35:52.069.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:35:52.072.INFO.Socket connected to getscreen.me:443..23:37:57.260.INFO.Signaling force websocket stop..23:37:57.261.ERROR.Socket unable to read..23:37:57.261.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:37:57.247.ERROR.WebSocket connection error getscreen.me/signal/agent..23:40:01.221.INFO.Signaling force websocket stop..23:42:06.990.INFO.Signaling force websocke

                                          C:\ProgramData\Getscreen.me\logs\20240830.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):98684
                                          Entropy (8bit):5.014543178747433
                                          Encrypted:false
                                          SSDEEP:384:i/jF9yaREanBJtmWpMQGRFzRhWgn0pKCCoFazLEMSCEOo/C:i73REavtmWpMQGdhWgn0pKCCoFALEMWC
                                          MD5:0CCC1CA6C2A29ED802121AF53CC4362A
                                          SHA1:4DA3EBB6AC6AC06E647C6B681299DC646D8340EA
                                          SHA-256:0F351FD86D1D740F545E432C84EC32DEC78B57C76D19095ACDA2949E8FACC10A
                                          SHA-512:3A305D4EBC4FF34B026C4920779A71A0A391D0349866DBA777A7EE3F568C75550531A862DE5012CDFD3DF4367C8503DE5F6E9C1C702F99DCC1594AA4E67F1FC8
                                          Malicious:false
                                          Preview:17:17:49.407.INFO.Signaling force websocket stop..17:18:15.190.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:19:15.481.INFO.Socket connected to getscreen.me:443..17:20:20.782.INFO.Signaling force websocket stop..17:20:20.782.ERROR.Socket unable to read..17:20:20.782.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:20:20.782.ERROR.WebSocket connection error getscreen.me/signal/agent..17:22:59.409.INFO.Signaling force websocket stop..17:25:05.170.INFO.Signaling force websocket stop..17:26:46.885.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:27:54.735.INFO.Socket connected to getscreen.me:443..17:28:51.125.INFO.Signaling force websocket stop..17:28:51.126.ERROR.Socket unable to read..17:28:51.126.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                          C:\ProgramData\Getscreen.me\logs\20240901.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):48907
                                          Entropy (8bit):5.014754595427524
                                          Encrypted:false
                                          SSDEEP:192:/y5Sp9T9filDUPbe7lpk1344hfQW88vTXElLA5dDqBwI8ajcuKzgnpzR2yeQOvop:/lIXcCNL4x3FS0/hNvrXWhzDpVK4Ilc
                                          MD5:A645A503999B0A1A28847C78EF06015C
                                          SHA1:87E89746DFE0CCDF917DE64FEDD6AE7021E9B1ED
                                          SHA-256:A4887189FA40FEB9B5F887C1D263DAF7430B9E20EB80D469F85C0B7064BC093B
                                          SHA-512:81DDC7889A32DAE72499E783D6D97B7C47F4F0094D5C246648B7418C0EFBFA2C2291310FD2974B70E5872645AE2F463BD63A0F1C2DA0394019A46026C1F2E047
                                          Malicious:false
                                          Preview:17:10:17.151.INFO.Signaling force websocket stop..17:10:17.193.ERROR.Socket unable to read..17:10:17.193.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:10:17.390.ERROR.WebSocket connection error getscreen.me/signal/agent..17:12:22.964.INFO.Signaling force websocket stop..17:14:28.746.INFO.Signaling force websocket stop..17:14:57.603.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:16:11.377.INFO.Socket connected to getscreen.me:443..17:17:01.564.INFO.Signaling force websocket stop..17:17:01.564.ERROR.Socket unable to read..17:17:01.564.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:17:11.447.ERROR.WebSocket connection error getscreen.me/signal/agent..17:19:07.324.INFO.Signaling force websocket stop..17:21:13.094.INFO.Signaling force websocket stop..17:23:

                                          C:\ProgramData\Getscreen.me\logs\20240903.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10449
                                          Entropy (8bit):5.014241142744868
                                          Encrypted:false
                                          SSDEEP:192:R5sHv834ppINWxChde3FAj0IWW8tmcc8iK5GKsdidR5S2war6HkNnzCIt:Qpxse3FvUiBX
                                          MD5:0B2B54C9A6BFC0A0D072042B0C7A594B
                                          SHA1:5E60DB9BF4B9C1E0C3A33D95AB850B8A01442100
                                          SHA-256:67A46176C7A52EC3B68378C2ED5F034745DA868D2B253A6DBCB0D3BAAC82C342
                                          SHA-512:6710F12EDE88F1B0A7CD047E08E862E0F662E5B90CBF93F376EF38ACDB88E9118EDE93BF46E240DDEB39DADC5AF6A59B1E9337B671E3917F454E2B88F36C627B
                                          Malicious:false
                                          Preview:07:15:44.717.INFO.Signaling force websocket stop..07:15:44.719.INFO.Socket connected to getscreen.me:443..07:15:47.645.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:15:47.839.ERROR.WebSocket connection error getscreen.me/signal/agent..07:17:50.508.INFO.Signaling force websocket stop..07:19:56.266.INFO.Signaling force websocket stop..07:21:29.870.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:22:05.525.INFO.Socket connected to getscreen.me:443..07:23:35.823.INFO.Signaling force websocket stop..07:23:35.824.ERROR.Socket unable to read..07:23:35.824.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:23:41.252.ERROR.WebSocket connection error getscreen.me/signal/agent..07:25:41.597.INFO.Signaling force websocket stop..07:27:47.354.INFO.Signaling force websocke

                                          C:\ProgramData\Getscreen.me\logs\20240904.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):50557
                                          Entropy (8bit):5.0187763378197205
                                          Encrypted:false
                                          SSDEEP:192:8bvTdsrNt8ZMImQ+VLHWb3ljevyqhAEQUdn7uIaNcnjZshr5f3O4meUWQt46nNP/:GexqS951q1S0s7uta5CEl
                                          MD5:88684E6DA326F28BC979640FFB30C1D4
                                          SHA1:4FEF4AD9A8D7DAA3E6AADBF06AEF1F9F45CF7421
                                          SHA-256:2FD8341679DD54FF49FDDE1C090362955D7D8F01533F7457DFF3CB4E5721798F
                                          SHA-512:78DF832613FEC3C656647DBCDB2CA56FDE534DEE9CE5608A30681B601181CA4E6285ADAD4C40BE50DB7B8B41CEE4E52E63E4B69061714B51C6A349714E7CA3A8
                                          Malicious:false
                                          Preview:09:44:10.010.INFO.Signaling force websocket stop..09:44:10.033.ERROR.Socket unable to read..09:44:10.033.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:44:10.033.ERROR.WebSocket connection error getscreen.me/signal/agent..09:46:15.801.INFO.Signaling force websocket stop..09:48:21.574.INFO.Signaling force websocket stop..09:50:06.974.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:50:17.083.INFO.Socket connected to getscreen.me:443..09:52:11.803.INFO.Signaling force websocket stop..09:52:11.803.ERROR.Socket unable to read..09:52:11.803.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:52:24.105.ERROR.WebSocket connection error getscreen.me/signal/agent..09:54:17.577.INFO.Signaling force websocket stop..09:56:17.327.INFO.Signaling start connection to 'getscre

                                          C:\ProgramData\Getscreen.me\logs\20240906.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):89963
                                          Entropy (8bit):5.015232674707016
                                          Encrypted:false
                                          SSDEEP:768:ReHIZHKR8iXDDMqyqyDBtuz9CsKJi3BQD/DtU2P8kA:ofDMVqyDB4z9VKJi3B68L
                                          MD5:92A02EA4C06C01B3F75395CB0604AB15
                                          SHA1:C6F0940B4199282413708EE466F17C639CF93B8C
                                          SHA-256:A6B35B08DEC7E9F63EADD7F0EECC2E892EE1E12561D044EFE45410A25B2F0A21
                                          SHA-512:2917D505B0B53B137D795D89908242BAB92890A13EFB45FB4BC78959C6AB3F5E464F254A75B4F1687795AF0869F81417C811A09C80E0034E23EBC50206C71823
                                          Malicious:false
                                          Preview:23:26:53.606.INFO.Signaling force websocket stop..23:26:53.608.INFO.Socket connected to getscreen.me:443..23:26:53.617.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:26:53.617.ERROR.WebSocket connection error getscreen.me/signal/agent..23:28:56.799.INFO.Signaling force websocket stop..23:31:02.563.INFO.Signaling force websocket stop..23:31:42.079.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:31:51.224.INFO.Socket connected to getscreen.me:443..23:33:46.715.INFO.Signaling force websocket stop..23:33:46.715.ERROR.Socket unable to read..23:33:46.715.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:33:50.979.ERROR.WebSocket connection error getscreen.me/signal/agent..23:35:52.498.INFO.Signaling force websocket stop..23:36:31.823.INFO.Signaling start connecti

                                          C:\ProgramData\Getscreen.me\logs\20240908.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21396
                                          Entropy (8bit):5.0075591110697815
                                          Encrypted:false
                                          SSDEEP:192:g0tHzTAYbs0oF96qSuFvpyoqrvUyWeKa33ZM4s9wKVxKk8qNqiNkXh5CU0GKHBgD:gku2vUymzp/eY5R8h36X8V
                                          MD5:743F62824AA1C71817AAC5255B24F7EC
                                          SHA1:22D8227251619CB3DD1416C9CF6DA66BEC31C633
                                          SHA-256:8A721624059FF51D63CCFC70B86E724353E67EF5B17FF7F10A09D9DA090E7A14
                                          SHA-512:1F7A7C85EA1A0862D3625DEE5BD860CD104F1A48080520D94CBEFD552E4122F9F069577C784E8584C61477D0C0BB0DAE24A6DB1A350D447EC519712E3461A1D0
                                          Malicious:false
                                          Preview:21:42:53.983.INFO.Signaling force websocket stop..21:42:54.014.INFO.Socket connected to getscreen.me:443..21:42:56.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:42:57.330.ERROR.WebSocket connection error getscreen.me/signal/agent..21:44:59.807.INFO.Signaling force websocket stop..21:47:05.566.INFO.Signaling force websocket stop..21:47:39.268.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:48:15.725.INFO.Socket connected to getscreen.me:443..21:49:45.444.INFO.Signaling force websocket stop..21:49:45.444.ERROR.Socket unable to read..21:49:45.444.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:49:55.327.ERROR.WebSocket connection error getscreen.me/signal/agent..21:51:51.215.INFO.Signaling force websocket stop..21:53:56.974.INFO.Signaling force websocke

                                          C:\ProgramData\Getscreen.me\logs\20240909.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2770
                                          Entropy (8bit):4.99345816292862
                                          Encrypted:false
                                          SSDEEP:48:w2/vIdNEvDc9AwN4D54fSaN3D9667mNQDy2kKNLDOGY:ZXIY4Sv4fLnq2k7GY
                                          MD5:DCFD9CC559D209F5B74C3DC6EA15B3D5
                                          SHA1:43E67DBF9D1B8FC83C8E07DAAC4892012367787A
                                          SHA-256:8F162B29157DB8100510C98D9C53476104B9FFAEDBB2DDBF9A641380A4F544C8
                                          SHA-512:A0889BE3C3E7B2471CA0375255701282EB25FE73B8ECFB2CBE8E19E85743AA9DFD085E428439E9DABF14D196EA67658EE8B496019F40FF619FE8ED4E4C2F6EA3
                                          Malicious:false
                                          Preview:02:12:59.855.INFO.Signaling force websocket stop..02:12:59.856.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:13:01.055.INFO.Socket connected to getscreen.me:443..02:15:05.688.INFO.Signaling force websocket stop..02:15:05.688.ERROR.Socket unable to read..02:15:05.689.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:15:05.689.ERROR.WebSocket connection error getscreen.me/signal/agent..02:17:11.486.INFO.Signaling force websocket stop..02:17:15.541.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:17:15.580.INFO.Socket connected to getscreen.me:443..02:19:21.562.INFO.Signaling force websocket stop..02:19:21.563.ERROR.Socket unable to read..02:19:21.563.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:19:21.563.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20240911.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):105926
                                          Entropy (8bit):5.019180444543156
                                          Encrypted:false
                                          SSDEEP:768:xKYTwseIHUdrHbBtDEkTrBs4mwbEWJQTr2NzJ07cyZT5cJ:xKY+IHUdrH91EkTrxBScyZT5cJ
                                          MD5:84D840D0BF64815C5E9DD9CBB9744F22
                                          SHA1:9576DE5C7F16BC7C1BB8EBC813976C49BBA2F825
                                          SHA-256:2316E0479C0F20FE2A6A2704FC1F763F10043B0A10AFE3814F4A807C47F6815C
                                          SHA-512:092330E1CEC2F87619A0FA0B8FB58FB57C37E9890BB3CB2913F8ED7D55DC54DEB1A260B506D14DE0424DD35F93FCF1C8F00C0DF756A22BBDE0C718C76C49B6BE
                                          Malicious:false
                                          Preview:05:55:37.690.INFO.Signaling force websocket stop..05:55:37.774.INFO.Socket connected to getscreen.me:443..05:55:37.777.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:55:37.777.ERROR.WebSocket connection error getscreen.me/signal/agent..05:57:43.560.INFO.Signaling force websocket stop..05:59:49.319.INFO.Signaling force websocket stop..05:59:53.374.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:00:09.294.INFO.Socket connected to getscreen.me:443..06:01:59.357.INFO.Signaling force websocket stop..06:01:59.357.ERROR.Socket unable to read..06:01:59.357.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:02:07.977.ERROR.WebSocket connection error getscreen.me/signal/agent..06:04:05.128.INFO.Signaling force websocket stop..06:06:10.886.INFO.Signaling force websocke

                                          C:\ProgramData\Getscreen.me\logs\20240913.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):41714
                                          Entropy (8bit):5.019394783872464
                                          Encrypted:false
                                          SSDEEP:384:TB17oECoIYpzMsjCnwMT5nFisafRKBTfdl:tp0YpzMsjrQisaf6l
                                          MD5:AA5E5B253487599574720DE867C2A634
                                          SHA1:8C948A5F01905A02A952E85B74066F73DB052F0E
                                          SHA-256:6A32D836F45087689368E847C2A6D957DEFF3B0EBA7161D59C42056E7FC7614C
                                          SHA-512:0123345521467CE26FB6030F267886529BA6DC6D5CFE1CE8531535FC2C2A4041F4677CCB69CE390DFBCC27CD0F7736A8DB236B4620B3284E08DD9FFEAF062F2E
                                          Malicious:false
                                          Preview:09:47:45.091.ERROR.Socket unable to read..09:47:45.176.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:47:45.176.ERROR.WebSocket connection error getscreen.me/signal/agent..09:49:50.970.INFO.Signaling force websocket stop..09:50:52.022.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:52:04.108.INFO.Socket connected to getscreen.me:443..09:52:56.426.INFO.Signaling force websocket stop..09:52:56.427.ERROR.Socket unable to read..09:52:56.427.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:52:56.427.ERROR.WebSocket connection error getscreen.me/signal/agent..09:55:02.206.INFO.Signaling force websocket stop..09:57:07.968.INFO.Signaling force websocket stop..09:57:18.805.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:57:34.725.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20240914.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204787
                                          Entropy (8bit):5.017585652144424
                                          Encrypted:false
                                          SSDEEP:1536:Qo3CJH6AAs07Hhd3fMKg8mg+W/5+vUm2O:QoyJiB9fMKg8/Rm2O
                                          MD5:26B8847070D312EF6365AA758C7035F2
                                          SHA1:CBAA36531BE910886FA2E3B8F40C1D2278CD2DC5
                                          SHA-256:663584C5EF9B05B4F12FB7EDE65FABEB19E5E42A53F5C92DFF3568380805C4EA
                                          SHA-512:330A7FB46EEB300982C0ECF818A866165F47A565D2D093A102D378B8F2F49E7BD7BDE7DF69645D170D7858AD1622E1E09444F2201D9BAD32777BCB5AC079F0B3
                                          Malicious:false
                                          Preview:18:40:32.427.INFO.Signaling force websocket stop..18:40:35.733.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:40:35.765.INFO.Socket connected to getscreen.me:443..18:42:40.451.INFO.Signaling force websocket stop..18:42:40.465.ERROR.Socket unable to read..18:42:40.465.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:42:40.465.ERROR.WebSocket connection error getscreen.me/signal/agent..18:44:46.236.INFO.Signaling force websocket stop..18:46:50.379.INFO.Signaling force websocket stop..18:48:34.233.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:48:34.278.INFO.Socket connected to getscreen.me:443..18:50:38.509.INFO.Signaling force websocket stop..18:51:38.492.ERROR.Socket unable to read..18:51:38.492.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                          C:\ProgramData\Getscreen.me\logs\20240915.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):45615
                                          Entropy (8bit):5.014043077333676
                                          Encrypted:false
                                          SSDEEP:384:lpzkZD7OCCsdNOgL9yFzBF2nB/FE0gzCjFokFD+:lpzKCoNOgcFzBUnB/FE0gzCjFokFa
                                          MD5:49C43124C7E7F5D4C256942B9839AF21
                                          SHA1:794BCD82794E8A29F428DBB98B0D25E000D0D292
                                          SHA-256:381CB65DDF72E67AAD796BA45515A19C504644DBF075FC89AC9ADE520BD240F8
                                          SHA-512:0E65CB3767192F262C2EFEFFD79236B1C1EDEC9738A8D8E61EBF40ECAB64E2E51A49C0C72529C23AC273C54E6132B3729E640A0CC94E77CB607983AAE76B38E1
                                          Malicious:false
                                          Preview:17:14:57.155.INFO.Signaling force websocket stop..17:14:57.144.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:14:58.214.INFO.Socket connected to getscreen.me:443..17:17:03.021.INFO.Signaling force websocket stop..17:17:03.021.ERROR.Socket unable to read..17:17:03.021.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:17:03.021.ERROR.WebSocket connection error getscreen.me/signal/agent..17:18:28.866.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:20:00.502.INFO.Socket connected to getscreen.me:443..17:20:33.056.INFO.Signaling force websocket stop..17:20:33.057.ERROR.Socket unable to read..17:20:33.057.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:20:33.058.ERROR.WebSocket connection error getscreen.me/signal/agent..17:22:38.817.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20240917.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2371
                                          Entropy (8bit):5.002175777107603
                                          Encrypted:false
                                          SSDEEP:24:G9DBDAA9StrOGe/tv89DAAstm20Ge/QtvLvDAAutCvGezFtv7mZxDAAyitdXGeqZ:aDm5MyDGlFTDwRmIxDEiuyaVD1T
                                          MD5:BB06153EFA6F5AC1255ABE672EC53B65
                                          SHA1:6A553075FCC869C2B8FC13913CA30B0E188EAB62
                                          SHA-256:27154D1F94297029541F11E2DCFB94F1F0B5A76B1781BA97D7EAC7D8655EF6FC
                                          SHA-512:8468A2418C51372FEA08029C582EBCA928484EAE32BA26321DF3A95BDBA719EBDB77FF8D739270EC537B82DB9916C399328303BFEB6D065D1B7969E655D0385C
                                          Malicious:false
                                          Preview:06:07:38.774.INFO.Signaling force websocket stop..06:07:54.686.ERROR.Socket unable to read..06:07:54.686.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:07:54.686.ERROR.WebSocket connection error getscreen.me/signal/agent..06:10:13.565.INFO.Signaling force websocket stop..06:11:59.181.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:12:05.153.INFO.Socket connected to getscreen.me:443..06:14:43.842.INFO.Signaling force websocket stop..06:14:44.695.ERROR.Socket unable to read..06:14:44.695.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:14:46.629.ERROR.WebSocket connection error getscreen.me/signal/agent..06:17:03.451.INFO.Signaling force websocket stop..06:17:34.313.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:17:58.180.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20240919.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2575
                                          Entropy (8bit):4.986747688300458
                                          Encrypted:false
                                          SSDEEP:48:HmHeHmDERxOxv36RXDGM42YaDODgMDB+qQwDvT:HfxO5G4t1DB+2T
                                          MD5:DC90B0CFAFF5042E1007403D10FA5068
                                          SHA1:61D0D3FB2D462C3273612ED53CDD4500ACDAE04B
                                          SHA-256:6F7A7EF67EEDA26F500894F2998DD2019E832D7B0F15A0B0A072E4106EA82580
                                          SHA-512:B76590D4C9937F63D0EEB5E7C81D4588DE23E4E4677A2C97EEA398891ECA3561F6BD9BC167474E9EBC5B3F56DA9381C7956F5CA9EDA2DD67AEC3142C5D3B1AC1
                                          Malicious:false
                                          Preview:09:48:00.275.INFO.Signaling force websocket stop..09:48:23.770.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:48:58.085.INFO.Socket connected to getscreen.me:443..09:50:41.833.INFO.Signaling force websocket stop..09:50:55.220.ERROR.Socket unable to read..09:50:55.220.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:50:55.220.ERROR.WebSocket connection error getscreen.me/signal/agent..09:53:14.083.INFO.Signaling force websocket stop..09:53:55.411.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:55:29.635.INFO.Socket connected to getscreen.me:443..09:56:06.104.INFO.Signaling force websocket stop..09:56:11.361.ERROR.Socket unable to read..09:56:11.391.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:56:11.391.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20240921.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):766
                                          Entropy (8bit):4.992300888754201
                                          Encrypted:false
                                          SSDEEP:12:kKaChktvvPCMKTifiEQj8P40ei+q5pKwqXCh9hMQKBe5:kXGktvXCMgifiEDAniLprqXG7MQ55
                                          MD5:FC84F628DB3D01B4C458C095F41C6A18
                                          SHA1:91C02A61824F758E38C4549585B40330208DE228
                                          SHA-256:0775A445652430D54B3EB0FFB8875BD1EADE9E7C1F98D98F4B58D34DC34E8932
                                          SHA-512:BDE2F0CF7AC2EF9F7BD5180A7461040DD621602D6858A7443ED38E00CB7CDFAB9FD085031C50F2AEE937011632084029ACA491EB34DD27DA70B43141948ECC6A
                                          Malicious:false
                                          Preview:13:30:28.649.INFO.Signaling force websocket stop..13:30:35.118.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:31:16.152.INFO.Socket connected to getscreen.me:443..13:32:53.745.INFO.Signaling force websocket stop..13:32:54.476.ERROR.Socket unable to read..13:32:54.597.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:32:54.607.ERROR.WebSocket connection error getscreen.me/signal/agent..13:35:24.238.INFO.Signaling force websocket stop..13:37:33.367.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:39:50.359.INFO.Signaling force websocket stop..13:42:09.237.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20240923.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3558
                                          Entropy (8bit):4.995866972947563
                                          Encrypted:false
                                          SSDEEP:48:DqV2Dq4Q+hDSDsHlOitmFAxDsSkeaDO/wv3Dmb+0gHDr6v6BbJQRDSt9g3:u/4QQDXlOec0kWoybBsgIQ09m
                                          MD5:AD20E8E32F7877B83B24753180DD5B7B
                                          SHA1:D2E2B36D238466C857A2684D8DE52B362854E594
                                          SHA-256:424DC5E7DA96A76F8E395DBFA3EE4B1B9BF51411E085BF70C278CF6A04CC4220
                                          SHA-512:C97EF6EC83702060EDB5EAF12D4B81C74122F42EB1D71D9513F7ADFA01F17F8C6C9C301D24A30E9B61219B8DA5138DBF38D0779B515A300950CF6E05D1E6EABF
                                          Malicious:false
                                          Preview:16:58:08.865.INFO.Signaling force websocket stop..17:02:58.972.INFO.Socket connected to getscreen.me:443..17:05:17.576.INFO.Signaling force websocket stop..17:05:18.628.ERROR.Socket unable to read..17:05:18.628.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:05:18.628.ERROR.WebSocket connection error getscreen.me/signal/agent..17:07:37.113.INFO.Signaling force websocket stop..17:08:04.434.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:08:21.134.INFO.Socket connected to getscreen.me:443..17:10:22.287.INFO.Signaling force websocket stop..17:10:24.030.ERROR.Socket unable to read..17:10:24.502.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:10:24.502.ERROR.WebSocket connection error getscreen.me/signal/agent..17:12:34.597.INFO.Signaling force websocket sto

                                          C:\ProgramData\Getscreen.me\logs\20240925.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1377
                                          Entropy (8bit):4.979774094919425
                                          Encrypted:false
                                          SSDEEP:24:tJDAgvbVY2G+XtvKXkODAgD5bV5uG+5VtvZiNDAgpbVKeG+AP2tvv:3DpvbVYv+diDpNbV5H+5HRADppbVK3+l
                                          MD5:EC87E0162163853652D10CE5B8A04D38
                                          SHA1:13C23C8A77DA67D614DDF9E5DEFE5EBA01A99D54
                                          SHA-256:DFFE1E3EBE1EA3E3301909CC90DFA682C8F411E0AD434C7CDCB621A86355AF07
                                          SHA-512:F03CD369B3DFA76688E0B4FD287CEE0841B123EBCA527CCFFD4BBF184F32613DF105E1E8F67CEDC53308FB211220C9517C11835DC4D40BC92FF21D58904F0E4C
                                          Malicious:false
                                          Preview:20:48:40.674.INFO.Signaling force websocket stop..20:48:42.829.ERROR.Socket unable to read..20:48:42.829.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:48:42.829.ERROR.WebSocket connection error getscreen.me/signal/agent..20:50:19.457.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:50:19.699.INFO.Socket connected to getscreen.me:443..20:52:36.543.INFO.Signaling force websocket stop..20:52:37.035.ERROR.Socket unable to read..20:52:37.055.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:52:37.055.ERROR.WebSocket connection error getscreen.me/signal/agent..20:54:36.611.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:54:36.852.INFO.Socket connected to getscreen.me:443..20:56:46.074.INFO.Signaling force websocket stop..20:56:46.125.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20240928.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.961579549405247
                                          Encrypted:false
                                          SSDEEP:12:XC2/Qj8P40O5UASChxLAtvv9vX3Qj8P40x65G2jXChttvvn:Xh/DA7UBGxLAtvVP3DA+SG2jGttvv
                                          MD5:DCDEE577027CAB7C2C0EEA576E4F1687
                                          SHA1:65A66555335B09001C3AA476B118305EB5EE8E86
                                          SHA-256:C254E289888B37D380EB7AC42859B2FCB7C08D6F710C7C8DECAD0BC3E8DF1735
                                          SHA-512:3A3AEDBF8D6B92167255E967FF08A9EFA741CCFFA956C3FAAF85925C809E5985772069F71A18C693F565A86EE9977FAB77862E827E8FA25E222C8D4AECF3C41B
                                          Malicious:false
                                          Preview:00:13:34.071.INFO.Signaling force websocket stop..00:13:39.435.ERROR.Socket unable to read..00:13:39.435.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:13:39.435.ERROR.WebSocket connection error getscreen.me/signal/agent..00:14:52.880.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:14:58.922.INFO.Socket connected to getscreen.me:443..00:17:10.947.INFO.Signaling force websocket stop..00:17:11.028.ERROR.Socket unable to read..00:17:11.028.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:17:11.048.ERROR.WebSocket connection error getscreen.me/signal/agent..00:19:21.196.INFO.Signaling force websocket stop..00:19:45.947.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:19:46.859.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20240930.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2978
                                          Entropy (8bit):4.985519985215204
                                          Encrypted:false
                                          SSDEEP:48:O3DW9lsDLReFL3DSV1EfD4ygPnKuBDPm3vV0GcDL/C3:p9sRLV1NygPnBK/K/s
                                          MD5:AFF115878AEA024A63255B0501249C20
                                          SHA1:9F25314414D813DB28B09346357EAB2640415F6A
                                          SHA-256:D9C880A674AAE258067812CBCD6B8D0D0676A230EDCC1FE1C613740E41F1EC6D
                                          SHA-512:011CCCF54EFF2F77ECB7557359A9D83204D7ECF720EBF68AB38405A741A37EB364C4F5C314B3544E97665C92B6BA0E203080B565E5BE23890D4AFCDE5D1A66FE
                                          Malicious:false
                                          Preview:03:34:50.850.INFO.Signaling force websocket stop..03:34:52.711.ERROR.Socket unable to read..03:34:52.711.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:34:52.711.ERROR.WebSocket connection error getscreen.me/signal/agent..03:36:48.664.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:36:59.347.INFO.Socket connected to getscreen.me:443..03:39:06.534.INFO.Signaling force websocket stop..03:39:06.925.ERROR.Socket unable to read..03:39:06.975.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:39:07.179.ERROR.WebSocket connection error getscreen.me/signal/agent..03:41:25.693.INFO.Signaling force websocket stop..03:41:59.000.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:43:06.731.INFO.Socket connected to getscreen.me:443..03:44:09.740.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241002.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4120
                                          Entropy (8bit):4.996393902556766
                                          Encrypted:false
                                          SSDEEP:96:N/ZcU2MS55xocRnrg1CU03aG9CN13PR2MRg+:NZc9MS5TocRnrACU0XCj352+g+
                                          MD5:F24991643B9745107200818BAB72FE2E
                                          SHA1:3018413995812D912D846F6CF4D4D8C34EE48FE6
                                          SHA-256:50EA538BE252276E09CF55D6A9EA9298245544326CA65102CB89AAE322369483
                                          SHA-512:DB2D6C8457206AE090A61D9A8A122BD6BE2468801B2DAA1C6E956394BAECF592EE69D896892592DF1EA2E434517740E710F912652C231A1D55DCB76B02BC669F
                                          Malicious:false
                                          Preview:07:18:00.557.INFO.Signaling force websocket stop..07:18:06.676.ERROR.Socket unable to read..07:18:06.676.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:18:06.676.ERROR.WebSocket connection error getscreen.me/signal/agent..07:20:16.671.INFO.Signaling force websocket stop..07:22:13.165.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:22:21.558.INFO.Socket connected to getscreen.me:443..07:24:31.093.INFO.Signaling force websocket stop..07:24:31.484.ERROR.Socket unable to read..07:24:31.534.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:24:36.248.ERROR.WebSocket connection error getscreen.me/signal/agent..07:26:50.344.INFO.Signaling force websocket stop..07:28:31.293.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:28:34.066.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20241004.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7644
                                          Entropy (8bit):4.998688305175491
                                          Encrypted:false
                                          SSDEEP:192:wj9cvnShRqTe5bnsuGNvWguN7zNHbr5ffD1AjFaT:xzvWg8N
                                          MD5:5AF9017BF03AED7739F6BD7E6D38EE26
                                          SHA1:885DAC6A1E58CA7C25F0951D6BDCEA061AD595B9
                                          SHA-256:DBF3822A1B90FA7FE521149E861942651D79630B876ADDA1594C96D56ED7F873
                                          SHA-512:9C7BE1A98FF960102499FB31F1F256A90BAEF2EB6BE8955C7428D285682FCC6ADC617DA8991EF1675C61A191C34DEC55C478D7ADA1CC8F2BE62964F1A30E630F
                                          Malicious:false
                                          Preview:11:19:50.250.INFO.Signaling force websocket stop..11:19:56.068.ERROR.Socket unable to read..11:19:56.069.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:19:56.069.ERROR.WebSocket connection error getscreen.me/signal/agent..11:22:08.767.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:22:18.626.INFO.Socket connected to getscreen.me:443..11:24:26.435.INFO.Signaling force websocket stop..11:24:29.042.ERROR.Socket unable to read..11:24:29.042.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:24:29.042.ERROR.WebSocket connection error getscreen.me/signal/agent..11:26:42.339.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:28:03.004.INFO.Socket connected to getscreen.me:443..11:28:53.035.INFO.Signaling force websocket stop..11:28:53.085.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20241006.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.699297571580032
                                          Encrypted:false
                                          SSDEEP:6:ru2XIX+WgIJUUfyk2XIXNLD4EQ8ymeXdzvRWl8Rvvn:r5KfynChRymeXtvvn
                                          MD5:AB9F254543334C18E880C2873CE44F28
                                          SHA1:8A535A6880660ECE2F3166D2D08A0428E98EFB8F
                                          SHA-256:CD945DB182D82FA7E122959B657C2329B5158B94E5B5F90AB7488E2772201BA9
                                          SHA-512:F04EBDAF1C4C885C32039225E1FA10462E7238FB15CE2EDD65831F10D40C4BFC117BA416F01655D7FB655F8D2689E0A8763CAFD7749C355A4F7006F48E782B0B
                                          Malicious:false
                                          Preview:15:55:53.845.INFO.Signaling force websocket stop..15:56:41.551.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:56:41.791.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241008.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.988452320110477
                                          Encrypted:false
                                          SSDEEP:12:5uKzcOQj8P40Icn5gurXKgChlB/QtvvOQqs2KMfdQj8P40o5T:5uycODABc5guTJGlBItvWJs2HDAlT
                                          MD5:2D05A397CA5D247BE6886B166BAF12A2
                                          SHA1:29A153F261805559484255826D62EC16C4AC1BD0
                                          SHA-256:1AD52E5C87FE1FE4A345076EF988E9CE976C77BB190B527350DD1A3A366FDDD0
                                          SHA-512:D87A3A65C35DB90C07B11C5C3BD4F15A087C428BCDEA0D0EFE028366009D7DF34214D5E945EBEFC4613075DA12F7D655F7C16DC40EDBD7C6CE4639BFF1ACBDC2
                                          Malicious:false
                                          Preview:19:13:01.171.INFO.Signaling force websocket stop..19:13:05.933.ERROR.Socket unable to read..19:13:05.983.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:13:05.983.ERROR.WebSocket connection error getscreen.me/signal/agent..19:15:16.123.INFO.Signaling force websocket stop..19:16:17.103.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:16:24.370.INFO.Socket connected to getscreen.me:443..19:18:36.026.INFO.Signaling force websocket stop..19:18:36.637.ERROR.Socket unable to read..19:18:36.637.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:19:11.530.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241010.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1234
                                          Entropy (8bit):4.9756966075173015
                                          Encrypted:false
                                          SSDEEP:24:4/GZtvq3DAMbwniGMtvK5DAyb4HGcatvv:VrqDhbED88D3bZv3
                                          MD5:4E59A58BCDFFED9F77ED04D3AE08B7CA
                                          SHA1:989DF2A7127F617CE88587F614597655DDA21CC7
                                          SHA-256:1E8F7A824C92EBB44ACEE153794695D60F6166ABE4839C8C6E6B918219D5E286
                                          SHA-512:CED507EA9DA345CC4AB44975D7CEC2162AEB3CF5DB6B98EB1871ADD0C265960078AC573A73909CE6003C4DEEBBF88AC898C864C0E1633D762B2EA90017233DBB
                                          Malicious:false
                                          Preview:22:34:11.072.INFO.Signaling force websocket stop..22:36:06.064.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:36:19.984.INFO.Socket connected to getscreen.me:443..22:38:23.820.INFO.Signaling force websocket stop..22:38:25.113.ERROR.Socket unable to read..22:38:25.133.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:38:25.133.ERROR.WebSocket connection error getscreen.me/signal/agent..22:40:43.760.INFO.Signaling force websocket stop..22:42:31.981.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:43:39.659.INFO.Socket connected to getscreen.me:443..22:44:42.820.INFO.Signaling force websocket stop..22:44:43.961.ERROR.Socket unable to read..22:44:43.961.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:44:43.961.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20241013.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.895429329955082
                                          Encrypted:false
                                          SSDEEP:6:4e7R2XIX+WgIJU3Wf9ZEMhWf97Uud2M0CCQP5K0CA9Wf97QDNBQEQ4:pQg07BQj8P40x9a765T
                                          MD5:6FF790ABEDD55579310C92080697CD69
                                          SHA1:E03DD0AFE4F947D62E12395F21C9E857045EBECB
                                          SHA-256:1F4C3AD4AFCBF4C420CC05515A33E9FAE43BF6395F2AC7043DCB79A0B564B85F
                                          SHA-512:3C7482D15B8E426B32BE3720BA77B2E2FABD6955A6D2ADC7C00F20BF0A6E2FE84AA75F39ACB1622082AF5D0668DABDDE9124BBF35DCF32307B53027D21359AFA
                                          Malicious:false
                                          Preview:02:02:55.217.INFO.Signaling force websocket stop..02:03:02.824.ERROR.Socket unable to read..02:03:02.844.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:03:02.844.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241015.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3753
                                          Entropy (8bit):4.987048549240524
                                          Encrypted:false
                                          SSDEEP:96:qBL9Lfy4I4/aY9phaeS1DoPABlbrLL30m/:KBu4zyWpCNEQtX30m/
                                          MD5:F1EF71486A4E09B36D77C21D51AB4186
                                          SHA1:5822ABB5B56CE6FD8C2E3FAFE1FEC6C0B06E07AE
                                          SHA-256:75CF95BB89C671C2605B4FCA9BC020F82061E7603D482653BEC4706D0C2A6B3D
                                          SHA-512:3435F0E58713B49515E5C5753A21391EF29BF131485132A28223A1938DE592153B6AE980B96157A78B4EFD835307EC34FEDF1A5B09968E502FD9D88AFB31E635
                                          Malicious:false
                                          Preview:05:19:24.956.INFO.Signaling force websocket stop..05:21:13.335.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:21:28.150.INFO.Socket connected to getscreen.me:443..05:23:31.268.INFO.Signaling force websocket stop..05:23:31.899.ERROR.Socket unable to read..05:23:31.909.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:23:31.909.ERROR.WebSocket connection error getscreen.me/signal/agent..05:26:37.685.INFO.Signaling force websocket stop..05:28:56.469.INFO.Signaling force websocket stop..05:28:59.090.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:29:08.258.INFO.Socket connected to getscreen.me:443..05:31:17.510.INFO.Signaling force websocket stop..05:31:18.661.ERROR.Socket unable to read..05:31:18.661.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                          C:\ProgramData\Getscreen.me\logs\20241017.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:4LwLHKiXINF+WgIO0/Vyn:4LCXXIX+WgIJUn
                                          MD5:26CB23E785887AE78E613AB1B93D34D4
                                          SHA1:DD726385508030B07FE54F9F68413BC0A6BC46F8
                                          SHA-256:0A9AACF77284DF43AA83252C8D9F8F3A7508B9AB05679473646B5059052A760A
                                          SHA-512:AC2FA8FB9A3DD8BFF66860DA09D9DF9CC46EA42D6319B5D844B88DD6332EF75A9C7353B77CF1E4F9B37DB6B0DB0819AAF41AC8DE3A4CAA10E276F835DAE53821
                                          Malicious:false
                                          Preview:09:17:07.869.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241019.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):714
                                          Entropy (8bit):4.952578092543362
                                          Encrypted:false
                                          SSDEEP:12:cPQj8P40nG45+Chntvvr2KDB3SB3RQj8P40n6B3q5T:cPDAZE+Gntvq2sRDA5CT
                                          MD5:29E17F1702B8DDB7CC1CF6DB56250052
                                          SHA1:68B09216BECEB6B83C49E34696B252E75B4C8BC9
                                          SHA-256:D907EB39395E1039D6C1AF1136CEB0D215D34868BD9A06A9DC9083F2B9A31DA4
                                          SHA-512:A0D14269B578238D66EDB693C21ECA0C005301CEC6C9D4BE79148B3C20887DAB39C62F672E0F301BB09670B4B6AC630E65C572BB8099DAAD336F9FBFE816FC39
                                          Malicious:false
                                          Preview:12:31:39.102.ERROR.Socket unable to read..12:31:43.021.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:31:43.021.ERROR.WebSocket connection error getscreen.me/signal/agent..12:33:26.227.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:34:31.381.INFO.Socket connected to getscreen.me:443..12:35:37.094.INFO.Signaling force websocket stop..12:35:37.440.ERROR.Socket unable to read..12:35:37.440.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:35:37.440.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241021.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.768393609741683
                                          Encrypted:false
                                          SSDEEP:6:n6tXIX+WgIJUUjxm9mXIXNLD4EQoks2dzvRWl8Rvvn:6tKjxkmChNZ2tvvn
                                          MD5:B63DB2BA273F337CCD1BABFB231430B2
                                          SHA1:4763119151625B6A7189473C5D31F132B8CE40F2
                                          SHA-256:EA9A7D558EB1178030FFE7601585A3B76499CD8B25A9018F2F75128CEFB6EA59
                                          SHA-512:2D666BF9B15F4A6522AE3BF47251DF883CAF9F22AFE34BB8C44E8A6ABA02F3595647B4306D2041607F9C03494D8BC7842F587B8836C228FA27E7EF371F1E8644
                                          Malicious:false
                                          Preview:15:50:50.059.INFO.Signaling force websocket stop..15:52:20.209.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:52:27.186.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241023.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.770942421748538
                                          Encrypted:false
                                          SSDEEP:3:FpaXXINF+WgIO0/Vyn:TaXXIX+WgIJUn
                                          MD5:910D7B19AC3CA44D5B481F1A4BFF2DFE
                                          SHA1:FA0CF2E078DD96177DC448BC4A49453D752199EE
                                          SHA-256:3686103DC935E92B3260560EB5B3D0B8AD242332AB875678D26D00FA8057E416
                                          SHA-512:B5ACBFEF3748322C0F165C0CBE3D201B12812694B878F670B814FD655E27BFFFBC3DF618455A1491AEB196F8E0D24DDF9CF6C7310CBE726FD228C79C32F9E41C
                                          Malicious:false
                                          Preview:19:08:21.733.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241025.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51
                                          Entropy (8bit):4.250281714265991
                                          Encrypted:false
                                          SSDEEP:3://FwSc3XKZA12n:6HMB
                                          MD5:2F7AF6453D240581B161C213A2AE7EC8
                                          SHA1:4ECBB0BF80739B8F3998831F232C45B56722A9F0
                                          SHA-256:E64571F72D4DBED555096A558175495DA034A1EA5506FA173934BEAAF4112DED
                                          SHA-512:91F5CE7B49DFA1092DFE88D4378CC104DA210D496D1CC11FB97C769C44DFB556F670C1C0D422B140B7632C85EC838271AE99B57F556AE5CD3E2BB9C6FB57BFE8
                                          Malicious:false
                                          Preview:22:22:55.367.ERROR.Socket unable to read..

                                          C:\ProgramData\Getscreen.me\logs\20241028.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):5.001132617533766
                                          Encrypted:false
                                          SSDEEP:12:TXb6Qj8P40cNPn5kbM32g5GXrtChditvvR7n2g58Z58G6Qj8P40NGb5T:TuDANNP5kbRauGditv92ak56DAftT
                                          MD5:326C2A6845152B3431A4D9BC560C72C0
                                          SHA1:9520B131D3AD35271D2ABBD094AA80BF1CD805C5
                                          SHA-256:EA92852836FF67E9A911DCA9EE4FAEFA51BCA14CC48A1602D02A2E0D0D5CDE58
                                          SHA-512:D8D654E0253E1314ACC0E281378BA8D1AA01CC601CFB03E6EE8619D701DD0E55B7D14E045CC54EEFACC487FB9AA8ABEE44DE2AEDA0D1F6169D2AF55CCD134E67
                                          Malicious:false
                                          Preview:01:37:31.192.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:37:42.267.ERROR.WebSocket connection error getscreen.me/signal/agent..01:39:49.714.INFO.Signaling force websocket stop..01:41:35.799.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:42:35.828.INFO.Socket connected to getscreen.me:443..01:43:46.394.INFO.Signaling force websocket stop..01:43:46.504.ERROR.Socket unable to read..01:43:46.505.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:43:46.505.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241030.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5665
                                          Entropy (8bit):4.993719809997311
                                          Encrypted:false
                                          SSDEEP:96:nxx1GHi4HHh5aUF3QQ9+wcGy486iU/8bpuikdSK9SR5ZD40bR1xQoT:x7NiHh5buAJZy4diCUw6SM5hplQoT
                                          MD5:87B7EBCE827A77E8D01E2E5ADE20B356
                                          SHA1:1BB75BB78D002B2BBCFFD5E5A11F5A5213EA5A07
                                          SHA-256:5F423BC861D5961F40695B0DE040A74B68E34C9CAF24E66F7E40A9B5531901E6
                                          SHA-512:210B00FECD1F6523A2347F397C0323555C1DA18307C4D87E9FA6570D6D33E7F9A930456919C9F3499548D29B1780C93CD28169555332799072233328FE48B5AB
                                          Malicious:false
                                          Preview:04:58:36.907.INFO.Signaling force websocket stop..05:00:45.627.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:00:58.440.INFO.Socket connected to getscreen.me:443..05:03:03.997.INFO.Signaling force websocket stop..05:05:18.982.ERROR.Socket unable to read..05:05:18.992.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:05:18.992.ERROR.WebSocket connection error getscreen.me/signal/agent..05:07:37.564.INFO.Signaling force websocket stop..05:09:56.082.INFO.Signaling force websocket stop..05:10:11.776.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:10:19.691.INFO.Socket connected to getscreen.me:443..05:12:28.887.INFO.Signaling force websocket stop..05:12:29.339.ERROR.Socket unable to read..05:12:29.339.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                          C:\ProgramData\Getscreen.me\logs\20241101.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.721748002067049
                                          Encrypted:false
                                          SSDEEP:3:4F9Esns2XINF+WgIO0/Vyn:4FGIs2XIX+WgIJUn
                                          MD5:35B9474304B8129B862E950DAB50A824
                                          SHA1:FBA85A2FA1246DFC1C1E4D08B843747EF28E281F
                                          SHA-256:8F3E784CF8CF6781A715C30ACD38CEB07BD73800827FA85F0A54337CE92ABA02
                                          SHA-512:CFEEA8998D54AB3E1AEA88C0C133D0466356FCA496F03505356A15FA614D423E99EA473C436D63C286339B8A395D6C87F04F808150381C491EDBCAE2A6577396
                                          Malicious:false
                                          Preview:09:19:08.205.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241103.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.755868332477252
                                          Encrypted:false
                                          SSDEEP:6:OuifmXIX+WgIJUUuSLR2r2XIXNLD4EQrXdzvRWl8Rvvn:tiuKTLy2ChYtvvn
                                          MD5:78C2BFD93445CF61B1192A0E08E0C73A
                                          SHA1:9ED194117847AF1DDE9A305C5DC2FCDDAC3ADFB4
                                          SHA-256:EA799378D2C24D183E63B7A45025C7E8F99574FCF2256AAC64BE4C18DD6A5045
                                          SHA-512:461139DF108AF9F1B3377F6FFCF5AD84FC742666FE6090408A3106E83FE1AC65A12161F0C9B37794EE1B426AEDDFC560A700DA7FF63DB63BB78D34762ACFA6D6
                                          Malicious:false
                                          Preview:12:34:10.509.INFO.Signaling force websocket stop..12:35:26.456.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:35:32.032.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241105.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.979647561644875
                                          Encrypted:false
                                          SSDEEP:12:L9KdKeQj8P40f52EAKjnChPwtvvyr2KlURQj8P4015X2Chntvvn:L9w9DAEwyGPwtvnqURDAKmGntvv
                                          MD5:C7F526483DF898649AB9502280C2A964
                                          SHA1:BD99182C8B5138E06EEC897DD3C7361EAC453A08
                                          SHA-256:9E0BC9F4157B6DFC782C03C874F9A54FCFD5162CBAF8EC26423FB06AC9977B45
                                          SHA-512:7D3D192B26D4C86BFF1BD47F90220CC83096E76679D0546FE8E99136AD63D8BC82A6D03FABB21E28415F8D2FB96AE23226746CC73E2CE4FB02E45B41F60EAEDB
                                          Malicious:false
                                          Preview:15:50:07.557.INFO.Signaling force websocket stop..15:50:10.565.ERROR.Socket unable to read..15:50:10.586.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:50:10.586.ERROR.WebSocket connection error getscreen.me/signal/agent..15:52:29.332.INFO.Signaling force websocket stop..15:52:48.227.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:53:53.638.INFO.Socket connected to getscreen.me:443..15:54:59.064.INFO.Signaling force websocket stop..15:54:59.208.ERROR.Socket unable to read..15:54:59.208.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:54:59.413.ERROR.WebSocket connection error getscreen.me/signal/agent..15:57:05.384.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:57:12.029.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241107.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2004
                                          Entropy (8bit):4.989085235550647
                                          Encrypted:false
                                          SSDEEP:24:56RVzDAowgSGlP0tvW/iIDA1n+VvGGtvq3DA3MPGZItvPXkvBDAZvSEKh02GLtvv:50VzDXwMye/NDMneuq6Dahy8BD2SEh3
                                          MD5:C5569CF0B779B618A147B7BD489C822E
                                          SHA1:9BE535841387066212FBA6A6DC92F4CCBED67509
                                          SHA-256:061EF7C229E9EFC59783D5B4DFB894976BEF78D7B21F37014C7CC5D862AE51F8
                                          SHA-512:6AF60D1BD4159A1897A17EC6CC637D1A8EEA86EC9668B7CD246FFF3E70C125C9653A1C48FA61D6953E67E175FCD2FF1454F78A8E1DE1AD37D4BEAA6CBBF36A2C
                                          Malicious:false
                                          Preview:19:13:09.922.INFO.Signaling force websocket stop..19:13:12.342.ERROR.Socket unable to read..19:13:12.342.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:13:12.342.ERROR.WebSocket connection error getscreen.me/signal/agent..19:15:15.494.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:15:19.140.INFO.Socket connected to getscreen.me:443..19:17:24.074.INFO.Signaling force websocket stop..19:17:24.094.ERROR.Socket unable to read..19:17:24.095.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:17:24.095.ERROR.WebSocket connection error getscreen.me/signal/agent..19:19:42.815.INFO.Signaling force websocket stop..19:21:35.941.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:21:48.130.INFO.Socket connected to getscreen.me:443..19:23:54.381.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241109.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):5.006520796353616
                                          Encrypted:false
                                          SSDEEP:6:F+TR2XIX+WgIJUFblMDbbud2M0CCQP5K0C+lbfDNBQEQ4:F+127bUb6Qj8P40Zbb5T
                                          MD5:FD94D8DF7F5813164E103AC14CA52FD6
                                          SHA1:CA425555B46839C01A6E86C548BBD1C6C403BF52
                                          SHA-256:DDC7EB662BD5A8039F97D84E631815A6BC8C07B5A2B7BD8C5EEBDFE25BE0D9B5
                                          SHA-512:631509DE7F1F8BB997F3BC2E27A18F5311CA91812CE3B97BE03BF907A2CC90F70F82E4689779F329F6C7A63000BC44D814A896286002028479F52EE344DD0AF1
                                          Malicious:false
                                          Preview:22:49:14.586.INFO.Signaling force websocket stop..22:49:17.307.ERROR.Socket unable to read..22:49:17.338.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:49:17.338.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241112.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.77669504853356
                                          Encrypted:false
                                          SSDEEP:6:IcNQXIX+WgIJU3Qfx54X2XIXNLD4EQLyfiH4qXdzvRWl8Rvvn:hi+fbs2ChayfiYmtvvn
                                          MD5:CED167DB36C2DAAF45365413F5F9A153
                                          SHA1:5F563E6B27884C7C88707A87267320FC9883A13E
                                          SHA-256:63AD91D8952B1AFBAF20C2AC314006A8A8BFAC23113AA496F45DB415950093AE
                                          SHA-512:8D322DF9E289FD984FE832FE247C912DA5AF087884DBCD640C8D14E7F81443E4619436AB07B45635F34F3A42E9A073849AEC694651DCEDF7AD8978F41C725AD1
                                          Malicious:false
                                          Preview:02:03:55.928.INFO.Signaling force websocket stop..02:05:19.104.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:05:21.689.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241114.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.920734705480115
                                          Encrypted:false
                                          SSDEEP:6:0F1S9X2XIX+WgIJU6RZkMsfZLHud2M0CCQP5K0CxLDDNBQEQ4:a1gX2ku9OQj8P40un5T
                                          MD5:25E966B355158DA6070EB1413558DA63
                                          SHA1:CECA7B5B9DEEDAC3F2E26AB3F360D21C317B5F53
                                          SHA-256:023363DBFD2648837D50E95F3685E2E5504F2A17B1E47CBEBDA762AA79B1D7F4
                                          SHA-512:CD7715079A1939C2EB3B9E8CBA5778BD3E1EF94C29D0660C38C5C3F59FDB0E1CA0C00ED4F7876CDD7AAE3BE59E76726ECE20694914C6273D3F8972CF4042FB41
                                          Malicious:false
                                          Preview:05:20:51.524.INFO.Signaling force websocket stop..05:20:53.473.ERROR.Socket unable to read..05:20:53.483.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:20:53.483.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241116.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.784790560564949
                                          Encrypted:false
                                          SSDEEP:6:OKRyr2XIX+WgIJUtcdQXIXNLD4EQBE2dzvRWl8Rvvn:BfEyChP2tvvn
                                          MD5:D283426CF84B88C144B507DC69D98189
                                          SHA1:05855B470FC7C3C9DB9DE73EEE772B25B3976AAE
                                          SHA-256:DE07DAFBACBA02AC9552849BC4A4464AFA8B3C0D098871793BDBF2D25F8CFC92
                                          SHA-512:34F8276A0B0B519F2F84B224E6807575ECB9D58531A3DC8933F5ED3A60621F164BBE60A208A28A560032C41222C71ADC52C56F39655D0B3A9875038B387F9BD0
                                          Malicious:false
                                          Preview:08:35:44.517.INFO.Signaling force websocket stop..08:37:08.698.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:38:11.936.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241118.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4610
                                          Entropy (8bit):5.0004400124814135
                                          Encrypted:false
                                          SSDEEP:96:G7Eudmp3CBodjbqM7iUAlPkkhs4IMZKFgP0K0M05foSZbRT:qEudmp3CBodjbqM4lMAsTMZKFL5v5foc
                                          MD5:9D2B96D4B2DF64A78D4262E2A2C046A3
                                          SHA1:2646E110AB5D8D1E7A5721E29B0A8561269D000A
                                          SHA-256:63ED227B5865F293080181321D152D2C8DD9CEE9BBCD89551C87D6222DDCC2B2
                                          SHA-512:170184DC2D686B6A3F341E1927FC92E2D38C28CB992D55AEF11435C1D57775D2F778346BEA85462A82E32FF4678DFE7B1D1F05186EB4B3AF54AA2C1F9F27699B
                                          Malicious:false
                                          Preview:11:52:46.587.INFO.Signaling force websocket stop..11:52:49.086.ERROR.Socket unable to read..11:52:49.116.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:52:49.116.ERROR.WebSocket connection error getscreen.me/signal/agent..11:54:36.728.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:54:42.291.INFO.Socket connected to getscreen.me:443..11:56:53.875.INFO.Signaling force websocket stop..11:56:54.126.ERROR.Socket unable to read..11:56:54.176.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:56:54.176.ERROR.WebSocket connection error getscreen.me/signal/agent..11:59:11.233.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:59:19.769.INFO.Socket connected to getscreen.me:443..12:01:46.712.INFO.Signaling force websocket stop..12:01:46.842.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20241120.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2152
                                          Entropy (8bit):4.994697666688938
                                          Encrypted:false
                                          SSDEEP:24:3/GRtvK4DA4nn2GGtvNwNDAq62GRFGtvjXfDAJbx2GfstvfBDA2gI2G42tvv:uzpDpnnvqkDP6vRFq7DQ1vfcBDvJvZ3
                                          MD5:FB642979A26743DE7258C0C27480F2AA
                                          SHA1:287C0F8278348686C691A6C7130E23929AB6BE9B
                                          SHA-256:40072A1EC87502D3B3F49235FE2EBAD276AB573DA9846A9AF60A184E3CD897FB
                                          SHA-512:5A871122CEA575475D89D44E04AAA1DC42ADA9E06098FF1E55852EAD05F72CE6B3D00A658D3855EC9AC5541BA7AE8C304902CC5F8AD105EC3D18955C565C16FB
                                          Malicious:false
                                          Preview:15:47:42.543.INFO.Signaling force websocket stop..15:48:36.794.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:48:36.829.INFO.Socket connected to getscreen.me:443..15:50:45.190.INFO.Signaling force websocket stop..15:50:45.671.ERROR.Socket unable to read..15:50:45.672.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:50:45.672.ERROR.WebSocket connection error getscreen.me/signal/agent..15:52:30.996.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:52:36.122.INFO.Socket connected to getscreen.me:443..15:54:47.711.INFO.Signaling force websocket stop..15:54:48.483.ERROR.Socket unable to read..15:54:49.094.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:54:49.094.ERROR.WebSocket connection error getscreen.me/signal/agent..15:56:36.124.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241122.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):882
                                          Entropy (8bit):5.031946947380156
                                          Encrypted:false
                                          SSDEEP:24:85bfIbf6DAwbftZ32GlXEtvvpn2JKdXDAhE6N5:Cw6DLtRvlXknpn4K9D4Rf
                                          MD5:AD7C5320BDDA58FA598C1CEEDBA2F364
                                          SHA1:90F8850A201D484A07E21E426BB1A97976F61199
                                          SHA-256:5A5EB0D195ACA561CF9442E634CEA756031A7313470D7758BA00D9E67AAE7714
                                          SHA-512:C6AFA321FE93CE76BBD501F9519447225FC6E1F8A4FB8703C287AD94E8A99613556D126F44CD505413BD670703A638184177A1642A983391F579CB7CD22AA53C
                                          Malicious:false
                                          Preview:19:24:48.565.INFO.Signaling force websocket stop..19:24:52.187.ERROR.Socket unable to read..19:24:52.187.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:24:52.187.ERROR.WebSocket connection error getscreen.me/signal/agent..19:27:10.920.INFO.Signaling force websocket stop..19:28:20.246.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:29:42.815.INFO.Socket connected to getscreen.me:443..19:30:30.716.INFO.Signaling force websocket stop..19:30:30.786.ERROR.Socket unable to read..19:30:30.826.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:30:35.744.ERROR.WebSocket connection error getscreen.me/signal/agent..19:32:49.258.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241124.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.965892904989129
                                          Encrypted:false
                                          SSDEEP:12:BVChyzXtvvB/R2/a+Qj8P40d35bKj9mChfdTtvvn:BVGyzXtvJ/Q/a+DAmJbU9mGFTtvv
                                          MD5:7FC8614F869E5A4421C74F98421291FB
                                          SHA1:CE6409671042CEE3C0D6DA225697DA35B9E953D6
                                          SHA-256:A2796EF1E536EC4D608C4A3B0C5A99C3C3B28C98DB138D7D8AC32D7BA624336F
                                          SHA-512:7BA80AFB25C215B75307DCF726F4632046F74D9B878E4D17CDEF7897999BA163ECBB0EBE1A86E86EC377DF26C564C27EF7B029712D7BA3E678380565F204534C
                                          Malicious:false
                                          Preview:22:47:19.002.INFO.Signaling force websocket stop..22:47:27.348.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:47:44.583.INFO.Socket connected to getscreen.me:443..22:49:58.224.INFO.Signaling force websocket stop..22:49:58.896.ERROR.Socket unable to read..22:49:58.896.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:49:58.896.ERROR.WebSocket connection error getscreen.me/signal/agent..22:52:07.081.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:52:39.113.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241127.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1948
                                          Entropy (8bit):4.985575230814001
                                          Encrypted:false
                                          SSDEEP:24:6X2VRDAvDz2G84XtvlcBDAA2G42tvlVxoDAccOQGPtvlGtCnLDAjIgXGxQtvv:6XERDCfv84dNSDRv4aNgDlFlNlDx1xA3
                                          MD5:2ADAA1E98E013B626573B6172F2591B3
                                          SHA1:7FBACF5058989D225DD97B45013E9ACC3F57CB1A
                                          SHA-256:9E156A808A10077BAF6731A13004F566EA7FACA00910554C03285DA98A6351EB
                                          SHA-512:61C43C76F80A793D72F91EE39552BAEA5ADD5DA9DBB7836914F6A2DEF4FE4EB3AD176379FCA11D65027EDD7B6559B0C06932426AADB5DF2ED78866E2C97AE9CD
                                          Malicious:false
                                          Preview:02:07:44.846.INFO.Signaling force websocket stop..02:07:51.668.ERROR.Socket unable to read..02:07:51.688.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:07:51.698.ERROR.WebSocket connection error getscreen.me/signal/agent..02:10:14.582.INFO.Signaling force websocket stop..02:11:23.766.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:11:28.455.INFO.Socket connected to getscreen.me:443..02:13:48.778.INFO.Signaling force websocket stop..02:13:49.099.ERROR.Socket unable to read..02:13:49.129.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:13:51.582.ERROR.WebSocket connection error getscreen.me/signal/agent..02:15:55.240.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:16:12.606.INFO.Socket connected to getscreen.me:443..02:18:20.349.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241129.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.951412598902365
                                          Encrypted:false
                                          SSDEEP:6:0zaLSeIXXIX+WgIJU6cBKHMsfKHud2M0CCQP5K0COBgDNBQEQYKRcs2XIXNLD4E5:7QkiKnpQj8P40DU5QR0ChTEmtvvn
                                          MD5:A86D9C477D9F4221A2A1DE361101DAFD
                                          SHA1:F4AD19245D29AD455AE785CA476EB6A5282ED553
                                          SHA-256:750CB042E4814838020AE79749DD2BDF722CF23DBF8D267E18DBB43182D6958E
                                          SHA-512:6E45EA2AA11B97AF9BF39CCADFC5917978707BBB31DB165B0F20852185C4A462ED08C1F0CC308394A587E4E13D1D9AF95E0E225EED95067BE9DA1938170CE5EB
                                          Malicious:false
                                          Preview:05:40:27.789.INFO.Signaling force websocket stop..05:40:30.839.ERROR.Socket unable to read..05:40:30.889.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:40:30.899.ERROR.WebSocket connection error getscreen.me/signal/agent..05:42:19.505.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:42:26.245.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241201.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):4.960496644751313
                                          Encrypted:false
                                          SSDEEP:24:gTRiDAy8wQGgtvO21tDDAug80zn2UFGnKWtvDSbRR2s6DAY2stT:gTADHzQGWD8F6K67S1RODH5T
                                          MD5:F94C17E6CA7C14224B26A728B48D98D4
                                          SHA1:AC4B8297B32E54E56EEB8DB87DA13578DFED68D2
                                          SHA-256:6F79157EED26EFD2C392FBADB7B23E153F296A2768314B1C62F7FFD55274B1A0
                                          SHA-512:C8D554B49493FCDA2B6F0520DDD176E77FB9F5620C079E80D6A3E8C245CA79BC2B131BB9A28CA36E58EBADA18F286DDA286FE5ED703E55ACD7499F9E132644AD
                                          Malicious:false
                                          Preview:08:58:56.585.INFO.Signaling force websocket stop..08:59:00.464.ERROR.Socket unable to read..08:59:00.494.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:59:00.494.ERROR.WebSocket connection error getscreen.me/signal/agent..09:00:40.445.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:01:46.508.INFO.Socket connected to getscreen.me:443..09:02:54.236.INFO.Signaling force websocket stop..09:02:54.617.ERROR.Socket unable to read..09:02:54.657.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:02:54.657.ERROR.WebSocket connection error getscreen.me/signal/agent..09:05:19.976.INFO.Signaling force websocket stop..09:06:36.749.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:06:41.743.INFO.Socket connected to getscreen.me:443..09:09:01.748.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241203.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1122
                                          Entropy (8bit):4.967137280435574
                                          Encrypted:false
                                          SSDEEP:24:Mq2qFGNtv522v5qDA+9+GktvQQQdDA6nGwQtvv:M4ovB2W5qD19XE4DfGT3
                                          MD5:3DC04771CF1B1CD87744946F5CDFD63F
                                          SHA1:301F01720DD07EABB140B5C03B89F1ED0230199B
                                          SHA-256:2B63029F9A949C71CD8214D94D9E31C3A113EA6FC1A67F35A70DBB7BA018DA69
                                          SHA-512:C278F95570AAB227752DADFE473A8FBC399AB72D9D9D05FBF2536C76BCB6919926040EED274B98B8C2E6C7CE999D11C03B10799C1F2689F9E0EDCE11F5CF0043
                                          Malicious:false
                                          Preview:12:24:52.152.INFO.Signaling force websocket stop..12:25:01.531.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:25:10.711.INFO.Socket connected to getscreen.me:443..12:27:33.995.INFO.Signaling force websocket stop..12:27:34.126.ERROR.Socket unable to read..12:27:34.136.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:27:34.136.ERROR.WebSocket connection error getscreen.me/signal/agent..12:28:46.805.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:28:51.758.INFO.Socket connected to getscreen.me:443..12:31:10.722.INFO.Signaling force websocket stop..12:31:10.983.ERROR.Socket unable to read..12:31:11.015.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:31:11.015.ERROR.WebSocket connection error getscreen.me/signal/agent..12:32:46.751.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241205.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.92974133787488
                                          Encrypted:false
                                          SSDEEP:6:qojmXIX+WgIJUUdfjHMQfjHud2M0CCQP5K0C9fjDDNBQEQ4:ZjmKtJ6Qj8P40ib5T
                                          MD5:54F22EFB3289DDA3770427782E248C16
                                          SHA1:50103D8734BDCD3A4CF548C3973C98BBFEAC568A
                                          SHA-256:9B2F7971D1DEEB86CBBC45470B097F8C24484E27AA4D211693A9CBC0422E5BB6
                                          SHA-512:F9A45D33E0D019D2F74FA9859D30CA9010B1EC3932EB0AADD7EA4DD57F922BF0EF3837877EA4186D132C0FBE0BDE0FE27E2CEFC1FE45FA2E48E92050C8F98548
                                          Malicious:false
                                          Preview:15:49:03.048.INFO.Signaling force websocket stop..15:49:05.413.ERROR.Socket unable to read..15:49:05.413.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:49:05.413.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241207.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):260
                                          Entropy (8bit):4.827391756819531
                                          Encrypted:false
                                          SSDEEP:6:UMRiXIX+WgIJUUGXIXNLD4EQ4mdzvRWl8RvvFMN2XIX+WgIJUn:U7KGChGtvvM25
                                          MD5:62461852C77D47950E82F52583D78F60
                                          SHA1:9D38A5B6AD22E9473C6B37DFF0A6A5FF8A690FE6
                                          SHA-256:B4C797D809B84D5491B78D8F1E35D034859453A85A75945CABD4A62682F6CC04
                                          SHA-512:FF6583C397B13896FE8CB8CF85B5486E6BBAC36C7539FE676F50CACC69FB409ADC9DB522D6AFD95402D34BEE86BBF88B75BC146510251166CEE6ACEB96344F99
                                          Malicious:false
                                          Preview:19:05:23.428.INFO.Signaling force websocket stop..19:05:32.018.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:05:42.743.INFO.Socket connected to getscreen.me:443..19:07:55.851.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241209.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):255
                                          Entropy (8bit):4.77771210085788
                                          Encrypted:false
                                          SSDEEP:3://CI3EKZA12Hf98BqH+//KKX76VyITHiC1uPLRyOML0Hi+V8BqDAUOg1MGXAELD/:yIUM5ud2M0CCQP5K0C+vDNBQEQ4
                                          MD5:7F116DDB74F003AC971E67F836B917D4
                                          SHA1:701EFD9ED4B40BDF09143A999C8A58DB49E52471
                                          SHA-256:8624AB71EE0F86EE61002B96F5BEA276826AB5E1D6BD003EF0CE515796AFCED0
                                          SHA-512:69F4AE651D0CBDC08E856F2AB1EB58D39E5504ED892682E4E0ACC62663CAEAD1EA00E309C410C6CFF126372773DBF9C7E31458767869E12B2FA21022749C2872
                                          Malicious:false
                                          Preview:22:22:52.838.ERROR.Socket unable to read..22:22:55.258.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:22:55.258.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241211.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.953819343658458
                                          Encrypted:false
                                          SSDEEP:12:TLgYaXCh564tvvNog5Gqaj5GmQj8P40pv5kXmChy2tvvn:TL6G59tv+aBatHDAykWGltvv
                                          MD5:04E6D4478D219D3A0D2FA3FF67824581
                                          SHA1:C4315002919AB8C27351F8B003482F27AB94E09F
                                          SHA-256:95AFDA5734DE33CBE8C8684B62A4F5FFD8E0FAF28661BDD6EE2EC8F39A0CBD2C
                                          SHA-512:D2FE3D8F79B71FAF096CAC9955C80CBE7E0917D02EDB1D3193D1A3D95B1EBC3CDECCE80834EBEC6B2AC0CA8E5BA60111E45A8135DECB626DDFA7165AEB9AA69D
                                          Malicious:false
                                          Preview:01:38:17.782.INFO.Signaling force websocket stop..01:38:48.075.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:39:54.587.INFO.Socket connected to getscreen.me:443..01:41:02.358.INFO.Signaling force websocket stop..01:41:02.539.ERROR.Socket unable to read..01:41:02.579.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:41:02.579.ERROR.WebSocket connection error getscreen.me/signal/agent..01:42:28.242.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:42:30.754.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241214.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.896922556471835
                                          Encrypted:false
                                          SSDEEP:6:W5iXIX+WgIJU3HMaud2M0CCQP5K0CG4DNBQEQ4:TN0Qj8P40y5T
                                          MD5:21C85EA802F131C1C65F75CF1D2892D5
                                          SHA1:99A1CCBEB65B7A2F63684044EDBA9F2578466C33
                                          SHA-256:DC8B7A88C7A6BDF8F07A398E87AAAC5A7737274EC38D77E4BDD454271BC6C7CA
                                          SHA-512:EDB36E2FE469F8663F68B7F39D78D88150C82979D7D8BF7C6F2CBFE9EA6024701A9C8BF85836DAF43A09486B55777D7381042F5628A6262473BD0E84928BC18A
                                          Malicious:false
                                          Preview:04:58:03.658.INFO.Signaling force websocket stop..04:58:08.019.ERROR.Socket unable to read..04:58:08.049.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:58:08.049.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241216.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2264
                                          Entropy (8bit):4.992387696379808
                                          Encrypted:false
                                          SSDEEP:48:M9dQbDeCvw0uSKDpwcUp1lNSsNyD4NFMTDtDzdQl3:KzYOwZMTpdQB
                                          MD5:17394F0F61E54B9E5879B0758B753EC7
                                          SHA1:D8E80A900A3919B914BB3765908683D20D3181C2
                                          SHA-256:1F397EAE2B59FC65EAF16135EF16F024A22B2357D103F463F9F5128FBC956125
                                          SHA-512:618F267FAE19198FAF8CEED3D750AA96291F10931AEB274016590877CF07E54C5A2ADD2D69FF61CA6F687F5F3219AA6ACD089888C18A475FEBB64FB676C9B4A4
                                          Malicious:false
                                          Preview:08:13:49.133.INFO.Signaling force websocket stop..08:13:50.722.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:13:50.899.INFO.Socket connected to getscreen.me:443..08:16:04.551.INFO.Signaling force websocket stop..08:16:04.782.ERROR.Socket unable to read..08:16:04.822.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:16:04.832.ERROR.WebSocket connection error getscreen.me/signal/agent..08:18:29.840.INFO.Signaling force websocket stop..08:18:29.826.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:18:34.738.INFO.Socket connected to getscreen.me:443..08:20:55.130.INFO.Signaling force websocket stop..08:20:55.557.ERROR.Socket unable to read..08:20:55.577.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:20:55.577.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20241218.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.986091922892463
                                          Encrypted:false
                                          SSDEEP:12:62KAIQj8P40K5NChLTtvvTKwctQj8P40+p5lUChMitvvh+5:d1IDALNGLTtvbqDAjflUGMitvZ+5
                                          MD5:0429DAB8625C4E7D5509A87C86D21AD5
                                          SHA1:5602D81EC1F8EF3146337A530F4A6C54F9AFC820
                                          SHA-256:F30CB296F9052E8B96EB5E945EE44AF7A90E188477A639019EFADC0F6EF42C9D
                                          SHA-512:D059AC314B41D98AD3112D5C090ADB25C8050A6B60BD2132D297E6857B38344D935D73DE7AB5238DC1E102987EB57A2DE3BD547A8D9C23B39592A5773F92E928
                                          Malicious:false
                                          Preview:11:49:25.784.INFO.Signaling force websocket stop..11:49:29.755.ERROR.Socket unable to read..11:49:29.785.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:49:29.785.ERROR.WebSocket connection error getscreen.me/signal/agent..11:51:48.979.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:51:49.863.INFO.Socket connected to getscreen.me:443..11:54:58.317.INFO.Signaling force websocket stop..11:55:00.090.ERROR.Socket unable to read..11:55:00.130.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:55:00.130.ERROR.WebSocket connection error getscreen.me/signal/agent..11:57:14.492.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:57:17.633.INFO.Socket connected to getscreen.me:443..11:59:38.159.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241220.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9908
                                          Entropy (8bit):5.01328190565219
                                          Encrypted:false
                                          SSDEEP:192:JrDg7EDrKy4lnwq2yvM9T9eR0ARoMxU7GbG9GiG2mF4Lsjcu7d8j2nsZ:ZUTnqsr2l
                                          MD5:FB4196445D95E34B213780A74A5E7E7A
                                          SHA1:77907E2DFD1BB762A264F60E7BD46327E748D61F
                                          SHA-256:206AAA98F5274544DF7102362805DCE5D518FB015DA2154D55DF628B7FC015D1
                                          SHA-512:C3396155345D2F1D9192E0439BFAE99EEC5291DC831FA3355055D255D4B64B6A47DE49D48FFB88829E63173C5B710233B74286B8A11BA238F05E98F38BB4C8A1
                                          Malicious:false
                                          Preview:15:14:06.091.ERROR.Socket unable to read..15:14:23.159.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:14:23.159.ERROR.WebSocket connection error getscreen.me/signal/agent..15:16:48.426.INFO.Signaling force websocket stop..15:18:24.975.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:19:34.364.INFO.Socket connected to getscreen.me:443..15:20:39.063.INFO.Signaling force websocket stop..15:20:44.091.ERROR.Socket unable to read..15:20:44.091.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:20:44.091.ERROR.WebSocket connection error getscreen.me/signal/agent..15:23:09.433.INFO.Signaling force websocket stop..15:24:17.393.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:24:39.613.INFO.Socket connected to getscreen.me:443..15:26:41.558.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241222.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1368
                                          Entropy (8bit):4.984902738991674
                                          Encrypted:false
                                          SSDEEP:24:jZDAgBbVzG+IXtv0YDAgnbVhxG+JtvWhDAg1bV10GY:dDpBbVK+Id/DpnbV++bUDp1bV1pY
                                          MD5:DE64FDE794740DBE7CC6EBCD68E0C894
                                          SHA1:CBED0415200A216A365C6A2D620FCEA78C241A45
                                          SHA-256:87F0139FF62F6891D255028032EF75A387C788097D243261B32B6DAE7725A2D2
                                          SHA-512:8B3287256F13B1EA1573C94288C0B491A1376039DAF89C14B8DAC82D9BB711A1F8D3DBB5BF00E30A3363E6DDBF27F4FDFFE25304E317E61D527EE0505533922E
                                          Malicious:false
                                          Preview:20:10:47.393.INFO.Signaling force websocket stop..20:10:52.465.ERROR.Socket unable to read..20:10:52.465.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:10:52.465.ERROR.WebSocket connection error getscreen.me/signal/agent..20:12:31.578.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:12:36.055.INFO.Socket connected to getscreen.me:443..20:14:43.460.INFO.Signaling force websocket stop..20:14:43.721.ERROR.Socket unable to read..20:14:43.771.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:14:43.771.ERROR.WebSocket connection error getscreen.me/signal/agent..20:17:09.189.INFO.Signaling force websocket stop..20:17:34.927.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:17:42.779.INFO.Socket connected to getscreen.me:443..20:19:59.019.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20241224.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):325
                                          Entropy (8bit):4.975279641231304
                                          Encrypted:false
                                          SSDEEP:6:EWXXIX+WgIJUGvZTdzvRWl8RvvEJbud2M0CCQP5K0CHJgDNBQEQ4:NYRtvvO6Qj8P40gK5T
                                          MD5:D0911ED13E7753339062F8CDB6642F53
                                          SHA1:C3AE3C74C74E1942269E1CD3B2BB0D7647F7799E
                                          SHA-256:B00D86523E242CB07354CBBA0B0EE197226D3CE1AE83658ACF2515BA06DB5B64
                                          SHA-512:884BB7830CBE6A030178EFE55BA5F7E07675762FDECB76C03510196371529DA60007C475D7E2E3502990CE3BE0B84A211B3C8249EF36E57759B9AC49F58D3637
                                          Malicious:false
                                          Preview:23:35:38.113.INFO.Signaling force websocket stop..23:35:38.123.INFO.Socket connected to getscreen.me:443..23:35:41.578.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:35:41.911.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20241226.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.757462287781333
                                          Encrypted:false
                                          SSDEEP:3:yVf7rsriXINF+WgIO0/Vyn:yVz42XIX+WgIJUn
                                          MD5:7B3FB11643692C6A79009387487EC7B5
                                          SHA1:A5DD06FC36E27856E72EEDAD55BCE8073714BD6F
                                          SHA-256:82E5B73801CC323D24C9A09D91073EA7D64A78C547606E32F8AF81F60D45EF4F
                                          SHA-512:FECC91A69560855025A7CBD2846CD870E3828DEFFA81DCCB6409424A4E5250DBA6E145DE6F4FA0C51BC134B6391107D28DD6A3B2AFDACA6AD685D6C3184C61AE
                                          Malicious:false
                                          Preview:02:50:18.093.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20241229.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.7612771709466655
                                          Encrypted:false
                                          SSDEEP:6:rSLcXIX+WgIJU9TwXIXNLD4EQPoeP2dzvRWl8Rvvn:r4cvTwCheok2tvvn
                                          MD5:D15E5039B6C2BADE366B29415D60664C
                                          SHA1:430A375D02CEBC518496A0BE6A1DAE473D185590
                                          SHA-256:6E3CB4DC4294E59F353564A5F35161C88BB502A11BEB9C4049D030A7BB0C66FF
                                          SHA-512:10EA47784080B6FF16E6B414D5E833CD9AE336AC1C05FA26A86B156530FDD1B7E781F2EAB02F2C36B22FEC720E699ABC30803CF115DFED6179B1AF4953528893
                                          Malicious:false
                                          Preview:06:05:17.253.INFO.Signaling force websocket stop..06:05:29.622.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:06:35.466.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20241231.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):770
                                          Entropy (8bit):4.998534217792812
                                          Encrypted:false
                                          SSDEEP:12:O2ouVuju6Qj8P40jjub58dcdChJ2XtvvaRcIXoZREZRjQj8P40eRU5T:Zp6DAZt8dcdGkXtvjQFDAcT
                                          MD5:9862009085A04E9011D18F7B053064C9
                                          SHA1:82465D406CB74FFBB90B0B70681A9BE9A744279D
                                          SHA-256:D18B2EDD6371E88C22B699B6469D1323C176F981D9A408FAEF769E39EC521F0A
                                          SHA-512:1D8D0A279FECB14A0F9CAD9E9A656A6679E9550CD03E7CCA3F0FF2A0243EF8BCE2A3720D2BE97BDCA294740B6A4A1CCDB32D5B9DDB13712E80A92B7E5BCD4603
                                          Malicious:false
                                          Preview:09:21:32.824.INFO.Signaling force websocket stop..09:21:35.733.ERROR.Socket unable to read..09:21:35.718.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:21:35.718.ERROR.WebSocket connection error getscreen.me/signal/agent..09:22:09.580.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:22:12.263.INFO.Socket connected to getscreen.me:443..09:24:33.375.INFO.Signaling force websocket stop..09:24:33.666.ERROR.Socket unable to read..09:24:33.666.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:24:33.666.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250102.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.990822606866405
                                          Encrypted:false
                                          SSDEEP:12:2qXKb7iChkzTtvvwAK+Qj8P40G5eWChJ9tvvnQKrxQj8P40C5T:2qXuiGk3tvnXDATeWGJ9tvPQoxDAPT
                                          MD5:94F9B4C153D4C2E81E7A2ADD6828F67A
                                          SHA1:A1D2AD16E6DBDEDA96AE4B78D644EA088C7742FB
                                          SHA-256:1B3A9F26F71934142642D7E2EC8702A8D0B7CC994162170177DFE396D2D7AD1E
                                          SHA-512:C1235B177D3EBDD8DD9EB37ED6B485B9B0131C58FAFA6593140FA831B0F186E66F389A84BA08BA7A86902DB3BFEB5B5BDACB2AFFD6CEF875F4088AC25020F86B
                                          Malicious:false
                                          Preview:12:39:46.367.INFO.Signaling force websocket stop..12:40:24.860.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:41:30.253.INFO.Socket connected to getscreen.me:443..12:42:38.702.INFO.Signaling force websocket stop..12:42:39.304.ERROR.Socket unable to read..12:42:39.304.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:42:39.304.ERROR.WebSocket connection error getscreen.me/signal/agent..12:44:19.925.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:44:23.732.INFO.Socket connected to getscreen.me:443..12:46:44.845.INFO.Signaling force websocket stop..12:46:45.076.ERROR.Socket unable to read..12:46:45.477.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:46:45.477.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250104.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1948
                                          Entropy (8bit):4.996896572382138
                                          Encrypted:false
                                          SSDEEP:48:U5S/80bDj4cQktDbqPXWXBD+XSRCANDRRwv2UDAT:UBJ4DePGIiRCCRamT
                                          MD5:58464477417F713C5B98501B3B636C15
                                          SHA1:6FCD8681F0967101BC7162F72804379E664E814F
                                          SHA-256:F1B40339DBA78F8C31944C518225189A7792B27A0B7D5F783EA22512F51E1F5D
                                          SHA-512:773A250546DD24370E337CD1F01E01BC35CD3748739185C69B1CD425CCBE6ADAE3524F96D021EE95F7EE4D85BC3FE7ECAD81057AAE937B1ADC4E8303CD42F5D5
                                          Malicious:false
                                          Preview:16:02:11.435.INFO.Signaling force websocket stop..16:03:41.772.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:04:47.188.INFO.Socket connected to getscreen.me:443..16:05:55.789.INFO.Signaling force websocket stop..16:05:55.935.ERROR.Socket unable to read..16:05:55.965.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:05:55.965.ERROR.WebSocket connection error getscreen.me/signal/agent..16:08:21.926.INFO.Signaling force websocket stop..16:08:56.351.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:09:01.971.INFO.Socket connected to getscreen.me:443..16:11:21.728.INFO.Signaling force websocket stop..16:11:22.079.ERROR.Socket unable to read..16:11:22.079.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:11:22.079.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250106.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):139
                                          Entropy (8bit):4.786395410060626
                                          Encrypted:false
                                          SSDEEP:3:FvYs2XINF+WgIO0/VyU7r4X2XINFDhL1JDEELD8Kru5:RYs2XIX+WgIJUUPs2XIXNLD4EQh
                                          MD5:AF204DC8FA8291CA2FB59DD3812C8BD5
                                          SHA1:4B53CE21E0AE00EDC1068FD117FFD72592A8A984
                                          SHA-256:D2AF44B1C3E1ABF132543FE77314152F96F3766995939C8D105E1A6A64268693
                                          SHA-512:75CB2614D143A4352F9013EF2CACA6764E400EE40E70BD1C1EC29B2E8B3C77066CE71839B1A79A153B2B54BF80245E1DF92B7858FDA045C3A63CD4520E64B4E9
                                          Malicious:false
                                          Preview:19:35:23.025.INFO.Signaling force websocket stop..19:35:54.634.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20250108.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1299
                                          Entropy (8bit):4.984449996024153
                                          Encrypted:false
                                          SSDEEP:24:b4l4tvEDAqbf2GImtvarWXvSJnDA08bsw2G1QtvPlDA8bVy5:bYYsDPbfvIKisGnDx8bswveFDdbo
                                          MD5:EFC2AD48202CBF96D8B21EE12D05B3D9
                                          SHA1:5A5331DD3AB4E19021B62B2AF3725A29AA1D3186
                                          SHA-256:D34F7AA47C9017B6F21324225D51D6D433FE7E079418C1C85BFF2755EEE65B37
                                          SHA-512:E32C958C2AAE75063FE8F5DCB699C38180D673646FC4E04BA33A0DB3A1E38DBB2ECFDEBD90CFFC1522EB53C0C046E6ACBE0866E3EE507A683B9036595C6C9245
                                          Malicious:false
                                          Preview:22:50:27.231.INFO.Signaling force websocket stop..22:50:27.231.INFO.Socket connected to getscreen.me:443..22:50:30.629.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:50:30.629.ERROR.WebSocket connection error getscreen.me/signal/agent..22:52:40.946.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:52:48.322.INFO.Socket connected to getscreen.me:443..22:55:06.539.INFO.Signaling force websocket stop..22:55:06.810.ERROR.Socket unable to read..22:55:06.840.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:55:06.840.ERROR.WebSocket connection error getscreen.me/signal/agent..22:57:01.056.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:58:03.092.INFO.Socket connected to getscreen.me:443..22:59:14.738.INFO.Signaling force websocket stop..23:01:56.538

                                          C:\ProgramData\Getscreen.me\logs\20250110.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.784585443016094
                                          Encrypted:false
                                          SSDEEP:6:2bXIX+WgIJUVKXIXNLD4EQLNidzvRWl8Rvvn:2bWChaNitvvn
                                          MD5:AFE08420E744B64A68770DB65B834457
                                          SHA1:5E417D685173198785314020D24AF9DD3F5F3A7C
                                          SHA-256:4A0A708D8D1A6A96C0BBF2F27003E80E182285E2CD9CF5C5AB0C4CD158897E48
                                          SHA-512:3388F58558788A06008BA7227217EA0CD6BEFD5992733AC02D75213DCC23DCC3DFF0E5CD27DD3332A921B67993083DBB9828676AB1BEBE5408E5217E499AF98D
                                          Malicious:false
                                          Preview:02:19:07.698.INFO.Signaling force websocket stop..02:19:17.600.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:19:18.511.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250113.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2510
                                          Entropy (8bit):4.988503010136967
                                          Encrypted:false
                                          SSDEEP:48:vwDzN0KrsaPBCwUDwEAOROMDzE51jp2NEDTkCvxjbnDAhY:vWN0aTVLO0O8j0OkCvN0hY
                                          MD5:CD0566038290BBA466D8516958AEE150
                                          SHA1:9C6CA38328A1CB4F10ADE285482882C8A19CD179
                                          SHA-256:C390982CF4975631EF9FBF06ABE528AE803F68BF737B828C4FE786D427C6EBBF
                                          SHA-512:13E4DFA10F520D8773485139C937E688373246F8C1F73EF52DED970F0D25098AF1567AB4ED3842B6EC3F7B4F5C8D94118B8B191E48AA078726C9BDA88950DA59
                                          Malicious:false
                                          Preview:05:36:01.052.INFO.Signaling force websocket stop..05:36:05.431.ERROR.Socket unable to read..05:36:05.431.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:36:05.431.ERROR.WebSocket connection error getscreen.me/signal/agent..05:38:30.632.INFO.Signaling force websocket stop..05:38:42.181.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:39:51.596.INFO.Socket connected to getscreen.me:443..05:41:06.020.INFO.Signaling force websocket stop..05:41:06.100.ERROR.Socket unable to read..05:41:06.140.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:41:08.358.ERROR.WebSocket connection error getscreen.me/signal/agent..05:43:31.417.INFO.Signaling force websocket stop..05:44:18.228.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:45:58.719.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250115.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2468
                                          Entropy (8bit):4.997878983541789
                                          Encrypted:false
                                          SSDEEP:48:2vrDsD8VbWeD/LuvpeDHCVaTgDtLX+YB4D6nM9XvY:VD8VbHLwSC1LuYBvnM9fY
                                          MD5:1CAC6039A0ECDD5221FEFEADE4657CB3
                                          SHA1:8E4614C778D85EF94DF80031591C7F8827CC9944
                                          SHA-256:D5B4CC436395EEBC0D4736CDAF01620313ACFA13A87E3185AB66C783E08B488B
                                          SHA-512:F5E87F9B0158AA7E79D195BCBEF66855BBFDCFEE472062579C45EEC1CF66A68310E88905F62CEEFEB8F6184BC56EECDA855D3FCB23B533FEEFD45995D6DD05A4
                                          Malicious:false
                                          Preview:09:16:40.906.INFO.Signaling force websocket stop..09:16:47.438.INFO.Socket connected to getscreen.me:443..09:16:59.037.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:16:59.037.ERROR.WebSocket connection error getscreen.me/signal/agent..09:19:24.284.INFO.Signaling force websocket stop..09:20:00.811.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:20:06.648.INFO.Socket connected to getscreen.me:443..09:22:24.017.INFO.Signaling force websocket stop..09:22:24.519.ERROR.Socket unable to read..09:22:24.569.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:22:27.449.ERROR.WebSocket connection error getscreen.me/signal/agent..09:24:36.421.INFO.Signaling force websocket stop..09:24:50.094.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:25:11.943.INFO.Soc

                                          C:\ProgramData\Getscreen.me\logs\20250117.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3950
                                          Entropy (8bit):5.004689265518205
                                          Encrypted:false
                                          SSDEEP:48:Sff4LDCqHfPDFK3f0+D/NAfljDVA3yfC507DuYW2GxdfItxDKkkWfE5ODy5GZdfN:SFqBKTNCNA3E7Gx0ckkV5L5Gh
                                          MD5:3C109EE2A60561E09827EB9B782F75E2
                                          SHA1:FE48B7DC590A88ADCAFC018605D1ADA3DD33F239
                                          SHA-256:9699FB94ED15E501EDE577C108D2728A5AF4F7C88B06D52983A5EEBDEADA0D0B
                                          SHA-512:F73E12A91564504E65F4E4A0E1022F763442D79FC6C9C4C4517F2B1ED2D0CC93B2D84C928876808C5573A0A58C79FC13FC8D6D28FE0A11099E56AE704466BAA2
                                          Malicious:false
                                          Preview:12:56:45.641.INFO.Signaling force websocket stop..12:59:00.433.INFO.Signaling force websocket stop..13:01:25.869.INFO.Signaling force websocket stop..13:03:51.060.INFO.Signaling force websocket stop..13:06:16.383.INFO.Signaling force websocket stop..13:09:27.492.INFO.Signaling force websocket stop..13:10:21.780.INFO.Socket connected to getscreen.me:443..13:11:52.919.INFO.Signaling force websocket stop..13:11:58.458.ERROR.Socket unable to read..13:11:58.498.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:11:58.508.ERROR.WebSocket connection error getscreen.me/signal/agent..13:13:55.759.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:14:09.187.INFO.Socket connected to getscreen.me:443..13:16:19.430.INFO.Signaling force websocket stop..13:16:20.502.ERROR.Socket unable to read..13:16:20.532.ERROR.SSL

                                          C:\ProgramData\Getscreen.me\logs\20250119.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):338
                                          Entropy (8bit):4.927130054486921
                                          Encrypted:false
                                          SSDEEP:6:BOxEMdbud2M0CCQP5K0CCgDNBQEQDLBmXIXNLD4EQh:UgQj8P40TK58LBmChY
                                          MD5:B9B7C9388AD9278C2D9EE9CB804855AA
                                          SHA1:556FB5177DDCB34ABD42BED4891DB4740864EDE2
                                          SHA-256:ABC37166591B2AEDA96F9E13099C0C4C8C2A15CF88C6BEA57D0B3CBF7A4C10B0
                                          SHA-512:300BA9B7310D4207227AAF9422F5BAB185701B4F23EE2E370A622A5F2962218AD35CEFCE639B5041C7EBA3161F68F7CD4BF687EE3CDA6CF0EBB406B94DF0831F
                                          Malicious:false
                                          Preview:17:05:35.062.ERROR.Socket unable to read..17:06:08.117.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:06:08.118.ERROR.WebSocket connection error getscreen.me/signal/agent..17:07:33.929.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20250121.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):325
                                          Entropy (8bit):4.8976568248787595
                                          Encrypted:false
                                          SSDEEP:6:tSTXIX+WgIJUNVdzvRWl8RvvTUud2M0CCQP5K0C8/s8ggDNBQEQ4:gTptvvVQj8P40Z/LgK5T
                                          MD5:85AE8D3018511C27F51BBD2D27E3185C
                                          SHA1:4E8609C06E3E0E03F41678B75005DF1253F12ED7
                                          SHA-256:A8F9489E844008944775F16AE65E65DAEDBA1B454EBDE76B8ED8FC770651FD63
                                          SHA-512:F2ECC7E7198527C075A0AC4A9068B7AEAAE0A85A639223AEDA90F6D1BD36EE54AA0C11A4A044A49FDFD5513428445E671500E84478954219B514021D9B70C58B
                                          Malicious:false
                                          Preview:20:22:01.373.INFO.Signaling force websocket stop..20:22:01.471.INFO.Socket connected to getscreen.me:443..20:22:02.462.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:22:02.492.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250123.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.980469077824168
                                          Encrypted:false
                                          SSDEEP:12:sPiYtGChr+tvviOmYB5aBeKOQj8P40WyFq5T:sPioGGr+tv6Om45WADA9ycT
                                          MD5:F50295221509624CF910928B5BA7BA8E
                                          SHA1:DA8E76265646D30BF35B97D418A0EF32B34EA2FC
                                          SHA-256:6863155F7CFABACFB2A5D3B8EEEDCDAC513D1C2D23F96D416ED40EA1BBAE1F79
                                          SHA-512:AA7E41DEE026022906E6EE12FC131C33604159D168454C92E7A5234800E9084E12F58B3861A47BE285C030CC15176DB856FEC64E31F29EAA21C1886A898D3D22
                                          Malicious:false
                                          Preview:23:37:42.981.INFO.Signaling force websocket stop..23:37:43.973.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:37:45.342.INFO.Socket connected to getscreen.me:443..23:40:09.608.INFO.Signaling force websocket stop..23:40:09.799.ERROR.Socket unable to read..23:40:09.819.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:40:09.806.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250125.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.721748002067049
                                          Encrypted:false
                                          SSDEEP:3:yQGhX2XINF+WgIO0/Vyn:y5X2XIX+WgIJUn
                                          MD5:D8E55EC0B27E86A97F8982AF2F3BDF01
                                          SHA1:9657CC96A38D772C091EBE7FC977C5ECCD77B7E5
                                          SHA-256:2F894B1B1956CFBC97C0C2C8B5DE20ADC30B697BB5C083D524F5ED02A03E7140
                                          SHA-512:DBD19D453852B8D76F47AADB0950D69100FF274CC314C2B89797BF314003660EF018AEC304B18BDD496558798C2657D2C9BB4E5B8966F667AA7C4F0ECF26CAC4
                                          Malicious:false
                                          Preview:02:55:12.587.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250128.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.753591894012986
                                          Encrypted:false
                                          SSDEEP:6:vn2XIX+WgIJUI5iXIXNLD4EQPBmdzvRWl8Rvvn:+CiChe0tvvn
                                          MD5:1B7C2DB096BB5DCD64C83353DC0C2E7F
                                          SHA1:2307EA80C3E1CE5AF03F50DCE82D455C35E76C42
                                          SHA-256:F2657A8B7A69A095B59851998DF8D8E00BCF7BB26F144FB30C4B9C20EC9F12AE
                                          SHA-512:B3F548C6344A0FD7E3EB685C1CC7C5F1C9E06D9C70BBC72EC38588A99CE845AF250AD198C3137D452E7DFD8A63511CEEF63C1C8DA9B7B674FF8B1B54B6864D24
                                          Malicious:false
                                          Preview:06:11:39.879.INFO.Signaling force websocket stop..06:11:41.981.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:11:51.301.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250130.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.977245015996505
                                          Encrypted:false
                                          SSDEEP:6:4tlQXIX+WgIJU2bQQDMgfDQAud2M0CCQP5K0CPQEDNBQEQ4:KlQodqQj8P40E5T
                                          MD5:86975BF41BE905D95F997B98BA46821D
                                          SHA1:746F7031876072D5BB2FE8E216524946BC653BF9
                                          SHA-256:FB84050168B79F2C5D8F0944AA0A6A7B8F600A42356F2C3A48716342170599FF
                                          SHA-512:D235FD09AC2B2DF4BB0D490A2B32C4D7073600D1F006232189ABC3ED0B5FD483FA8DD25C324D16E40F7C187D08EA4A31329D1A7D2825C3B894F9D817D41E03BC
                                          Malicious:false
                                          Preview:09:26:55.853.INFO.Signaling force websocket stop..09:26:58.107.ERROR.Socket unable to read..09:26:58.138.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:26:58.138.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250201.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2004
                                          Entropy (8bit):5.003917786985164
                                          Encrypted:false
                                          SSDEEP:24:bQziGvtvFmpDAWmtGMAtvzxDA/ZXjGEtvsbDAJiHGc2tvhi5DA8T:bUFyDzxMwtDuAkQDk7caCDZT
                                          MD5:5FA7221A6B875B844CCA38F290604E51
                                          SHA1:117F0D60497AF381FBFE3356825312F964B7781B
                                          SHA-256:0015DF917829F9386AFBC1B2D7A44617214EBABAC1798A11CCF7A9147D622BAC
                                          SHA-512:F4E5981E844BD038E728752A6C8C59B9C3C16E9AC9A756993F650868EB73CE6D8DD25CD8945DA65F25D5CF6C1E3A0A6AE1F4ADD2DFDA622B3A89E8F9A1411250
                                          Malicious:false
                                          Preview:12:41:42.561.INFO.Signaling force websocket stop..12:42:54.222.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:42:54.480.INFO.Socket connected to getscreen.me:443..12:45:07.560.INFO.Signaling force websocket stop..12:45:07.581.ERROR.Socket unable to read..12:45:07.581.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:45:07.581.ERROR.WebSocket connection error getscreen.me/signal/agent..12:47:32.872.INFO.Signaling force websocket stop..12:47:57.029.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:48:09.772.INFO.Socket connected to getscreen.me:443..12:50:20.193.INFO.Signaling force websocket stop..12:50:20.945.ERROR.Socket unable to read..12:50:20.965.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:50:20.965.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250203.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1122
                                          Entropy (8bit):4.953679185756887
                                          Encrypted:false
                                          SSDEEP:24:imoG72tv0NDAmRpXGe12tvxuDAqMQGgtvv:j7aeDLRp26aYDrgQ3
                                          MD5:3A3B7F83902B42D29198F19A781E0AB9
                                          SHA1:BC733EE300A8479194025402B3526DA816772749
                                          SHA-256:7DD9B96C7E6FB6CBA3ADBCEE1A3350F34A3590066DD96AB78212D50BCF37D038
                                          SHA-512:D359AB64BC40B4AD4349643BFC448384F5DCAF80C30B81AC7E6BC72D387F05AAF31CEAD5FD4B278858B0FA56C573C78198A0913DBE3D0A2FEB5F6233A0B1F7A6
                                          Malicious:false
                                          Preview:16:14:06.560.INFO.Signaling force websocket stop..16:14:59.473.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:16:00.166.INFO.Socket connected to getscreen.me:443..16:17:11.117.INFO.Signaling force websocket stop..16:17:11.248.ERROR.Socket unable to read..16:17:11.248.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:17:11.248.ERROR.WebSocket connection error getscreen.me/signal/agent..16:18:57.083.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:18:57.756.INFO.Socket connected to getscreen.me:443..16:21:10.785.INFO.Signaling force websocket stop..16:21:10.876.ERROR.Socket unable to read..16:21:11.177.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:21:11.177.ERROR.WebSocket connection error getscreen.me/signal/agent..16:22:22.178.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250205.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):909
                                          Entropy (8bit):5.012983021111011
                                          Encrypted:false
                                          SSDEEP:12:92K4zBOQj8P40p4K5b84mKEcFiChK0r2tvvDXKxP0DQj8P40458ChY:UcDAfib8XLc8GK0r2tvLaMDA98GY
                                          MD5:4CF2D05B2B3546EE9AB7956818D5C495
                                          SHA1:7697D6529AA1D455452070517A40229A0CAC2301
                                          SHA-256:46FBFBAFC750D955ED24F422C358DAE1B5EC20884C133879BE4F4BE2E65C3ACF
                                          SHA-512:A20D1CA53D06E8B0AE2A375DEB456CABB5CC2D0B45E5F36A47396C7B3B7A9F523F7228EAD0C622D383B8018C7BEC37D0ABBC8E5C5C4B458934D362DA6CECE893
                                          Malicious:false
                                          Preview:19:37:29.944.INFO.Signaling force websocket stop..19:37:33.789.ERROR.Socket unable to read..19:37:33.791.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:37:33.793.ERROR.WebSocket connection error getscreen.me/signal/agent..19:39:46.569.INFO.Signaling force websocket stop..19:40:40.931.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:40:51.216.INFO.Socket connected to getscreen.me:443..19:43:06.275.INFO.Signaling force websocket stop..19:45:42.592.ERROR.Socket unable to read..19:45:42.622.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:45:43.325.ERROR.WebSocket connection error getscreen.me/signal/agent..19:47:59.102.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20250207.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:eR9X2XINF+WgIO0/Vyn:8X2XIX+WgIJUn
                                          MD5:84F389415CB5D711B5C1ACFC1E5BC966
                                          SHA1:970C4819A22A3D867DF31C4D5903B25803C69012
                                          SHA-256:A8F440F43A9A045C45B1F4065458D0153B23692EDC1FEC20D0964750673945F9
                                          SHA-512:1304574E25E4252DBA4DB944FCC6616F07311780248812B636C6C65532E9BF5E66CB922253F7EB726E441C41E176A8744079D7D4A5D26A16EC5C37494AC04276
                                          Malicious:false
                                          Preview:23:02:45.104.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250214.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2360
                                          Entropy (8bit):4.964671871571369
                                          Encrypted:false
                                          SSDEEP:48:dxDDxv+FP99DZZynGtDNsFgDjP2PqAxDIiqA3:rNgP9LZykssP2yAaiqG
                                          MD5:7D3407650F8591BAD218B9BDDC9C3D31
                                          SHA1:C42223C8256253A023B3881B64D0D1F8538FCF46
                                          SHA-256:3EB4675A4FED5813A02B89AC3E821650B0BA22D1C2E4C48ADB6315799627B01A
                                          SHA-512:03D1DEAB6E0D0489497318037FDFADA946FC1CA6BD7CB4572FC454D94D546229643FCF42DDFB28D833EB59AB11B16B934BF8759B04328488F17B8C9A17D30DD3
                                          Malicious:false
                                          Preview:08:56:44.871.INFO.Socket connected to getscreen.me:443..08:59:02.788.INFO.Signaling force websocket stop..08:59:03.080.ERROR.Socket unable to read..08:59:03.080.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:59:03.080.ERROR.WebSocket connection error getscreen.me/signal/agent..09:01:24.266.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:01:45.192.INFO.Socket connected to getscreen.me:443..09:03:48.908.INFO.Signaling force websocket stop..09:03:49.249.ERROR.Socket unable to read..09:03:49.249.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:03:49.260.ERROR.WebSocket connection error getscreen.me/signal/agent..09:05:38.765.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:05:38.981.INFO.Socket connected to getscreen.me:443..09:07:50.394.INFO

                                          C:\ProgramData\Getscreen.me\logs\20250216.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.97827399658313
                                          Encrypted:false
                                          SSDEEP:6:Oo5wqmXIX+WgIJUUuHbMhHbud2M0CCQP5K0COHfDNBQEQ28FXIXNLD4EQfy5idzv:+qmKA86Qj8P40nHb5iChPQtvvn
                                          MD5:11BB5D8CD544682AC94C1E75407A4A8A
                                          SHA1:52C23E57C42F78A2EFA050DDC29CE4F36825F595
                                          SHA-256:842F0E88D00640069CF01542F036979FA34679385F10DBFD25F58B3EC3A6603F
                                          SHA-512:9FBB02F99D209EF26407348613666889DA21EBDFEABEA90C6EF87DCF7806CF9875F7F2AEA44C1D1FD1381EE29DFFD31281098E873B4335D37263448373412080
                                          Malicious:false
                                          Preview:12:32:44.569.INFO.Signaling force websocket stop..12:33:49.728.ERROR.Socket unable to read..12:33:49.728.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:33:49.728.ERROR.WebSocket connection error getscreen.me/signal/agent..12:34:03.940.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:34:04.238.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250218.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.969684696034269
                                          Encrypted:false
                                          SSDEEP:6:q9X2XIX+WgIJUUdvMQziUud2M0CCQP5K0C9zYQDNBQEQ4:uX2KTiBQj8P40IY65T
                                          MD5:F661DC06A114ACC35074A969081D09BE
                                          SHA1:4D63F880BD43F5624A027D7763FE2088D22E96FC
                                          SHA-256:92EFD175EFC14FACC4CFFCDC367E54AD499475534AB5963874BAD0195D00D7C8
                                          SHA-512:69CA520F758412A8A7B125089EF72149FA0D631FD548AF383B14971829A5C8A5D1E79B1F1BB5111178E0235B5384CAB9256051CD026E7F9419E821ED3A5207D7
                                          Malicious:false
                                          Preview:15:49:00.084.INFO.Signaling force websocket stop..15:49:02.186.ERROR.Socket unable to read..15:49:02.216.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:49:02.276.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250220.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.770942421748538
                                          Encrypted:false
                                          SSDEEP:3:FmiVmXINF+WgIO0/Vyn:CXIX+WgIJUn
                                          MD5:4495F5D76FEA8B66D7CA1F3E76AADBF8
                                          SHA1:C24FEDA829EFF97F0BB5932C63C5ECABF63A45EC
                                          SHA-256:829C98309E9F4F9DB9D3C54808877899606CF6C51940A21087AF6A01270EE256
                                          SHA-512:62F7668DD8F5D1CD22EB23151754A012299F0A5606467318587CEFA06CA8017190159C4428941091D447F205E9040EB4328BD55C55002FC738F39340898AC1E9
                                          Malicious:false
                                          Preview:19:03:56.679.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250222.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):607
                                          Entropy (8bit):4.884630209156139
                                          Encrypted:false
                                          SSDEEP:12:xCh4eztvvfEilvBQj8P40365bwPRR2Ch4Yl2tvvn:xGTtv9lvBDAESbwPRR2G7Itvv
                                          MD5:24C67A5CD03B4723FE6D8720A3ABA044
                                          SHA1:D14D8DF8EFB93A0A6546DBC9605E34435945EA72
                                          SHA-256:381E65188D319F4E293F1C01A4099E09BB95EFCC84921F3267701E590CADAB35
                                          SHA-512:6C414B8F431246C7B612DF10BFBA67CB84F949E62CFF7479A88AB18ED489E604F3ABDA770FE449618D9D53EB2A6AB78EE57E666E45B9DD92FF4E837C4D3281C9
                                          Malicious:false
                                          Preview:22:19:03.509.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:20:18.290.INFO.Socket connected to getscreen.me:443..22:22:33.810.INFO.Signaling force websocket stop..22:22:33.921.ERROR.Socket unable to read..22:22:33.921.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:22:33.921.ERROR.WebSocket connection error getscreen.me/signal/agent..22:23:32.586.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:23:32.610.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250224.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.996884649366189
                                          Encrypted:false
                                          SSDEEP:12:T6ggjNX6jNXRQj8P40MNXq5kMTBg5+ChasXtvvn:T6geZEZRDADZCkEBa+GaQtvv
                                          MD5:36C5A67EF97F20FF2BED79742C0C9089
                                          SHA1:C00F21E5F63A3A46A413107D607AAFE49F33177D
                                          SHA-256:D9FFEB27415FD7437A2839077E59087CD37BE0289CEB63012E21115D41477653
                                          SHA-512:978BE744E2B8B3D2D2C3AB4BD8797F829AECDF88E8A19E012688C4742FBFCC64C430CE9D623E4352D59838751AF048FAEE2D70A4B1EE55EAA01D1437A3B6D288
                                          Malicious:false
                                          Preview:01:39:02.257.INFO.Signaling force websocket stop..01:39:06.523.ERROR.Socket unable to read..01:39:06.523.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:39:06.523.ERROR.WebSocket connection error getscreen.me/signal/agent..01:41:31.650.INFO.Signaling force websocket stop..01:42:54.887.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:42:59.148.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250227.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.944635017764749
                                          Encrypted:false
                                          SSDEEP:6:LtmXIX+WgIJUJkEMLkEud2M0CCQP5K0CGdkADNBQEQ4:LABQj8P40l5T
                                          MD5:5E2E6D977F1CC21731627FDF426981B2
                                          SHA1:9761E8080C52878C72FF38BF196CBBB27D18B47D
                                          SHA-256:F3C5A5FD48CA1DFD047D5E296E6CEE49CBCCE8727A5FE4835648BDC22D773547
                                          SHA-512:A13912B7FB99D602D7A0ABB0CAF92797E6996D378322F2FC22E85F0510C74E04DF1A367F8DF841783C517655676D06428837FA34864C0C580B57A2C2B85B140F
                                          Malicious:false
                                          Preview:04:57:49.340.INFO.Signaling force websocket stop..04:57:53.229.ERROR.Socket unable to read..04:57:53.229.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:57:53.229.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250301.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.757087205396306
                                          Encrypted:false
                                          SSDEEP:6:M9r2XIX+WgIJU6Eprr2XIXNLD4EQBf82dzvRWl8Rvvn:M0YMrr2Cha82tvvn
                                          MD5:F6F5ECFEFE023E048A0AF9418E3FD734
                                          SHA1:BDE4C99FC3844B6372C34F976CCF476F2DE17F95
                                          SHA-256:88F34968FE60E2766C1D13FAEF9B4BF577A54E0F6F5589C94F9B74083CE74CA4
                                          SHA-512:6922ABD4C4EEACABE67CCE5130B843B537E8EC820CA019ACD2D28AAD75C7A4B35E9C8EAD54236AE17E8CDC6D991BD287B29EB7EA10461D9F9CDECC0D78D32AC9
                                          Malicious:false
                                          Preview:08:13:03.987.INFO.Signaling force websocket stop..08:13:36.216.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:13:40.010.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250303.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):4.991242479413256
                                          Encrypted:false
                                          SSDEEP:24:5CLDAiZ2GxXtvPlDA31kcGQj2tv1TDART:UDrZvxdlDm16QjaZDsT
                                          MD5:A22494FF81BC407348664647EC715E1B
                                          SHA1:A5C0BA3544A612DEF2CA678A2AE8A34F1EF4E07B
                                          SHA-256:506C4E38AEB85208C832360015986013D3BC20FC94042806DD60B7C8F5E2B890
                                          SHA-512:26B2772493BC63A90564C9048E467CCE6B2AAAA5B55425B85085FFAB42832DFD7C465F1E6A8885EEAA7CA37C526F4BFD812988C16357FCD12DFDD33C95247A40
                                          Malicious:false
                                          Preview:11:30:07.905.INFO.Signaling force websocket stop..11:30:11.804.ERROR.Socket unable to read..11:30:11.824.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:30:11.824.ERROR.WebSocket connection error getscreen.me/signal/agent..11:31:59.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:32:02.955.INFO.Socket connected to getscreen.me:443..11:34:13.503.INFO.Signaling force websocket stop..11:34:13.573.ERROR.Socket unable to read..11:34:13.593.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:34:13.593.ERROR.WebSocket connection error getscreen.me/signal/agent..11:36:38.781.INFO.Signaling force websocket stop..11:37:03.564.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:37:04.251.INFO.Socket connected to getscreen.me:443..11:39:28.672.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250305.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):5.00425638802893
                                          Encrypted:false
                                          SSDEEP:24:Jy2GZtvO2mODAc5FIfGE2GJytv4kWiDA7H2GZ2tvWBDAWT:IvrGROD75mbvIbDKPZaMDHT
                                          MD5:3B300239AF2E2B8A10984F572BD0A57C
                                          SHA1:E687F3702C1EA12461E7F8BE1E1D7FF6E270DC0E
                                          SHA-256:80182FE39AC54D9B7B57EEBDCB216D476C3C29D613B4387064D031EE24A6E61D
                                          SHA-512:8BA5397EE70448DAA4AE92F1E19E8E254AA7759A1FA55BDA3A148EF8A1EBFE0C897565C193810B40CDBD6A4014EFE9E1517517D00108431637B4B946827FAA91
                                          Malicious:false
                                          Preview:14:54:46.908.INFO.Signaling force websocket stop..14:56:15.113.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:56:23.634.INFO.Socket connected to getscreen.me:443..14:58:33.166.INFO.Signaling force websocket stop..14:58:33.227.ERROR.Socket unable to read..14:58:33.267.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:58:33.267.ERROR.WebSocket connection error getscreen.me/signal/agent..15:00:58.317.INFO.Signaling force websocket stop..15:01:22.731.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:01:23.175.INFO.Socket connected to getscreen.me:443..15:03:48.334.INFO.Signaling force websocket stop..15:03:48.966.ERROR.Socket unable to read..15:03:49.006.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:03:49.006.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250307.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.752897239845947
                                          Encrypted:false
                                          SSDEEP:6:E/5Sw5Kr2XIX+WgIJUUuOiXIXNLD4EQQdzvRWl8Rvvn:EhSaKu7Chntvvn
                                          MD5:7A06EDAB55EC90536A6AC8D242F74758
                                          SHA1:399383DC2E6838BF7E699FF80828B669D334AEF3
                                          SHA-256:B07C45FD17215C1E9519CE204908862E1F9ED8DE434FEB1BEE47409E771625C2
                                          SHA-512:82804245F923CDD586515B9D67477AAEFCC22ABFFA815BD1BCC6E8A09A344BE016087F6E4CCD0A52BC02F7299C6E7B84EC7451812389FA7D262FB81676D96669
                                          Malicious:false
                                          Preview:18:24:30.365.INFO.Signaling force websocket stop..18:24:52.331.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:24:53.023.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250309.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6267
                                          Entropy (8bit):4.999689098797171
                                          Encrypted:false
                                          SSDEEP:192:26dl60F298Sg5mxV+0R24DB/15UcfC18eiZ7T:tHFt1+
                                          MD5:19C06C8845B826870BB615402C4B0743
                                          SHA1:BF6651CAD01CF56B4B0FFF2B445FF388FF9144ED
                                          SHA-256:F72EEF59E4E69D44ED7B258E9C11FB100F5A267F1DEF09FCA9F78BC1AFD7776D
                                          SHA-512:37441D5DFC2BDB88DA0F44E7338BD4ADE6D0013143088C8A2A8AE6790ED0F57339EF630EACC04D6979D5874780AC1293E83FA71DA188FB17483498A280D01943
                                          Malicious:false
                                          Preview:21:40:10.676.INFO.Signaling force websocket stop..21:40:14.752.ERROR.Socket unable to read..21:40:14.772.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:40:14.772.ERROR.WebSocket connection error getscreen.me/signal/agent..21:42:16.098.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:42:22.370.INFO.Socket connected to getscreen.me:443..21:44:29.171.INFO.Signaling force websocket stop..21:44:29.402.ERROR.Socket unable to read..21:44:29.432.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:44:29.432.ERROR.WebSocket connection error getscreen.me/signal/agent..21:46:28.053.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:46:30.516.INFO.Socket connected to getscreen.me:443..21:48:52.566.INFO.Signaling force websocket stop..21:48:52.777.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20250311.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5701
                                          Entropy (8bit):4.984117959284951
                                          Encrypted:false
                                          SSDEEP:48:CamD2QDRN1DhgcYN2agQgBDYtHJaNqDJCDQNqDWxnNJADrBvENDDjFQNDalDr6Ag:CG2bgc3aRbtHNOKxSdMFia96mWuWMWtv
                                          MD5:A26AA3EA3D15739353AA25A918EB231E
                                          SHA1:D54B0BD57389BE7B050E98B86161CB314D3B4334
                                          SHA-256:C7C08E500E2312458CF29D3C72C68CA57008DD257AC79FA0FC3BAE9B54160B3D
                                          SHA-512:167644E431E33CE3E9C6AD48B861383726BA71A599DFC38AF1EC18ED1040FBB47BECAD19EA738E91713C17C775671094AD46C779AF13CA26A29554F5DFA8929F
                                          Malicious:false
                                          Preview:01:56:03.545.INFO.Signaling force websocket stop..01:57:32.225.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:57:45.021.INFO.Socket connected to getscreen.me:443..01:59:57.244.INFO.Signaling force websocket stop..01:59:57.846.ERROR.Socket unable to read..01:59:57.876.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:59:57.876.ERROR.WebSocket connection error getscreen.me/signal/agent..02:02:23.200.INFO.Signaling force websocket stop..02:02:38.192.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:02:42.693.INFO.Socket connected to getscreen.me:443..02:04:51.852.INFO.Signaling force websocket stop..02:04:53.166.ERROR.Socket unable to read..02:04:53.166.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:04:53.166.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250314.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.966495678978462
                                          Encrypted:false
                                          SSDEEP:24:I7DAAPtzXwRGewSStvGlUqDjDAA35t1GePtvmlRERRHDAAlRctUumGeQtvv:EDlRTjuUqDjD/+8sE3HD1cNfN3
                                          MD5:73A5876C892097D5A4E9799EF882FAFE
                                          SHA1:705B496AD94111B36ECA675D5D280F6E3B695B2A
                                          SHA-256:7928D2B5B3AAD9D2D56FF4FABF5C1B7EDB1089BBA370E23F3B6562908F1615E0
                                          SHA-512:09EBF73EC9667CF4C95EB8FE906EF43C664EB162F1E941DB055A5B97AB6D6A9CB8353CA299D4E9B1A6F1CCD4547AC7ADE2F6C20E32EB79CB1A1B1BEB35CB4325
                                          Malicious:false
                                          Preview:06:08:03.007.INFO.Signaling force websocket stop..06:08:07.040.ERROR.Socket unable to read..06:08:07.060.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:08:07.060.ERROR.WebSocket connection error getscreen.me/signal/agent..06:10:19.655.INFO.Signaling force websocket stop..06:10:26.621.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:10:27.071.INFO.Socket connected to getscreen.me:443..06:12:50.002.INFO.Signaling force websocket stop..06:12:50.413.ERROR.Socket unable to read..06:12:50.453.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:12:53.383.ERROR.WebSocket connection error getscreen.me/signal/agent..06:15:14.651.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:15:21.604.INFO.Socket connected to getscreen.me:443..06:17:27.960.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250316.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5237
                                          Entropy (8bit):4.999938167576647
                                          Encrypted:false
                                          SSDEEP:48:LCDeFtFkDBYY/zhDxXt4DWwsNtSyD2RLtDLDQIoUwaHDUShxJfEDt7GN1FIDMcM1:B7qB73XDwaER1oUKSSGN1vcMT++T
                                          MD5:CD1DCCAE7F92115FA258159F97E5024C
                                          SHA1:65529A9BFEE37342CCD11924705702FA4551310C
                                          SHA-256:AF2795F40E93E463F18F57C31DDFBB403BD6A115C6D7D425C5410DBC0A6D9B3C
                                          SHA-512:698596642F9863C9CD06C3CC68C6377CE7DAD21640DF1F816F97B83FA544AD905CA1EBB3D846AC05AB980A8030494C478A25FBB6A39256C8D11FDD735302ED4E
                                          Malicious:false
                                          Preview:09:37:04.476.INFO.Signaling force websocket stop..09:37:09.150.ERROR.Socket unable to read..09:37:09.150.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:37:09.150.ERROR.WebSocket connection error getscreen.me/signal/agent..09:38:44.514.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:39:44.337.INFO.Socket connected to getscreen.me:443..09:40:58.477.INFO.Signaling force websocket stop..09:40:58.690.ERROR.Socket unable to read..09:40:58.690.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:40:58.690.ERROR.WebSocket connection error getscreen.me/signal/agent..09:43:12.576.INFO.Signaling force websocket stop..09:43:26.439.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:43:26.468.INFO.Socket connected to getscreen.me:443..09:46:20.240.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250318.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.9929159853322
                                          Encrypted:false
                                          SSDEEP:6:4Zr2XIX+WgIJUUfn+XXIXNLD4EQh2dzvRWl8RvvPsSR2XIX+WgIJUU5cB3UM+cyd:4iKf+XChjtvvPzQK5i3xjQj8P40JU5T
                                          MD5:3076F0963E8473F3BF6D9E6691B7FE1A
                                          SHA1:097BD1864A413A7BFEFAFCFE8E46D718D41808D4
                                          SHA-256:B63A1E85A0BFD9D108A4641354B808F2635681266B31D8DD9522F8EA7F2FD5DA
                                          SHA-512:2EB7B8BC04CFE331090054756ABAFC4D0ED0EBDD816B7B9EC1EC5AE2DD15054E3A81C9B23D4177521B399FB8C65F912981FAA48370336A6A43A199E4887853DC
                                          Malicious:false
                                          Preview:13:41:16.757.INFO.Signaling force websocket stop..13:43:08.628.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:43:16.945.INFO.Socket connected to getscreen.me:443..13:45:33.357.INFO.Signaling force websocket stop..13:45:33.959.ERROR.Socket unable to read..13:45:33.979.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:45:33.979.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250320.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2866
                                          Entropy (8bit):4.9945094234040255
                                          Encrypted:false
                                          SSDEEP:48:vE6DbEM0DsSi7wF/I5IBDsQIS0R+r5DsMRvjVjTJTBDRTS75lDrT:vNEVI2/I5IbISwKRtZjTJTXTS7rT
                                          MD5:1303622908276B7C8039FA187EE2E8FA
                                          SHA1:D440E0155DDDDA5C2945E1593CBAB6C4ADFB673C
                                          SHA-256:7EB239BB7E54431CD8804FB134C51C0F199619C91A73AAA771BCF151F817C5B4
                                          SHA-512:AC2003FD22604F13890FC2AC48D57E207BA22408C85DB03332490E8C0035B8160854D8AEF1130ABBE42DA348FCE8940DCE4C134AC3A850EA7DD2E6E6092B9E26
                                          Malicious:false
                                          Preview:17:00:18.270.INFO.Signaling force websocket stop..17:01:00.802.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:01:05.951.INFO.Socket connected to getscreen.me:443..17:03:23.965.INFO.Signaling force websocket stop..17:03:24.837.ERROR.Socket unable to read..17:03:24.837.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:03:24.837.ERROR.WebSocket connection error getscreen.me/signal/agent..17:05:15.541.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:06:22.559.INFO.Socket connected to getscreen.me:443..17:07:29.493.INFO.Signaling force websocket stop..17:10:10.483.ERROR.Socket unable to read..17:10:10.904.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:10:10.904.ERROR.WebSocket connection error getscreen.me/signal/agent..17:12:36.386.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250322.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:lRX4hcfs2XINF+WgIO0/Vyn:sq02XIX+WgIJUn
                                          MD5:7D21855C6A0F6DB9420613AF8F606BE0
                                          SHA1:6FBFF298A5ABCC00523B3C5CDF457BCBC8A3F524
                                          SHA-256:C3EB4556E16D4E605F5360A42B981B720DDFD55E8DFC8DD7E7CF07B4DAA71065
                                          SHA-512:92C6F99210BCF88A1647EC1E462A00087BCA259FB69DDB22429331F586E659A11F0DA740DEF1990F6E61210AA7D70FE4761653E7240967174A5854F612CEA722
                                          Malicious:false
                                          Preview:20:42:50.657.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250324.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1637
                                          Entropy (8bit):4.932128496472909
                                          Encrypted:false
                                          SSDEEP:24:8diGetvkuDA4hYXGw2tvOxIpHDAlcUGGz2tvwnJDAk4mmGq2tvv:8dDy5DdXwamSpHDScJb+DF4Wqa3
                                          MD5:7B304432CF5AFB84CE8C43B59CC46838
                                          SHA1:C3CC73E22593FFAAE230BA605E716F0BBA01CC9D
                                          SHA-256:C49E1E8E28658841890C901E6B750551D6C7C1BDB759407F8B82BBC170A1D4EA
                                          SHA-512:96466152A140AB2B69F20A540BF2F4FFB945CE04C5BBF8446D3432F013244FF817D603A06AA5F5FECA065E59AAABE5A3289ED48346F991A10F9D1F50C4D645C2
                                          Malicious:false
                                          Preview:20:43:07.773.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:58:44.025.INFO.Socket connected to getscreen.me:443..00:01:02.047.INFO.Signaling force websocket stop..00:01:02.398.ERROR.Socket unable to read..00:01:02.458.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:01:02.468.ERROR.WebSocket connection error getscreen.me/signal/agent..00:03:15.594.INFO.Signaling force websocket stop..00:04:24.639.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:04:30.636.INFO.Socket connected to getscreen.me:443..00:06:50.090.INFO.Signaling force websocket stop..00:06:50.481.ERROR.Socket unable to read..00:06:50.772.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:06:50.772.ERROR.WebSocket connection error getscreen.me/signal/agent..00:08:00.217.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250326.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):918
                                          Entropy (8bit):4.93285393395875
                                          Encrypted:false
                                          SSDEEP:12:OCGy1Qj8P409q5OLn2ChytvvpYmWCFBQj8P40c65jiChjQtvvn:OC9DAZOLn2GytvdWkBDArSuGjQtvv
                                          MD5:50A8860044A9CCC853F9ADA4082182A4
                                          SHA1:5030E254455B91DFEED3011A7E4F4D5C5ABA50E9
                                          SHA-256:EBF7C69F142D32F577CDBFCDF7A1C9B2A3A66C0B5CD2267C6B92BD97EB339090
                                          SHA-512:BD1510CB3512F230D145B04B06962BB57103945C871667C4DD0781B572F69900AF175C063B4BB84590A39D9902B992692613290E3DD486C6C1319A3F15132022
                                          Malicious:false
                                          Preview:03:30:06.805.INFO.Signaling force websocket stop..03:30:13.911.ERROR.Socket unable to read..03:30:13.951.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:30:13.961.ERROR.WebSocket connection error getscreen.me/signal/agent..03:31:42.286.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:31:47.025.INFO.Socket connected to getscreen.me:443..03:33:54.689.INFO.Signaling force websocket stop..03:33:55.020.ERROR.Socket unable to read..03:33:55.020.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:33:55.020.ERROR.WebSocket connection error getscreen.me/signal/agent..03:35:19.232.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:35:20.570.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250329.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.90737460067472
                                          Encrypted:false
                                          SSDEEP:6:Ls2XIX+WgIJUiD8BEMgD8BEud2M0CCQP5K0CEYDex3QDNBQEQ4:Ls2Q8Bu8BRQj8P401QexK5T
                                          MD5:5ACA9BE2EDB0AD83D4FF877F0A6A562E
                                          SHA1:200380DB551D8FAD0D2101A72D1BC3CAC80B82C6
                                          SHA-256:C03899890FEF848EFC26F91554917A1A8FB69FD57F5168547E286C255CE0E458
                                          SHA-512:AB616E5B771A10ADC3558CF8475D5CCB9C15158713BEE081B231524418758939E7BAB098C8253C2A883E4D442D3E48CE13E3E35A5EC42CF93C146080F74B662E
                                          Malicious:false
                                          Preview:06:50:07.124.INFO.Signaling force websocket stop..06:50:08.881.ERROR.Socket unable to read..06:50:08.881.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:50:08.892.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250331.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.955803744834173
                                          Encrypted:false
                                          SSDEEP:12:MR2KU8ChqtvvCVTKpaWaBQj8P40Oa65fCh4tvvn:MQuGqtv6VTQaWaBDAFaSfG4tvv
                                          MD5:3E5E72C389CD159DBE7FE37E3D4845F5
                                          SHA1:AE28E55346B085B468A2CB945938AA10DFE01E67
                                          SHA-256:5F0F97B734C509A458011E694FB427CA7814AF3F54BC7112B17B6688C386E51C
                                          SHA-512:E68038C55E6FB5DEA7153222F3698EF89602C946E0925CC4FC85C0416B880A4D5462221336DABC7DCEA8062BABAC67306913CBDB579719ADA472FB7F25C23372
                                          Malicious:false
                                          Preview:10:06:39.574.INFO.Signaling force websocket stop..10:06:41.297.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:06:44.068.INFO.Socket connected to getscreen.me:443..10:08:53.823.INFO.Signaling force websocket stop..10:08:53.854.ERROR.Socket unable to read..10:08:53.854.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:08:53.854.ERROR.WebSocket connection error getscreen.me/signal/agent..10:09:46.733.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:09:47.671.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250402.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.9587375042700215
                                          Encrypted:false
                                          SSDEEP:6:pHh92XIX+WgIJUU6lHMzlHud2M0CCQP5K0CalDDNBQEQ4:pHh92KQQj8P40r5T
                                          MD5:8301C08933FDFFEDDFEF2D5B5947920A
                                          SHA1:7FB22B0FE8BF4CEA696CD789E2D02A8F0848ABC0
                                          SHA-256:A41942E04D1E29F4AB69012C82B77F87D25DBA57CB2B554290E3494DC57F5109
                                          SHA-512:96B261C4B5B52A9B82CA0A571DA485F61B9AEF0CFDB1D709A024B8635E2AB91F9069767568FDFCB88A66C77517AB658B9D727193BA21C6679813193CBE2A90B0
                                          Malicious:false
                                          Preview:13:24:31.772.INFO.Signaling force websocket stop..13:24:33.960.ERROR.Socket unable to read..13:24:33.960.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:24:33.960.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250404.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.996169695657219
                                          Encrypted:false
                                          SSDEEP:24:J8AG/Xtv6hDAsJrGo2tvQ+uRDAruCOQXGTXtvmZDACT:Gd/dED5YJnEDc7OhTd4DrT
                                          MD5:08B0B87A18EC09DA13745F48399AD4C2
                                          SHA1:0E6439A6560E5E50726BBD0090B11CF3942C2484
                                          SHA-256:8583F07B0F054D2F841A7B0B0EC44E8B04E179B1DF2A583F14CDA61FA8ADB2BD
                                          SHA-512:3B9E2E1F37554CB4F9A77B4E3E634DAD0ECD2B032D4AD4BCCB236278192BCCFC6CB3ED2877ADC8D547C59003B1B668716FE6691498CD9DEADC3C90C5D4A80C1E
                                          Malicious:false
                                          Preview:16:39:19.288.INFO.Signaling force websocket stop..16:39:22.635.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:39:23.783.INFO.Socket connected to getscreen.me:443..16:41:35.059.INFO.Signaling force websocket stop..16:41:35.100.ERROR.Socket unable to read..16:41:35.100.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:41:35.100.ERROR.WebSocket connection error getscreen.me/signal/agent..16:42:41.674.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:42:42.131.INFO.Socket connected to getscreen.me:443..16:45:41.117.INFO.Signaling force websocket stop..16:45:41.308.ERROR.Socket unable to read..16:45:41.649.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:45:41.649.ERROR.WebSocket connection error getscreen.me/signal/agent..16:48:07.001.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250406.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1086
                                          Entropy (8bit):4.9800495482197915
                                          Encrypted:false
                                          SSDEEP:24:9RsVG+qO2tvIRSbSxDAgYibVz7G+HutvVjBqDAgnbVgC5:Hh+/a4/DpVbVe+iSDpnbVgi
                                          MD5:2DA2E7CBB8A2BE5D63D09640DDEF5596
                                          SHA1:F24C27096C759288DEB373BE1E516D37253B2F6B
                                          SHA-256:41342B90F8A48966DA79570A5097BB687ECE4F006B44E21C3C28C22CED931D9C
                                          SHA-512:67AD6A779B7337480EEC12C7AE785FCCB2934A9A5B78920AF11BD087ED2E8F4806E3DC6EE6D716605A5D342FB1D47125C6DD9E7D4F2F6955B2060A9CB87B8C32
                                          Malicious:false
                                          Preview:20:05:26.040.INFO.Signaling force websocket stop..20:07:05.581.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:07:19.656.INFO.Socket connected to getscreen.me:443..20:09:19.092.INFO.Signaling force websocket stop..20:09:19.132.ERROR.Socket unable to read..20:09:19.132.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:09:19.132.ERROR.WebSocket connection error getscreen.me/signal/agent..20:11:44.287.INFO.Signaling force websocket stop..20:11:53.908.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:11:59.541.INFO.Socket connected to getscreen.me:443..20:14:19.615.INFO.Signaling force websocket stop..20:14:20.247.ERROR.Socket unable to read..20:14:20.297.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:14:20.297.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250408.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1030
                                          Entropy (8bit):4.987789382397186
                                          Encrypted:false
                                          SSDEEP:24:7r232G6tvgbDAn+bTGitvOUoDaDApzbquX5:Xgvu4DLbqGWPDaD6zbqup
                                          MD5:985D45D24B1F7A6F7A0CECCA7D938110
                                          SHA1:ECB924A60FF20B3DD21EAFD01F00B39777F68EF1
                                          SHA-256:EDDEB539515FBAE0F4EDA690363F2F9572DC2BCA83FB07D8066E32BC74FFB982
                                          SHA-512:13F904E40C1711C72C58D4A4417702A6D3836D974375634DD95BA6B6164C9C6FD833B899EC168FC6954FF7A582111D848F7359D9A16E34344F73E0484606EFEC
                                          Malicious:false
                                          Preview:23:31:21.626.INFO.Signaling force websocket stop..23:31:21.956.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:31:37.787.INFO.Socket connected to getscreen.me:443..23:33:37.403.INFO.Signaling force websocket stop..23:33:37.574.ERROR.Socket unable to read..23:33:37.644.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:33:37.664.ERROR.WebSocket connection error getscreen.me/signal/agent..23:35:01.421.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:35:02.101.INFO.Socket connected to getscreen.me:443..23:37:26.598.INFO.Signaling force websocket stop..23:37:27.079.ERROR.Socket unable to read..23:37:27.950.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:37:27.970.ERROR.WebSocket connection error getscreen.me/signal/agent..23:39:53.198.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250410.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5441
                                          Entropy (8bit):4.989308671613778
                                          Encrypted:false
                                          SSDEEP:48:yx+Nf+DDt2rSDnPZiGQlDcDfiaUTD/du4IpDEKlI3DxN0dkIWDDdrxDHoNEG6DNC:KGot2UBfj03du4KcNjdJo0RkB/FT
                                          MD5:E6BA6C55E25B03D1B581E38EA6B66ACD
                                          SHA1:905B9BBFFE16178225E1879A9D803ED6FF56CAEB
                                          SHA-256:21024883B132F4616BC2D0C20108CED5CF87A45876364859BC8A783B9662EA1F
                                          SHA-512:B86250E2E18E3A2168FF8D0C18140AA1D58E93E2F876D2EFEFFEAE820B6289775F1910857E7133B6761095218A943FA6BEAA5865BB0481319A78153E311C060F
                                          Malicious:false
                                          Preview:02:54:30.263.INFO.Signaling force websocket stop..02:55:13.498.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:55:13.951.INFO.Socket connected to getscreen.me:443..02:57:26.705.INFO.Signaling force websocket stop..02:57:26.946.ERROR.Socket unable to read..02:57:26.946.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:57:26.946.ERROR.WebSocket connection error getscreen.me/signal/agent..02:59:52.625.INFO.Signaling force websocket stop..03:00:41.183.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:00:51.029.INFO.Socket connected to getscreen.me:443..03:03:04.904.INFO.Signaling force websocket stop..03:03:06.116.ERROR.Socket unable to read..03:03:06.126.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:03:06.126.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250412.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.767380663583119
                                          Encrypted:false
                                          SSDEEP:6:SUmXIX+WgIJU49f2XIXNLD4EQ9hn2dzvRWl8Rvvn:SUmIeChO0tvvn
                                          MD5:A72C239C5E216F35BDAED5180E4E2286
                                          SHA1:463FA6B5A57342A7C7C4129FA716C0986881A926
                                          SHA-256:C8A103810A87031D25DFB372F68FDE5077445D4D5E1CED89B10BF80284ED6F99
                                          SHA-512:088240380C6C546BAE62D50B79FE0DC0242469B2BBFAAE11C01B811556DCB46DCB0C602AA9E7AE03A997B0673F8632504AC3A5A84FF0D6AEB0A04DA54DA37962
                                          Malicious:false
                                          Preview:07:04:39.128.INFO.Signaling force websocket stop..07:06:40.765.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:06:45.477.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250415.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.8664774783386395
                                          Encrypted:false
                                          SSDEEP:6:MpXXIX+WgIJUU0MHud2M0CCQP5K0CQDNBQEQ4:MhKEQj8P4095T
                                          MD5:E2A2A088B0A73BFA16D335A41821B8BD
                                          SHA1:02A6920591E97B17C67E20B066D12E3903D078C1
                                          SHA-256:6B17AA5DA7C220AEB03C028C3FC22DFAA7422BEA2B6C1FD8C61B5FBB92A92EBA
                                          SHA-512:CC8F979B3A915243F48F5148DCB62A412443D3299577857EF42D0B72F7CCD6CDD3E7BFDB685B5113C51164EAB94B54114A88B7F34C5FA83313137A91C204A7FA
                                          Malicious:false
                                          Preview:10:23:07.360.INFO.Signaling force websocket stop..10:23:12.130.ERROR.Socket unable to read..10:23:12.130.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:23:12.130.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250417.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.784790560564949
                                          Encrypted:false
                                          SSDEEP:6:sV32XIX+WgIJUU8r2XIXNLD4EQcus2dzvRWl8Rvvn:st2Ky2ChkXtvvn
                                          MD5:A20C0E0F2B70A209C6E2079231057C07
                                          SHA1:5E43990AE8B34FBE281BC6E304D7A111A8A9CE58
                                          SHA-256:3606E736F5FCBA5597C27339AD893F8336D7FFAE92BFF7DA9393D5C436004372
                                          SHA-512:88CBDC1F26B5E861659D8027A3B0D668963B916D36B1EFA898965AFE05BA25E1783B3B6A6D5915D9FE4EAE48A5D232A3E7B714FEDA4A3E7D7DD1743D10A94F53
                                          Malicious:false
                                          Preview:13:38:31.204.INFO.Signaling force websocket stop..13:39:07.876.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:39:09.215.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250419.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.999444268952905
                                          Encrypted:false
                                          SSDEEP:24:j9DAjYX25XG+tv6XxI0DASnr2Gxtvk2NDAywGQGD2tvv:BDSYXo2SGI0DTrvTsUDrwIDa3
                                          MD5:C02F3BAF231ABDEA4150B1DF9C6A90B3
                                          SHA1:980C2CCA0CFEDBA2087E7B4377DA4982D94C0111
                                          SHA-256:E5D624FBF11AF5C961E9B67BDFE7D510517DF823FC39BEB2DC94072C4BBD7CFF
                                          SHA-512:FFEF7DA31F4C53E1CD18B055E5ABF13E2FF81F7A6F6F8648DA909BBFF3EDE092B82BF274E126F95E83DBF03764A3D1669EC153187B81F77BCEF60473856EE424
                                          Malicious:false
                                          Preview:16:55:00.660.INFO.Signaling force websocket stop..16:55:05.501.ERROR.Socket unable to read..16:55:05.521.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:55:05.521.ERROR.WebSocket connection error getscreen.me/signal/agent..16:57:17.846.INFO.Signaling force websocket stop..16:58:33.755.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:58:39.120.INFO.Socket connected to getscreen.me:443..17:00:57.167.INFO.Signaling force websocket stop..17:00:57.298.ERROR.Socket unable to read..17:00:57.298.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:00:57.320.ERROR.WebSocket connection error getscreen.me/signal/agent..17:02:26.626.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:02:26.637.INFO.Socket connected to getscreen.me:443..17:05:41.917.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250421.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.924059601835661
                                          Encrypted:false
                                          SSDEEP:6:K4XJns2XIX+WgIJUNsLEMLsL2Bkud2M0CCQP5K0C8/sL2BgDNBQEQ4:KWYGyjQj8P40Z/syU5T
                                          MD5:2B14F41259C11840AA77C361605CACFB
                                          SHA1:E162C970AE22BD8F8162B1160D691F20D80B7D47
                                          SHA-256:7019E3F11D76411A9E5937FF0FB23BEFDBCE12B9C5E5F5D9D21E20DA4A1F3667
                                          SHA-512:528CAE700EE21A9A2931C0577C9FBCFC30E202F79D778A52A8FE29711A5CCDB93A8CC6D60DEEDED814425CA9C77C9C9EAD938C8C9E1A925921E3ACE4FDF124F1
                                          Malicious:false
                                          Preview:20:24:37.225.INFO.Signaling force websocket stop..20:24:41.246.ERROR.Socket unable to read..20:24:41.256.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:24:41.256.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250423.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.747977937994719
                                          Encrypted:false
                                          SSDEEP:6:ge6sas2XIX+WgIJUG6lMXXIXNLD4EQz2dzvRWl8Rvvn:h6saXYUMXChltvvn
                                          MD5:96752E5109431CBA8A0DE61C181D7202
                                          SHA1:C02F11721E465FD49933555D856190378E2E5DCE
                                          SHA-256:FA10D9AF9004B3335F06D63BDF6BDD632B538DFDE36E5F9656AD6FC007FB73FB
                                          SHA-512:0722C0937BD199724BD6180D5DD7C892E44566166AF425C4074CD3164A1189E1C67DF9D7A9542BE3CFEC9C9F21D6D502F432591266CAF856640A36FD2E5ABFA9
                                          Malicious:false
                                          Preview:23:40:25.655.INFO.Signaling force websocket stop..23:40:56.422.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:40:59.607.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250425.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.970854773681618
                                          Encrypted:false
                                          SSDEEP:6:yqKsn2XIX+WgIJUjsbMJsbud2M0CCQP5K0CAVsfDNBQEQYX5VXjmXIXNLD4EQL5f:yq326n6Qj8P40xGb5pLzmChabtvvn
                                          MD5:D12FE8A82A02DA248F8CFA5C5FF70BDE
                                          SHA1:997A0E088F8C70A9DA1A09CB371664A8F2A9560E
                                          SHA-256:78F5694BD75CBC54FFD4F6339CC0C6A9F66510308FD5F58CD57F8DFD7F5B684E
                                          SHA-512:25803CA340736DF81A59D055D90B9A5C50027CCAE204D09186353E6A68D9502B496363EB54D5E6B7069557259AB312C7B381B14B5AF13A57F537E4459F94B877
                                          Malicious:false
                                          Preview:02:55:56.234.INFO.Signaling force websocket stop..02:56:59.742.ERROR.Socket unable to read..02:56:59.742.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:56:59.742.ERROR.WebSocket connection error getscreen.me/signal/agent..02:59:08.042.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:59:11.623.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250427.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.943723172172061
                                          Encrypted:false
                                          SSDEEP:6:3lXXIX+WgIJUy8H3EMo8H3Eud2M0CCQP5K0CEA8H3ADNBQEQ4:FT3F3RQj8P401T3q5T
                                          MD5:976AF89DFADD966E93BC24D86F830899
                                          SHA1:3DF3959BF564BF6606CDA8FDD58A04BB3955960A
                                          SHA-256:FFBF587560CB00A6E298B08A89E3F5BF5D6F680603A8810B45FA4B64CDD60F0D
                                          SHA-512:DDDE9AFFE24387EF1873C93C5A112A69BF00C8E6DEE967428E22E999FA538368BE2EF14AA48F467A53572B52D30D5423F4CE4FFC707F88A8ADC55768CB45A4BD
                                          Malicious:false
                                          Preview:06:14:18.979.INFO.Signaling force websocket stop..06:14:23.800.ERROR.Socket unable to read..06:14:23.800.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:14:23.800.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250430.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.964385646992236
                                          Encrypted:false
                                          SSDEEP:12:+o32Ch7emtvvfopUQj8P40nU58G2otmChImmtvvn:+M2G7BtvHHDA58G25GI5tvv
                                          MD5:6A681AB0735331E841F6FCBD7C1782FB
                                          SHA1:1E028A7F8A5DA89D0B592A4C1869418663280A6A
                                          SHA-256:9C52982E9E21ECFA2DDB489537C0D2543EEA7B153A4B403B56B3CD2C8742D4AB
                                          SHA-512:A6FC989C282CE0C3FB4E76C7B9D7850C0EC4CE4151B5652814ED53C73225DA23CF7E5CEA7D646F1438F3CB4C5BFBF10BB07C58E3EE6CFC567F0F587F32865D3A
                                          Malicious:false
                                          Preview:09:29:34.948.INFO.Signaling force websocket stop..09:30:28.452.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:30:38.287.INFO.Socket connected to getscreen.me:443..09:32:52.143.INFO.Signaling force websocket stop..09:32:52.504.ERROR.Socket unable to read..09:32:52.504.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:32:52.515.ERROR.WebSocket connection error getscreen.me/signal/agent..09:35:05.466.INFO.Signaling force websocket stop..09:35:48.882.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:35:59.161.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250502.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.961504719183197
                                          Encrypted:false
                                          SSDEEP:6:OuOXIX+WgIJUUon3KHMnnQM3Eud2M0CCQP5K0CInQM3ADNBQEQ4:ZOKon6onLRQj8P40xLq5T
                                          MD5:4E47E87A67BE5AB93E41EB0CFC51EA02
                                          SHA1:0E5D3098612493706B6222E3ECFB226E263EC22C
                                          SHA-256:31F1EA1391B1F732D3EA8D9163CC70AC41A9817DC3121B74BAB363C752AB507E
                                          SHA-512:807D91F961EF45F0BD608E6D42DB74D551CCECDE2EBB8102BAD977267190A2C82A0198A103921D5EB6E06EFFD258F05075BC8A947561E5D6DABA1B5898FDC48F
                                          Malicious:false
                                          Preview:12:51:52.488.INFO.Signaling force websocket stop..12:51:56.291.ERROR.Socket unable to read..12:51:56.321.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:51:56.321.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250504.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.970158312651145
                                          Encrypted:false
                                          SSDEEP:6:KXgqs2XIX+WgIJUUyWsXXIXNLD4EQwsXdzvRWl8Rvv3ft2XIX+WgIJUU4fAbMNfC:egmKyrXChqXtvvMK0BQj8P40D65T
                                          MD5:FCB5FEF1DCFE509E882D05CFAC12D61B
                                          SHA1:305017CB5EC5F4D6ACC156B0D7AA0D8AEF20AC32
                                          SHA-256:62F4E31C43148548AFD248A04E10B9A90F4AA451B8CDBCEC8FE5F31F2B3A5F2F
                                          SHA-512:59BF62888503CC18081CAD7D2DD502C0590A06DE0A80D527EAC9FABE2AF963BA9269AFCF49A34C4A806A8D3AF290A81F52BA12A297194371339CE12434C87D53
                                          Malicious:false
                                          Preview:16:08:21.325.INFO.Signaling force websocket stop..16:08:27.863.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:08:29.401.INFO.Socket connected to getscreen.me:443..16:10:48.415.INFO.Signaling force websocket stop..16:10:48.666.ERROR.Socket unable to read..16:10:48.686.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:10:48.686.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250506.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.980118961763942
                                          Encrypted:false
                                          SSDEEP:12:K2KA2Chttvv/KeZjQj8P40zU5w/R2Kc2Chktvvn:tmGttvH1ZjDAKAFD2Gktvv
                                          MD5:4F23159AA6033E6CEDF06AE25907A551
                                          SHA1:4C712FF0A3F49D5801D2F41164343595494819EA
                                          SHA-256:F0FA8E7837586DE3EE8321C82B173D24005DE56FAAF6C02BF788A4703305E7B8
                                          SHA-512:57ADDCE6CB7F1708D76D246A837C58F5D72C29673789FE1F61EBC0A2B3AF6EFB2DD7580C318C6A0130632402DB1110860A51D4E8F96FD9FF92AB1332B619AEC9
                                          Malicious:false
                                          Preview:19:25:20.624.INFO.Signaling force websocket stop..19:26:47.784.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:26:47.793.INFO.Socket connected to getscreen.me:443..19:29:12.409.INFO.Signaling force websocket stop..19:34:02.849.ERROR.Socket unable to read..19:34:02.849.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:34:02.849.ERROR.WebSocket connection error getscreen.me/signal/agent..19:36:28.174.INFO.Signaling force websocket stop..19:38:01.666.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:38:12.423.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250508.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.969408825497197
                                          Encrypted:false
                                          SSDEEP:24:oIX0K6DAgKtbpXGwxXtvRaDAuib6BXG0tvHXVDAzbluGwAtvv:oIh6D+tbp2wxdUDbib02U/FDebl13
                                          MD5:2493AFFD3B2D137BC59EE8E9BB454488
                                          SHA1:298DF7B63E73A0B5C415510D9E349538B7B09296
                                          SHA-256:DD1F0AA6E438A61CB02F1B2B4DCB269ADA60FD8380F0DA699DB4655945175B81
                                          SHA-512:15B0D38847C30DF3A6CC7FED2B55FEDA094A0B65A269BF805DE4421A633F55B5302CED8732A5CDD6132F7B58026B4A55EF0B5A01628F972C13BD831354B10294
                                          Malicious:false
                                          Preview:22:52:40.983.INFO.Signaling force websocket stop..22:52:45.894.ERROR.Socket unable to read..22:52:45.914.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:52:45.914.ERROR.WebSocket connection error getscreen.me/signal/agent..22:55:05.055.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:55:15.355.INFO.Socket connected to getscreen.me:443..22:57:29.590.INFO.Signaling force websocket stop..22:57:29.950.ERROR.Socket unable to read..22:57:29.980.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:57:29.991.ERROR.WebSocket connection error getscreen.me/signal/agent..22:59:55.233.INFO.Signaling force websocket stop..23:00:01.955.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:00:03.515.INFO.Socket connected to getscreen.me:443..23:02:42.855.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250510.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.980506547389689
                                          Encrypted:false
                                          SSDEEP:12:iFridxQj8P40xFK5p6Xr9QChaQ/2tvv9tX2rAKAHjQj8P40xXy5T:iFCDAXUXmGCtvlB28tDDAS6T
                                          MD5:63F291AD73397788C4BA1AD8705E1F45
                                          SHA1:ED29D25EF5E6B9165B04D75392B0C03BF570CD33
                                          SHA-256:41DE9F6A6C1CC5DA572B5C51AC21E011DA48F1207F64A3323BAF67CDEC140992
                                          SHA-512:F43EBDCDE6DB00BFF1C0B08F29FEE889336A3998B2BDD6AB3B2CF82B75FC0AFF9DB2BD3C8BB3389E8ADC8B90ED0F3FFB1F131FA002FB5DC0F0B40AB8CC901135
                                          Malicious:false
                                          Preview:02:22:24.051.INFO.Signaling force websocket stop..02:22:29.709.ERROR.Socket unable to read..02:22:29.759.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:22:29.759.ERROR.WebSocket connection error getscreen.me/signal/agent..02:24:54.913.INFO.Signaling force websocket stop..02:26:06.503.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:26:16.134.INFO.Socket connected to getscreen.me:443..02:28:54.766.INFO.Signaling force websocket stop..02:28:54.807.ERROR.Socket unable to read..02:28:54.857.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:29:00.258.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250512.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.770942421748538
                                          Encrypted:false
                                          SSDEEP:3:02JeaXXINF+WgIO0/Vyn:0PaXXIX+WgIJUn
                                          MD5:53DF957C57DF570213B796E29B034659
                                          SHA1:45242D7440416FB6EAE0B9ABA9A6D55EF20DB306
                                          SHA-256:20B1269856D81B1E393F41A757C6B14AACCD35213E70037177ECD0CFAB8DF752
                                          SHA-512:F9C9385D1933B33E13714661B29CA2403D4E1A763BB0CDDA03A04BB1E6A8717FFFC9485BA6A713A222A660865A61CFC2224DED8F5FDD6ABAB755D3FFA9E97C43
                                          Malicious:false
                                          Preview:05:45:20.791.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250515.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1433
                                          Entropy (8bit):4.977531102701198
                                          Encrypted:false
                                          SSDEEP:24:GXGbQtvolDA68iGWtvcrXIL6DAC8ZuGntv/RXDAUT:LbA+Djg6Ue6Dj+t9DNT
                                          MD5:C9667A059D1D6B81BF68827CE2AEECD6
                                          SHA1:11C6F0666D9EE263ACFD51ECBDBF780F2571A7F4
                                          SHA-256:4F7849C40DF677E0D97AFCEEE46715DC82996BD05A25A203416EB6D9F1BBE41A
                                          SHA-512:FD70A9FAE299E487EA66B72AA8F9CF4A28772845E7987E24CD5DB3FACF22A9C35268550C58379BF2D7250833AC4D437908037D49BFE7CD153F7CDF38EB98E581
                                          Malicious:false
                                          Preview:09:00:07.257.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:02:47.441.INFO.Socket connected to getscreen.me:443..09:04:46.791.INFO.Signaling force websocket stop..09:04:47.663.ERROR.Socket unable to read..09:04:47.663.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:04:47.663.ERROR.WebSocket connection error getscreen.me/signal/agent..09:07:07.352.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:07:18.772.INFO.Socket connected to getscreen.me:443..09:10:07.667.INFO.Signaling force websocket stop..09:10:08.259.ERROR.Socket unable to read..09:10:08.309.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:10:11.472.ERROR.WebSocket connection error getscreen.me/signal/agent..09:12:33.479.INFO.Signaling force websocket stop..09:13:53.285.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250517.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5782
                                          Entropy (8bit):5.010768903994289
                                          Encrypted:false
                                          SSDEEP:48:SVg6cODKZvPr7DFNW9Dme2+JbzXDZ+UfZDvsx8TD6jvyHE2fNDEVfQf9DpqHfWDN:8slTVNDe2+JbJ+ymzLvzVfaqUAY37T
                                          MD5:269026CF3299E7CF0134E46940ADD219
                                          SHA1:757B22FF0231AD1040820EA4D759C857537176EC
                                          SHA-256:288F73913C73C67BDC083058FFD983A858EE2056E7AB28B93B74878AA4C0BAA0
                                          SHA-512:C70790B4B471146EEDB498EC03D1FB01C691794DE9BB9890FF7FA3BA5DE8E7072F903EA56120A349EA851D0431D81AFE283D9A77C00F2C66AF19EBF42AAC97F2
                                          Malicious:false
                                          Preview:12:31:48.415.INFO.Signaling force websocket stop..12:32:04.609.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:32:06.084.INFO.Socket connected to getscreen.me:443..12:34:21.484.INFO.Signaling force websocket stop..12:34:21.575.ERROR.Socket unable to read..12:34:21.575.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:34:21.575.ERROR.WebSocket connection error getscreen.me/signal/agent..12:35:00.546.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:35:01.024.INFO.Socket connected to getscreen.me:443..12:37:23.859.INFO.Signaling force websocket stop..12:37:24.120.ERROR.Socket unable to read..12:37:24.851.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:37:24.851.ERROR.WebSocket connection error getscreen.me/signal/agent..12:39:30.990.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250519.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3585
                                          Entropy (8bit):5.001914390960581
                                          Encrypted:false
                                          SSDEEP:48:+9+BJYD6HICQ0DaxD0sDgPMvPDsSiTTFvCaDsQNTtl6Dbk9GzJRDRCONbjja3:+4BJfHIhTlUPciT5vCINTtuk2JXCOJ4
                                          MD5:FDD0D7E181F7D3C194E398C861946510
                                          SHA1:C5EFF0369BC3BD92A5DE8D6956B2A59B510D4BB7
                                          SHA-256:1B19D121BFEAC95FD7C0F88482F589D5C5F4B6A4E529A95882D7EFD08B70D314
                                          SHA-512:8C658251468EE04956E7973CF156D324378A1039D67E227B1BBCF93A51645B44C82A4451A018E701E1097BEDF152EF07FA51A60A3C0323919043BE4B2DCBB323
                                          Malicious:false
                                          Preview:16:55:38.129.INFO.Signaling force websocket stop..16:55:42.771.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:55:52.859.INFO.Socket connected to getscreen.me:443..16:58:16.334.INFO.Signaling force websocket stop..16:58:16.405.ERROR.Socket unable to read..16:58:16.405.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:58:16.405.ERROR.WebSocket connection error getscreen.me/signal/agent..16:59:16.340.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:59:17.242.INFO.Socket connected to getscreen.me:443..17:02:06.365.INFO.Signaling force websocket stop..17:02:06.476.ERROR.Socket unable to read..17:02:06.927.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:02:06.927.ERROR.WebSocket connection error getscreen.me/signal/agent..17:04:14.773.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250521.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4391
                                          Entropy (8bit):5.017697263159898
                                          Encrypted:false
                                          SSDEEP:48:m6WDpzbVo+CZDpTbV2+zA4qDpObVqY+PrDXbxHq4kDaCsHDCbatCscBDkSb2Dd5I:Gy+UI+zBsY+/9KbvKIyD1TX1KMPO2Y
                                          MD5:AE9A0B5E48048C1046514FC7B32187F3
                                          SHA1:778B9E51377C0847CCEDA402F5E7FDF8E254EB88
                                          SHA-256:48642A56B4946B19984811101A21EC79011B5AAF290AADB7BBFD9B242DCEEEAD
                                          SHA-512:470AFFF708374BDBD1F99EC5780621F318EC14FE557837202134E2D7E608CD69CD9A4D1AF72FCD95267BF83A5899F099F3F1F52DE592DC99DEF83C62B28C66F4
                                          Malicious:false
                                          Preview:20:47:30.077.INFO.Signaling force websocket stop..20:47:40.626.ERROR.Socket unable to read..20:47:40.646.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:47:40.646.ERROR.WebSocket connection error getscreen.me/signal/agent..20:50:05.992.INFO.Signaling force websocket stop..20:51:03.494.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:51:11.369.INFO.Socket connected to getscreen.me:443..20:53:28.157.INFO.Signaling force websocket stop..20:53:28.268.ERROR.Socket unable to read..20:53:28.268.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:53:30.466.ERROR.WebSocket connection error getscreen.me/signal/agent..20:55:17.405.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:55:18.344.INFO.Socket connected to getscreen.me:443..20:57:49.444.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250523.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.6637995646056805
                                          Encrypted:false
                                          SSDEEP:3:gVvhR6n2XINF+WgIO0/Vyn:g1u2XIX+WgIJUn
                                          MD5:54A2226F3667F3D71E12238856FB091F
                                          SHA1:ED567F3490023B4DFBB82D80B302DA1089E05103
                                          SHA-256:8D6815359407F703341DAEDFA1BBC1FE83E49B6D0AE42B45D871771871FE43CE
                                          SHA-512:74BD9E32684737AC5B15BB3FE565890A458389B35C1DFB718DD944A0113928BE89496B64363602E5937ABCF0EA46A14F11A1875682A7405600532BE59E1EA8BE
                                          Malicious:false
                                          Preview:01:02:20.407.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250527.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):524
                                          Entropy (8bit):4.940773948384828
                                          Encrypted:false
                                          SSDEEP:12:SW7tvvkFXmMFHMOQj8P40wMn5NiChltvvn:ltvwXFzDAONiGltvv
                                          MD5:EDFC0659A78D000E9F2AE8A5CD9A5BC3
                                          SHA1:8DE6D67CE5AAA7913EC6DE1C4E9EEB4F4D0C03A4
                                          SHA-256:94B7408B18145CC8BA4E0B644937F443A868262C09566AEFD75DD8C0EF35BE9F
                                          SHA-512:AF67695CF4701456CB9F42B50F8BA599EEF051F8CB0E6F1376D8AB2E0CC0EA04F08FC693576D737C017CD1ABE835F093205D6AF0CDAD93C5626AF4AFAA9DC91B
                                          Malicious:false
                                          Preview:07:35:50.180.INFO.Socket connected to getscreen.me:443..07:38:10.618.INFO.Signaling force websocket stop..07:38:10.819.ERROR.Socket unable to read..07:38:10.819.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:38:10.819.ERROR.WebSocket connection error getscreen.me/signal/agent..07:39:26.571.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:39:27.008.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250530.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.988975440661459
                                          Encrypted:false
                                          SSDEEP:12:MlKdsQj8P40F5jj2KWkCh0cXeXtvvlKEOQj8P40Tj5nChO2tvvn:Ml7DAqjKEGfXatvdTODAYFnGO2tvv
                                          MD5:924EA5BD49FCB3B672E41F6083CD5772
                                          SHA1:77FD05FF06F37F1BAE58971296CEC7ABB4494FA2
                                          SHA-256:395BBB6D04B307D9CC44C6A3C57BDD149B7AC43EAC42BC3BBE03725732D05656
                                          SHA-512:B5EE8642CC2E669720055F9573665CB827AE806EC859FAB4F95D91AA4E3B9E10473F74B7ED2511D432AC7694D0EF2386D8C60735AA92A0B88CFA91BE12911A05
                                          Malicious:false
                                          Preview:10:55:27.932.INFO.Signaling force websocket stop..10:55:31.961.ERROR.Socket unable to read..10:55:31.992.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:55:31.992.ERROR.WebSocket connection error getscreen.me/signal/agent..10:57:44.964.INFO.Signaling force websocket stop..10:58:09.865.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:58:12.291.INFO.Socket connected to getscreen.me:443..11:00:34.987.INFO.Signaling force websocket stop..11:00:35.057.ERROR.Socket unable to read..11:00:35.067.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:00:37.296.ERROR.WebSocket connection error getscreen.me/signal/agent..11:02:35.582.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:02:44.077.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250601.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):5.005939562426381
                                          Encrypted:false
                                          SSDEEP:12:I9K59Qj8P40W5KhtKaiChwmtvvZKGQj8P40Jc5T:ge9DAfct2GwmtvRXDADT
                                          MD5:A2C336A524A7757A7CBDDA15A3601A4D
                                          SHA1:AA73BD19188ED9C48BDBDE54419CC11986CC964D
                                          SHA-256:C240B5A44293F85B22C1A09AD0D78A5C8FF5AF2AE33643865CF9C34F8E680FFA
                                          SHA-512:981425C2C0FC65FDE9F8D1E84B40BCB12684ABCDFE2BC488FAF06B939D2A881861A5B329E969A16C96BF08C1B19062DDEE7FE9E84186E1FEC903927E4C9D8416
                                          Malicious:false
                                          Preview:14:18:26.417.INFO.Signaling force websocket stop..14:18:30.556.ERROR.Socket unable to read..14:18:30.586.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:18:30.586.ERROR.WebSocket connection error getscreen.me/signal/agent..14:20:55.779.INFO.Signaling force websocket stop..14:20:58.501.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:22:04.807.INFO.Socket connected to getscreen.me:443..14:23:12.552.INFO.Signaling force websocket stop..14:23:13.063.ERROR.Socket unable to read..14:23:13.094.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:23:14.700.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250603.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.985602632704332
                                          Encrypted:false
                                          SSDEEP:6:imXIX+WgIJUUyKNrr2XIXNLD4EQlWdzvRWl8RvvLLs2XIX+WgIJUUKkMOU3Eud21:VKKChuWtvvLY2KVU3RQj8P40EU3q5T
                                          MD5:A07B2814E87B2249760C467BF81DB18A
                                          SHA1:961383A8286186B44656D404D4DABBD0682D4F96
                                          SHA-256:29E0959C261C1A1591291CB93DFC53262AB8DA2244DC42BBC5A85FC230DABAA3
                                          SHA-512:9278DE53D89C0341D007F1EF59B51F5E665D5499ADAE471E57B055BF2E8D622065FA4FE986FAFA0301173B4230086989EE1897524C1A1F8086B6C2A99A65ED40
                                          Malicious:false
                                          Preview:17:39:40.188.INFO.Signaling force websocket stop..17:40:19.735.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:40:20.208.INFO.Socket connected to getscreen.me:443..17:42:44.258.INFO.Signaling force websocket stop..17:42:44.499.ERROR.Socket unable to read..17:42:44.529.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:42:44.529.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250605.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.770942421748538
                                          Encrypted:false
                                          SSDEEP:3:lQwdx3mXINF+WgIO0/Vyn:Kwdx2XIX+WgIJUn
                                          MD5:232F577AB178378FB18B96253E50F40F
                                          SHA1:C752A6597284EE56657878278514BEB567510C2A
                                          SHA-256:B36EFED7D84923340FC9D034E4D13E22B41B8765EB328FABA7A6F3C306E1FA43
                                          SHA-512:B7B98BEF3945001E96AF006A8F0B1AEC0BED69B8655BADB83DC2C708B35221058AAC3CE9A57D0420EC4B2DDC1A9951146431CEA0B03010AB4860713A87048A8A
                                          Malicious:false
                                          Preview:20:57:48.118.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250607.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.796508009219671
                                          Encrypted:false
                                          SSDEEP:6:uXIX+WgIJU+NoXIXNLD4EQJtLIrWXdzvRWl8Rvvn:uZChiyWXtvvn
                                          MD5:DEC872E3AC4B447B194C09A623C7679B
                                          SHA1:0C903BB2283F9C6B54B03B07AC4D0F81C66F09E3
                                          SHA-256:183BA3AE9DCDBE588525AAD144656E20003B33994A9BD742144F3CF80ADD6297
                                          SHA-512:BFF0723063D8AD528A0C1F6F96E03019306C315C0A319D3A00A7586A74FAA76412372BA010DEC2FC861BBD619E1EA07D1BBC94B73D1F821111C7EFA95CF4048B
                                          Malicious:false
                                          Preview:00:12:37.531.INFO.Signaling force websocket stop..00:12:37.688.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:13:46.991.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250609.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.924334112164242
                                          Encrypted:false
                                          SSDEEP:6:Omrr2XIX+WgIJU8tEMqfFEud2M0CCQP5K0CYgDNBQEQ4:OmrioSFRQj8P4085T
                                          MD5:C9F422516829368A8C78E6E026C55DE5
                                          SHA1:E33E7140C58DFFA65CAF4B8A27FEC694335E59A9
                                          SHA-256:315CF02210E7847979F1FABCB774CC2E0D51863C1AED5BDF73DAF60CA7AB34DB
                                          SHA-512:99552269954968E27EBFE8A1DE71C9B59594C60527E6066466272367C0D05939708F75587D726BAF731E177A038B1518B599B2AE151B4EAB4ADAB9AA1F9EFCA2
                                          Malicious:false
                                          Preview:03:29:03.757.INFO.Signaling force websocket stop..03:29:06.526.ERROR.Socket unable to read..03:29:06.526.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:29:06.536.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250611.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1178
                                          Entropy (8bit):4.985055811836124
                                          Encrypted:false
                                          SSDEEP:24:oiyGerntvNDqX8lDAAotcQLPGeqmtvmTUORDAAUCtiXGePtvv:o6Ut9lDWawOu+AORDWCc2I3
                                          MD5:9BA324A64AFB0580BBB2A08F37DE6F4D
                                          SHA1:BD5BA3834322F24EFB99E3BC62AD3C9C387D7322
                                          SHA-256:3BDAFEE75210570DE29E0493CCE9A6E8B124E0B56D66BF0C3D93E8F41C3EDA50
                                          SHA-512:9965CDD121B8BB60AAFA8ED4CF99475078CD336513AC334A125C5B5692355C8220D1360BDEB6C28BA000F3CCD159D86C4B87F35EBE8C28AAE5138BCC94BCC269
                                          Malicious:false
                                          Preview:06:43:58.975.INFO.Signaling force websocket stop..06:44:53.552.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:44:57.601.INFO.Socket connected to getscreen.me:443..06:47:18.367.INFO.Signaling force websocket stop..06:47:32.179.ERROR.Socket unable to read..06:47:32.259.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:47:32.259.ERROR.WebSocket connection error getscreen.me/signal/agent..06:49:46.703.INFO.Signaling force websocket stop..06:51:50.987.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:51:55.885.INFO.Socket connected to getscreen.me:443..06:54:15.193.INFO.Signaling force websocket stop..06:54:15.765.ERROR.Socket unable to read..06:54:15.765.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:54:15.765.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250614.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):367
                                          Entropy (8bit):4.926452737152203
                                          Encrypted:false
                                          SSDEEP:6:MYSXQXIX+WgIJUUD2yMe2yud2M0CCQP5K0Cj22DNBQEQgFyr2XIX+WgIJUn:MmKGQj8P40U5nFyr25
                                          MD5:ECC8C9E17ABACC09088FCB07C0F4D202
                                          SHA1:D632604C851D8CD7A5C1C8901492F21B3E8C97AB
                                          SHA-256:6C8F40571C3371925A2AD9492767DB28A2E983FF3A4E1F90192F2D4BE7E2A365
                                          SHA-512:204581581363808EAD06D69D5866F7EEFC8D9935D395C6554FD4180AA12745E71131A9A7FA2068D50F5742A2EDB26AB8BCFFAC059241C2A262A374F8D06FB375
                                          Malicious:false
                                          Preview:10:11:18.302.INFO.Signaling force websocket stop..10:11:21.743.ERROR.Socket unable to read..10:11:21.743.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:11:21.743.ERROR.WebSocket connection error getscreen.me/signal/agent..10:13:47.074.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250616.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.987320632483234
                                          Encrypted:false
                                          SSDEEP:6:NmQXIX+WgIJUU26riXIXNLD4EQoX2dzvRWl8RvvP+KLgiXIX+WgIJUUGLyyMpLcv:NjKqChxmtvvPtKv6uQj8P40EH5T
                                          MD5:6D58D8CFA9E5A305C4252763F4386860
                                          SHA1:62C27A02DA464AF07AED47D38F1BE5E0398456D6
                                          SHA-256:C7EF1A011FB8CBE1DD5BE7110A42E3FB07780430848DB3E30580BA3679DBBE49
                                          SHA-512:B592B1A5D068E59670C5307BF11BEA902280DB3CB9FF5C8CE0FC15D2F33355D9D77DC3469311BACD6EB9D5F0E25F3B386633C4653ECB31D9DBA5479A2A2F2068
                                          Malicious:false
                                          Preview:13:28:20.863.INFO.Signaling force websocket stop..13:28:21.321.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:29:32.087.INFO.Socket connected to getscreen.me:443..13:31:48.593.INFO.Signaling force websocket stop..13:31:48.623.ERROR.Socket unable to read..13:31:48.653.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:31:48.653.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250618.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.749275303222613
                                          Encrypted:false
                                          SSDEEP:6:K+iXIX+WgIJUUwXIXNLD4EQ3jmdzvRWl8Rvvn:AKwCh+mtvvn
                                          MD5:56B0053D9B35B243D5CD7AAEA8EE1A7C
                                          SHA1:4B942F1B3512998A75039E4F3FB6C45928767E37
                                          SHA-256:B8CA74DD081A09DE8C966EFB0D01749E8FCE65C73BC806A897CDCB89F56EF624
                                          SHA-512:4009DAB4D7A7FA0EFE7808404857167843DEDD7AB193E844777DCD8A7697F721FD40B29237853627D27296F9EE938E6F2A9EA933BF487A12E765429476C6A773
                                          Malicious:false
                                          Preview:16:48:03.228.INFO.Signaling force websocket stop..16:48:08.068.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:48:09.882.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250620.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1836
                                          Entropy (8bit):4.972764583418871
                                          Encrypted:false
                                          SSDEEP:48:udWeZODp7bVb+S/m9DppbVO2+sEqDpObVS+aNDp/bV1+Ja3:mVZCh+3o2+lI+cP+i
                                          MD5:01F3B67DFE63D820A3D1FF31E413C312
                                          SHA1:A8E8074D1D136BA8FCD6CF85E8B23C99E5FD06AF
                                          SHA-256:6D8C63B23DADE44520E85A9F5FEAA225FF5DA8657AE8648DA7CCE2C16150343E
                                          SHA-512:2060728088A9450160C2E624A61142BB37152CBF8E81C95C3703CEF34615615252FB8D2E0F0C92F563DBC6212E3AEEFDF354BEFC951E34774EB8C8F741A98A51
                                          Malicious:false
                                          Preview:20:03:14.742.INFO.Signaling force websocket stop..20:03:16.767.ERROR.Socket unable to read..20:03:16.767.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:03:16.768.ERROR.WebSocket connection error getscreen.me/signal/agent..20:05:14.264.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:06:40.684.INFO.Socket connected to getscreen.me:443..20:07:28.416.INFO.Signaling force websocket stop..20:07:28.486.ERROR.Socket unable to read..20:07:28.516.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:07:28.516.ERROR.WebSocket connection error getscreen.me/signal/agent..20:08:52.683.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:08:53.158.INFO.Socket connected to getscreen.me:443..20:11:17.164.INFO.Signaling force websocket stop..20:11:17.345.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20250622.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1545
                                          Entropy (8bit):4.997929091588863
                                          Encrypted:false
                                          SSDEEP:24:BODAob0u1QGr+utv/eDACAbin2qGXtvfO8aDAYbk2GR2tvfX5:sDdbpr+CeDkbmGd3kDVbkvRanp
                                          MD5:6C03904CE9E1EFF32BD060B533E4A571
                                          SHA1:1907734FDCB3973EA5CDA1E573AEEF50CC93BAA2
                                          SHA-256:14C4F241EA5991BB1D92A517C7F77EF1E829AFFE570137237D6467F3F78FC4DE
                                          SHA-512:23DD673DE849E6917152896DBF0FBA3E0C529C3288C762128BDC786341E383427BADEEBD13F64BB7E08C181F28904CC4CB79ED835B9A85759B7CC1E2BD043F90
                                          Malicious:false
                                          Preview:23:33:25.625.INFO.Signaling force websocket stop..23:33:29.271.ERROR.Socket unable to read..23:33:29.281.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:33:29.281.ERROR.WebSocket connection error getscreen.me/signal/agent..23:35:54.321.INFO.Signaling force websocket stop..23:36:30.219.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:37:36.488.INFO.Socket connected to getscreen.me:443..23:38:44.298.INFO.Signaling force websocket stop..23:38:44.699.ERROR.Socket unable to read..23:38:44.719.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:38:45.805.ERROR.WebSocket connection error getscreen.me/signal/agent..23:41:10.116.INFO.Signaling force websocket stop..23:41:46.334.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:41:53.738.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250624.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3952
                                          Entropy (8bit):4.988811324624284
                                          Encrypted:false
                                          SSDEEP:48:Ox6DOtjgF7VD6Mz6zDn4yn1jDeAMNI5iD6Y//aIvDUxPaEDSP/EaMDGAvs3:sjC7IMzc4UWAM2B6/YxYPRqC
                                          MD5:9F8279D94ECEEF9826D2DC8BE232A9B9
                                          SHA1:4977AD4BE36B382BBF7B061626C3E40850BC415E
                                          SHA-256:0C9DB80CBF55DBED47675FE6A3CADA0E25CFC13791CDEF13D33927DC17EAC036
                                          SHA-512:CFA0C91CAF727562D4C698F0F03A9A34F4BB364CFF39FB2E2B3B7B72988FA04F30C3909714569EF88DBB6B9E96FC4AFC6A7395BAF0552FCBE18E82A736067A36
                                          Malicious:false
                                          Preview:03:02:54.244.ERROR.Socket unable to read..03:03:02.549.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:03:02.549.ERROR.WebSocket connection error getscreen.me/signal/agent..03:04:17.911.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:04:28.682.INFO.Socket connected to getscreen.me:443..03:06:41.755.INFO.Signaling force websocket stop..03:06:42.547.ERROR.Socket unable to read..03:06:42.587.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:06:43.055.ERROR.WebSocket connection error getscreen.me/signal/agent..03:09:08.017.INFO.Signaling force websocket stop..03:09:28.323.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:10:23.220.INFO.Socket connected to getscreen.me:443..03:11:53.660.INFO.Signaling force websocket stop..03:11:53.660.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20250626.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.979528937409812
                                          Encrypted:false
                                          SSDEEP:6:RLbn2XIX+WgIJUq/VHMo/VHud2M0CCQP5K0CEQ/VDDNBQEQ4:RLqM30Qj8P401MF5T
                                          MD5:5B9F27602040023719AC0660ACD2D945
                                          SHA1:A2245DEFE84C816C3386A2E82BF49DAFBEDBFBC6
                                          SHA-256:F8AC96E1C05EC13B25A394C7E9D5EB34FA99054C44FA5CF51D716F47F6354453
                                          SHA-512:52B38C94414F11FCA69F650E40DCF85EFE07349372881F9956D07276D0614E799558DF262CF5F14E904CC665A07F0539E8E5C5C37F406D3BDF3E7920010BC733
                                          Malicious:false
                                          Preview:06:58:16.457.INFO.Signaling force websocket stop..06:58:21.697.ERROR.Socket unable to read..06:58:21.697.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:58:21.697.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250629.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.935036894810162
                                          Encrypted:false
                                          SSDEEP:12:MfaXKOUemChhtvvpFmKCiuQj8P40VH5nWFChBtvvn:Mf20BGhtvBoLiuDA+ZOGBtvv
                                          MD5:BA0722A2989F1DC7531D694F9FB6D704
                                          SHA1:6C87030CB128B22C1A70D972DDE01AC1690AAF09
                                          SHA-256:DA6A3A89A0E641E5D44130B4CA75364136EE70E69A5F644D471878D7B6DBA7BE
                                          SHA-512:B639679F49C44BACD03BFB235140B447E3DDD42734A826CADC87CDFEBE3ACFDC17BE49A3A12E13788A3888FBF069E006803ADDB9A8CB1C00F95FAB4CBF251FF9
                                          Malicious:false
                                          Preview:10:13:22.875.INFO.Signaling force websocket stop..10:14:56.287.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:15:03.457.INFO.Socket connected to getscreen.me:443..10:18:00.402.INFO.Signaling force websocket stop..10:18:02.481.ERROR.Socket unable to read..10:18:02.481.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:18:02.481.ERROR.WebSocket connection error getscreen.me/signal/agent..10:19:08.940.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:19:09.622.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250701.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4319
                                          Entropy (8bit):5.003041190727109
                                          Encrypted:false
                                          SSDEEP:48:A3ODA54HafzDkCD8fsDP92cafyD1ycf4FD3frfHJDR64wbgIDKjfuIDjCBaLDMT:A3V54/AHQAyjfuxCjGiCBzT
                                          MD5:33BBE0BC6652A0C1C45649ED65DF70AD
                                          SHA1:48CF9974A86C71334FC761BBB9B91FA4F2BAB218
                                          SHA-256:E725CEBD83C4EE2E19F69BF161853AAB118AF2B649627DCB516E2EEB872DE5B0
                                          SHA-512:AE451CF534E1D5DC22783E5303B78A49ECD34511873097A8BF4DECD7718C32D0FAB9942F62FBE0CDDF20B86624F246A33C6C12A5A69841F30328BFAE8623B18D
                                          Malicious:false
                                          Preview:13:34:46.167.INFO.Signaling force websocket stop..13:34:47.639.ERROR.Socket unable to read..13:34:47.639.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:34:47.639.ERROR.WebSocket connection error getscreen.me/signal/agent..13:37:13.058.INFO.Signaling force websocket stop..13:37:38.231.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:38:44.273.INFO.Socket connected to getscreen.me:443..13:39:52.129.INFO.Signaling force websocket stop..13:39:52.199.ERROR.Socket unable to read..13:39:52.209.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:39:54.661.ERROR.WebSocket connection error getscreen.me/signal/agent..13:42:17.546.INFO.Signaling force websocket stop..13:42:39.902.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:43:08.523.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250703.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):195
                                          Entropy (8bit):4.834670489494338
                                          Encrypted:false
                                          SSDEEP:6:CiXIX+WgIJUU3SPn2XIXNLD4EQnSL9mXIX+WgIJUn:PK3S/2ChzL9m5
                                          MD5:37958D44BEC0B8FD9381704B3E9A3A34
                                          SHA1:C1D7B734772F69DE4B75B4259896578DC0D74B2D
                                          SHA-256:C69EBF7F26AF858DC609FAD24C4933D6F50AF2B2559B02D7FEB1FED5EE3F2B27
                                          SHA-512:E1FE655B510AB2AF1FF2C5F70412A8D33789901541B03E2F04CFFAAF102999BB18F5F45BC2B03D7DF0FE8291C3EB53361BCFE95F2E84C22D70841478A9CA70B6
                                          Malicious:false
                                          Preview:17:37:09.321.INFO.Signaling force websocket stop..17:37:43.256.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:40:07.521.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250705.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):636
                                          Entropy (8bit):4.965920257179504
                                          Encrypted:false
                                          SSDEEP:12:fPySKitvvyfOrBRQj8P40zBq5byChFv9tvvn:3HKitvsOrjDASAbyGbtvv
                                          MD5:372D643918D0EBE6ABB654A8B1176ECA
                                          SHA1:116C1581032131C42F19ADDEE9497E2B6FB65A3C
                                          SHA-256:E3BE55967BD2A7B55C2CEAADAA60A009C2DE29D95EA28077A2C79BB6F6AB3532
                                          SHA-512:1ACE80A2BFCEBDBE909F60A14939B305DD54796FE3CF37CEDA4D0464ADD6BF86D85BA53A7DDE0DCEC3661BC94D0AA0CC073C5CBDE22541FCC07A75436526C036
                                          Malicious:false
                                          Preview:20:55:44.043.INFO.Signaling force websocket stop..20:58:01.748.INFO.Signaling force websocket stop..20:58:29.571.INFO.Socket connected to getscreen.me:443..21:00:26.863.INFO.Signaling force websocket stop..21:00:27.113.ERROR.Socket unable to read..21:00:27.163.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:00:27.163.ERROR.WebSocket connection error getscreen.me/signal/agent..21:02:19.205.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:02:27.228.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250707.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.963838861879095
                                          Encrypted:false
                                          SSDEEP:24:wJ23DAbjL12V2G/tvfOjDAmj52dmGqtvw1DAULGFtvv:wCDKjL1+vV2Dvj5ceGDFC33
                                          MD5:7755C61AA1847E916861295FAFC3C429
                                          SHA1:60069DA7C238738AB901B84CDB0C0518B8C3419B
                                          SHA-256:7D44A2BD434C8CB9413A3D0AD4EB87C548D096CF51C5B93E711A6C884FC43091
                                          SHA-512:E13C0B61925CF54656A4BB3A45E339EA3C7E2F62AAE499EBB67536C9F4CCAA72B446EDB4B456BB9CE221FA8DA438E954EEE6E54EFCCB7D68DC2F27BDFA2E7677
                                          Malicious:false
                                          Preview:00:18:48.756.INFO.Signaling force websocket stop..00:19:50.823.ERROR.Socket unable to read..00:19:50.823.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:19:50.823.ERROR.WebSocket connection error getscreen.me/signal/agent..00:22:16.106.INFO.Signaling force websocket stop..00:22:46.356.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:22:57.743.INFO.Socket connected to getscreen.me:443..00:25:11.040.INFO.Signaling force websocket stop..00:25:11.060.ERROR.Socket unable to read..00:25:11.100.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:25:13.215.ERROR.WebSocket connection error getscreen.me/signal/agent..00:27:36.536.INFO.Signaling force websocket stop..00:28:41.003.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:28:44.382.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250709.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.958353112811463
                                          Encrypted:false
                                          SSDEEP:12:OfQVDo3Qj8P40nw5uMmfiCh3iNrWXtvvn:Oo+DAZuJfiG3fXtvv
                                          MD5:CC0C55CE427AC4B609F3770A16D8D9CF
                                          SHA1:61C00760618621AFB23A1BC2F5410FCF04B51A46
                                          SHA-256:BF78DF17605ED26172865BA403A91A3C014E0341B78F722C2C5537FCF1AB2682
                                          SHA-512:C8355BF5F81AA6846FD620C454F8F88EBA52C747A2F2BDE8E105919346FFCB4EF1812D4F6577A043F0A1141372AB81AC501AE8D9E58FB6151B0660273959F736
                                          Malicious:false
                                          Preview:03:47:09.165.INFO.Signaling force websocket stop..03:47:11.557.ERROR.Socket unable to read..03:47:11.558.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:47:11.558.ERROR.WebSocket connection error getscreen.me/signal/agent..03:48:47.773.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:48:53.555.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250711.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.90658023357039
                                          Encrypted:false
                                          SSDEEP:6:SJ2XIX+WgIJU49MMufVcUud2M0CCQP5K0CPcQDNBQEQ4:SJ2IWVsQj8P40u5T
                                          MD5:59E30AD83E672FA62C994C56E449FC7F
                                          SHA1:2264916F5025032CBD7F0AD60F494CC9EDACCAFE
                                          SHA-256:D5DB59D68EBA06787869050CFC596F6C5011B1E25BC1884AAD752E816DB14402
                                          SHA-512:E774DBE7FDC79AC6D24DD9C97C1F75626AB69BC1B43EA5806470EE7F58D6B5E191F829946BBFC04A42FB59B4966EAB726EEFA53634AC97C31E7EF174CB40A30D
                                          Malicious:false
                                          Preview:07:03:41.684.INFO.Signaling force websocket stop..07:03:47.066.ERROR.Socket unable to read..07:03:47.096.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:03:47.096.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250713.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):260
                                          Entropy (8bit):4.813981420596366
                                          Encrypted:false
                                          SSDEEP:6:MGSUn2XIX+WgIJUUPDXXIXNLD4EQgUoidzvRWl8RvvkCs2XIX+WgIJUn:M62KPDXChRUoitvvs25
                                          MD5:65A0ABEC46B4EFC688FAAF6EF4628B06
                                          SHA1:0775505226F09D4EAABE90E4F6026E29C2C4A75A
                                          SHA-256:26BB0E738B4E6DF3EE51B2C0E619053F4D2ACD9063E3482D4CA9374CE7C1C3B9
                                          SHA-512:6686020216ED8B8708788B8380D4DC3E2A5B1116B9B7EA6E576B0FA47766E84CDF0A08E3A5439BE579B3B5F3D90AB33D8E06BB5F88D30680A92AB1A95068F712
                                          Malicious:false
                                          Preview:10:19:34.774.INFO.Signaling force websocket stop..10:20:08.339.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:20:15.921.INFO.Socket connected to getscreen.me:443..10:22:31.699.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250718.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):918
                                          Entropy (8bit):5.002619465632163
                                          Encrypted:false
                                          SSDEEP:24:JODAI5r2W2Ges2tvqw6UaODADUa5BWXGZtvv:JODr5rtvesa7RaODDa5Vr3
                                          MD5:9D79FF6C18CC09973C36E140B8114B5E
                                          SHA1:D97DC54C273F214EF8F37910E87193E4C10E595B
                                          SHA-256:23E5F1A448348FE0616F7C5B1EB1EAF4054A3DFC8EC3E573FCAC0E1F6A86028C
                                          SHA-512:1855675E8741C35B0F87115D12D739EF90FAE48D778C212FF1658C6DCF7F0DC166EF6E2E38D51136A7953682E128F46AF23B9BF5929CF2B72B5181696BD127FC
                                          Malicious:false
                                          Preview:16:52:04.307.ERROR.Socket unable to read..16:52:05.967.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:52:05.967.ERROR.WebSocket connection error getscreen.me/signal/agent..16:54:19.136.INFO.Signaling force websocket stop..16:55:13.466.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:55:17.978.INFO.Socket connected to getscreen.me:443..16:57:38.787.INFO.Signaling force websocket stop..16:57:39.499.ERROR.Socket unable to read..16:57:39.539.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:57:39.539.ERROR.WebSocket connection error getscreen.me/signal/agent..16:59:22.539.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:59:30.145.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250720.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2866
                                          Entropy (8bit):4.970925484999379
                                          Encrypted:false
                                          SSDEEP:48:xTDpCbV4D+wnaaDpLbVx+Hq6TzDpIwbVT+SkDpbbV7+cXXDplbVb+HzDpDbVh+uV:xAeD+wBD+K6TuwR+vh+sbB+tf+S
                                          MD5:565AB4A1A288F6D5C621542B028086F8
                                          SHA1:45BDF347CE2DC1CE45C1DE40522114D0CE6124CC
                                          SHA-256:37F12E3DDFEFEE5B7288B34C8FABE57B252E9F92E3CDE793D1CBD8C9A0A88C68
                                          SHA-512:05A3F3888C06D327FF35D327EE209AAED8464B4186C9FC51BD2CD72E9689654FFFC2964D02DFE34679855AB75E2566CCBD0D5DADB943ACA98ACC114695D4CC2D
                                          Malicious:false
                                          Preview:20:14:16.214.INFO.Signaling force websocket stop..20:14:22.887.ERROR.Socket unable to read..20:14:22.917.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:14:22.917.ERROR.WebSocket connection error getscreen.me/signal/agent..20:16:10.074.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:16:17.251.INFO.Socket connected to getscreen.me:443..20:18:30.721.INFO.Signaling force websocket stop..20:18:30.852.ERROR.Socket unable to read..20:18:30.852.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:18:30.852.ERROR.WebSocket connection error getscreen.me/signal/agent..20:20:56.068.INFO.Signaling force websocket stop..20:21:37.278.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:21:46.921.INFO.Socket connected to getscreen.me:443..20:24:01.027.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250722.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7546
                                          Entropy (8bit):4.9851573618518135
                                          Encrypted:false
                                          SSDEEP:192:gmOrtMMxrOUYSfE1oLaomgUkf8kvF3t6k+Pk5d:0/3Htvb
                                          MD5:228DB78CAC900073BD769341A6D9F570
                                          SHA1:E3E96B149C0834B2C02FD603193501BB1A173378
                                          SHA-256:CC7651A39B3AF3813E67C9D557EF775939D1467B966BC5E4C2744CBCF8573717
                                          SHA-512:323789640751E9064D3AE0409779B0D87A48D5A76F1D5A7C70539E6A6184B77C85F096D1F5018BD564AECE648549C02C113B041D3037C48487022D4647129737
                                          Malicious:false
                                          Preview:23:57:13.927.INFO.Signaling force websocket stop..23:57:20.296.ERROR.Socket unable to read..23:57:20.296.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:57:20.296.ERROR.WebSocket connection error getscreen.me/signal/agent..23:59:45.809.INFO.Signaling force websocket stop..23:59:45.836.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:59:48.052.INFO.Socket connected to getscreen.me:443..00:03:00.810.INFO.Signaling force websocket stop..00:03:01.522.ERROR.Socket unable to read..00:03:01.522.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:03:02.398.ERROR.WebSocket connection error getscreen.me/signal/agent..00:05:26.626.INFO.Signaling force websocket stop..00:05:27.110.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:05:35.629.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250724.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1030
                                          Entropy (8bit):4.965627314748701
                                          Encrypted:false
                                          SSDEEP:12:Fum73l3BQj8P40t3651nXaWAChgQtvvYmmSRmRjQj8P40Ed50NqmCh4tvvn:n71xDAwiZXaRGhtv+WCjDA/0DG4tvv
                                          MD5:DE378CB4200AAEC3019D45E9BFBE31C7
                                          SHA1:D3C7014E0A45A3E8DDD93B624A78A3CF45B1333F
                                          SHA-256:1850850923A5803DF35449942790AE1D563FEA22203A16AF34E59A05F8651470
                                          SHA-512:2553F5CAD3292336C790388B2C1130FF580C137B94F505B78E7FCFF66FCAD3FC6863E01831E16ED3C9ED8057A56AB08ED0A469E43EF996C08FEB298B4A25DED1
                                          Malicious:false
                                          Preview:04:49:48.325.INFO.Signaling force websocket stop..04:51:41.434.ERROR.Socket unable to read..04:51:41.434.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:51:41.434.ERROR.WebSocket connection error getscreen.me/signal/agent..04:54:06.767.INFO.Signaling force websocket stop..04:54:21.732.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:54:25.523.INFO.Socket connected to getscreen.me:443..04:56:47.000.INFO.Signaling force websocket stop..04:56:47.441.ERROR.Socket unable to read..04:56:47.441.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:56:49.262.ERROR.WebSocket connection error getscreen.me/signal/agent..04:59:01.290.INFO.Signaling force websocket stop..04:59:19.760.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:59:30.051.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250726.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):770
                                          Entropy (8bit):4.979000116136188
                                          Encrypted:false
                                          SSDEEP:12:MRxZDBQj8P40r655N2ChCtvveJEiqH6Qj8P40SHb5T:MRxZDBDAwSuGCtv2JEiqH6DAFHtT
                                          MD5:8933318D7AB549C49D7ECF4FF381F4EE
                                          SHA1:2EE8E49098C944D2E4E1FD680864A11A36160BF5
                                          SHA-256:604FCD2112A7F97E0A90330F1AC1478FF46B6BB9081B654612CA3067DC595A86
                                          SHA-512:2A93D8A240FDE6734124E131746409B527D8A675987A420A7562F056A3A383645F98466211C1FF4061332FC61DED88467E3D537C9F7C3F4E4337FFB1409BF8D9
                                          Malicious:false
                                          Preview:08:14:59.502.INFO.Signaling force websocket stop..08:15:02.981.ERROR.Socket unable to read..08:15:02.981.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:15:02.981.ERROR.WebSocket connection error getscreen.me/signal/agent..08:16:33.917.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:16:34.140.INFO.Socket connected to getscreen.me:443..08:18:46.063.INFO.Signaling force websocket stop..08:18:46.614.ERROR.Socket unable to read..08:18:46.634.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:18:46.634.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250728.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):654
                                          Entropy (8bit):4.988058924828435
                                          Encrypted:false
                                          SSDEEP:12:I2KBQ7QChYjutvvyCX2KB3dC3dR6Qj8P40mdRb5fKbr2KXm2ChY:LXEGYKtvqC2cGmDA1RfKG52GY
                                          MD5:B7023EB16C1227CAECFF50F7B3DF2E42
                                          SHA1:E78F2534B0BBA3DE2B056B4BBDC5F1C20A016036
                                          SHA-256:46F71C1B5EF8904ED77D9D9E40CA469D8185E2704BBFA23EADE1B081074BCA10
                                          SHA-512:CB70B8B9027981E755C6968CCE95138AB5840747F64C584E070BDF6C0838FA7FE6CDA1D222A69BF00550D316FDE36BFA6E4C8DC10C3BDF4196D2ECA54826D947
                                          Malicious:false
                                          Preview:11:34:59.974.INFO.Signaling force websocket stop..11:35:12.111.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:35:22.400.INFO.Socket connected to getscreen.me:443..11:37:36.926.INFO.Signaling force websocket stop..11:37:37.508.ERROR.Socket unable to read..11:37:37.558.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:37:37.558.ERROR.WebSocket connection error getscreen.me/signal/agent..11:40:03.064.INFO.Signaling force websocket stop..11:40:32.346.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20250731.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.686033716352762
                                          Encrypted:false
                                          SSDEEP:3:IfdwNriXINF+WgIO0/Vyn:IlwN2XIX+WgIJUn
                                          MD5:370C8DBF5DE0FED02CBDF9AFC276093B
                                          SHA1:E4DB455D08D852F3CAB3988DF561EB6552B092C9
                                          SHA-256:9DF7F3BCD562E6F02361232F65549123C7B646FF07A61EFEEF94E8C962AF7F52
                                          SHA-512:EF241DB91C82F51286EF8252350679AD05AA740EE09FB1E7125018F3CAC403167337852B31DCFF5DB63F00054077B289CDA28439028C587F9440746214F760E9
                                          Malicious:false
                                          Preview:14:57:05.770.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250802.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):112
                                          Entropy (8bit):4.768579363654874
                                          Encrypted:false
                                          SSDEEP:3:EfUXfAhRVQXINF+WgIO0/VyUWKG0Qss3qs2XINF+WgIO0/Vyn:EGfAhzQXIX+WgIJUUW59qs2XIX+WgIJU
                                          MD5:D06F422046B1CF434C88F1BA48EB3BBD
                                          SHA1:2EE30398A4561CEC7B846E03394B5EB26EDB502E
                                          SHA-256:C31BDFCAE1FED839C097E603BA8924E6BA3AA89ABF6C3079E45DCB36CAC7D581
                                          SHA-512:6B5CB4935193DB04895C115B8717CDD9190E203FAC0E2C74427A17C0B92C4F6A5296F9DB4CF7B02CA218EB56AEB22AB441B0B7332CCD7E932F6338153191F222
                                          Malicious:false
                                          Preview:18:12:50.040.INFO.Signaling force websocket stop..18:15:23.325.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250804.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.6637995646056805
                                          Encrypted:false
                                          SSDEEP:3:sZJ5jmXINF+WgIO0/Vyn:s35jmXIX+WgIJUn
                                          MD5:58CC3A1BF97E8EB3F3288FCC02B3D798
                                          SHA1:1D17F0F325F2901EEBAA2E17A08E7C9565010737
                                          SHA-256:AD8F16985A81B7EF6A811A57D8A924094D9770B1A9ABDC93156D3C695EFB0C23
                                          SHA-512:451CFF773CBA1CC527C25C8605B5841169B4698F5E96D9DB02C4F4B3F3F5100B968871631ECA710866744E39F1EB2C87A6BA36C953DFA914197F98F20D55D0DF
                                          Malicious:false
                                          Preview:21:31:11.260.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250806.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:XQUy3X2XINF+WgIO0/Vyn:XIn2XIX+WgIJUn
                                          MD5:BEB939DD50EBC9EA7EC7513F417FC1C8
                                          SHA1:FE022A4A9173724C5A00F29A805D0EF512ACCC92
                                          SHA-256:4E10DDB3763EF26966E83FB807A9832E6FF57326B10B2B719B7F91E017F1E794
                                          SHA-512:022C7DADCAF191895E4B524F265A6A5B294F0A0FF8A84340FD722306D93A3C8FFABEA8C714D5D874B5A20A4F2028BBE387BF96AF02B9AC626A2043D4BFE9628A
                                          Malicious:false
                                          Preview:00:47:57.815.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250808.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):325
                                          Entropy (8bit):4.912322167471365
                                          Encrypted:false
                                          SSDEEP:6:oKdzvRWl8RvvbVOdkmjmXIX+WgIJUkBkud2M0CCQP5K0CGLQDNBQEQ4:oKtvvxOPjmaQj8P40765T
                                          MD5:EC1C7D242B5EB01B4101D400FA70514E
                                          SHA1:1ED578561ABEA0F2F2A8566AA2A80A1F83FF2109
                                          SHA-256:750F57012304BE00354F492FD4641CC3EE0315B6D8147DCA5F61089091B96D7E
                                          SHA-512:02DCFE6434A84721EE199C4519C148506A47065DFE23FFD254CD3FB339A9CBF601F2D30548C09F86718E2FC366B57B7009C4E57B08A4742240135C5FCAF5CD87
                                          Malicious:false
                                          Preview:04:04:57.430.INFO.Socket connected to getscreen.me:443..04:04:58.763.INFO.Signaling force websocket stop..04:05:01.458.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:05:01.468.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250810.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.9685489368691975
                                          Encrypted:false
                                          SSDEEP:6:SUu1L+XIX+WgIJU4/tXIXNLD4EQ4R4aXdzvRWl8RvvGXIX+WgIJU4/YEMufXluda:SnCuChvRTtvvG44Qj8P40gcK5T
                                          MD5:F98B32185589B3851998011C69A91BFA
                                          SHA1:B963B11F230C64F222A06066C5C212C025EBF984
                                          SHA-256:A340E4CE66C888D2788E8ECFA56B875BC531344443AEED82BAEE62FEA1FAC8AF
                                          SHA-512:264667806371CB232E2AF99B7C9CB38E2B49578958DE674723ACB14CAB80707ED964EF83D2C0C119C2551D96509BE014601A3DA4AEB51D764E2BEC5FBCF1101B
                                          Malicious:false
                                          Preview:07:19:46.062.INFO.Signaling force websocket stop..07:20:52.172.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:20:55.333.INFO.Socket connected to getscreen.me:443..07:23:16.001.INFO.Signaling force websocket stop..07:23:16.342.ERROR.Socket unable to read..07:23:16.362.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:23:16.373.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250812.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.953849854380371
                                          Encrypted:false
                                          SSDEEP:12:M4XK5Ch2tvvKXKye6Qj8P40Nb5HXCh/tvvn:M4XwG2tvCXfe6DA2t3G/tvv
                                          MD5:07D33AE570DEE2F0CC07536243313CEA
                                          SHA1:9EFBC5C8E28EFDEDA66669AB736434A416B644A6
                                          SHA-256:5A7AF6F3B02519BBC58C8E05271B89C78AF2A1A0095D5C186915E2B9E03D42B0
                                          SHA-512:6306147C231514654F3E9E2EB38BFBEC91537C07C004D09089CDF1C601A45344DC48CAC4125C5DE6EBFA08F065BEB321EE007D33E1C3D3D6A10F393C8E138AAF
                                          Malicious:false
                                          Preview:10:39:01.155.INFO.Signaling force websocket stop..10:39:04.731.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:39:09.193.INFO.Socket connected to getscreen.me:443..10:41:18.883.INFO.Signaling force websocket stop..10:44:24.826.ERROR.Socket unable to read..10:44:24.826.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:44:24.826.ERROR.WebSocket connection error getscreen.me/signal/agent..10:45:44.375.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:45:44.398.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250815.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.897524932163515
                                          Encrypted:false
                                          SSDEEP:6:I23CR2XIX+WgIJUUO8Mx8ud2M0CCQP5K0Cu4DNBQEQ4:I4CQKOT5Qj8P40TC5T
                                          MD5:F9BE063D019E075AFC5BFC8A0AB56DBE
                                          SHA1:313828EEE2B7602102AC36E0135CA092A887D0D6
                                          SHA-256:42A50BB49EB9BC790163A0FCE1BC67F64DA8A5CB4FDB79161C53FA7FC36D83F9
                                          SHA-512:0775E8D9555370C9381C8188F01480CBC90D0F3CB53C58BDBC248CF538E5944CFD2C54CC72737528D06E9E72A921A7ACE1B3A8D1BA31662C61DF46EC89482F5A
                                          Malicious:false
                                          Preview:14:01:00.627.INFO.Signaling force websocket stop..14:01:04.318.ERROR.Socket unable to read..14:01:04.318.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:01:04.318.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250817.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.794594482133577
                                          Encrypted:false
                                          SSDEEP:6:KKXXIX+WgIJUU1TZSXsXXIXNLD4EQiUAV9mdzvRWl8Rvvn:pXKhZSAChfFKtvvn
                                          MD5:D8B913199C06F0C59DE113E2937955FC
                                          SHA1:D3ECF23A2E3B9AC70CF24462EB77FAB3EB4CAEB2
                                          SHA-256:E41318465C588F61A95677B60CB6F34D0BA119657038E86AD7F12FEBDF09070D
                                          SHA-512:D1A3CCFC33D3B1B9729D6419835EF3669D064C96DF7F487D699C4584AD880B391D70C8F5E039394267E1B855D5E61873321FACE361DBEACCB518FF7859CDAE1C
                                          Malicious:false
                                          Preview:17:16:25.768.INFO.Signaling force websocket stop..17:16:28.852.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:16:36.980.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250819.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):4.994778357470666
                                          Encrypted:false
                                          SSDEEP:24:4EpaDAgYNbVSG+FVtvK9DAgJbVE2DG+petv4mXDAggT:/paDpYNbVz+RgDpJbVEX+Ug2DpgT
                                          MD5:411C84F64BEEE535EA198894F2DB891F
                                          SHA1:EE6180FF4466B5939771645D6D117FD2A2FEC240
                                          SHA-256:994B38588479D4190C2BB22FACBDEDF4AA1DD7584851A9EC742E61A01BDD71A1
                                          SHA-512:FE420DA9B7A94C40A8A9D82AEC6C216346D4B873915302B6B9E7A56E410CF57FB257D24F622AF86F469AF42256E08813BDCDB845DA9F12CC42DC523A8996A0A5
                                          Malicious:false
                                          Preview:20:31:30.852.INFO.Signaling force websocket stop..20:31:34.494.ERROR.Socket unable to read..20:31:34.494.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:31:34.494.ERROR.WebSocket connection error getscreen.me/signal/agent..20:33:29.979.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:33:35.122.INFO.Socket connected to getscreen.me:443..20:35:42.123.INFO.Signaling force websocket stop..20:35:42.294.ERROR.Socket unable to read..20:35:42.294.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:35:42.294.ERROR.WebSocket connection error getscreen.me/signal/agent..20:38:07.366.INFO.Signaling force websocket stop..20:38:50.771.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:39:01.252.INFO.Socket connected to getscreen.me:443..20:41:14.489.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250821.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5956
                                          Entropy (8bit):4.971547374474023
                                          Encrypted:false
                                          SSDEEP:96:ddOtjrI8t2GVGjQij1aCQcrcqk1xHgtqsv/RKT:ddOtjrI80GVGkiZaCQcrcqkTAAsv/RKT
                                          MD5:C33BDF3408299C880C13F69474DDE77F
                                          SHA1:9F24421081E015C7F1B0F9920FD144ED72157239
                                          SHA-256:09581E8C84C5A6F6B85D9FC69C37F47F22CAD0C420D4EA8B83DC24E6F2FA76F1
                                          SHA-512:17CA309C1CBC163F8A854B84A446B42867213C1C9BA145A8F4EF6582848FBA50A90F528D98E5658207307B4E6483E846D0B69D1E402A8646BAFB1DDCF39D36F6
                                          Malicious:false
                                          Preview:23:56:41.429.INFO.Signaling force websocket stop..23:57:46.192.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:57:46.431.INFO.Socket connected to getscreen.me:443..23:59:58.496.INFO.Signaling force websocket stop..23:59:58.796.ERROR.Socket unable to read..23:59:58.796.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:59:58.796.ERROR.WebSocket connection error getscreen.me/signal/agent..00:01:45.841.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:01:55.905.INFO.Socket connected to getscreen.me:443..00:04:09.625.INFO.Signaling force websocket stop..00:04:10.407.ERROR.Socket unable to read..00:04:10.758.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:04:10.768.ERROR.WebSocket connection error getscreen.me/signal/agent..00:06:11.298.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250823.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):775
                                          Entropy (8bit):4.958810307119868
                                          Encrypted:false
                                          SSDEEP:12:DX0iChftvvjo2hk3kxQj8P40PkK5nARChwtvvN5:DXdGftvM2tDAAnARGwtvV5
                                          MD5:819B00F87C36725584573C1927C22E50
                                          SHA1:82BD1D55891592AF9F9CA6A0AA9F8AF0E88AE549
                                          SHA-256:4B18B9FDCACC0B270A1AECD2B5198D9490A7877E9D4B7EBD2E58212FD767DE58
                                          SHA-512:D377DDEFCC9E85445D8E0141010212135E5655ECB145A8ADDDE6A3FE916CEAF61C5665ACBF312E40B58FA34551163A914D70BA7282B331408B5FEAB70D7CD1EC
                                          Malicious:false
                                          Preview:04:11:15.803.INFO.Signaling force websocket stop..04:11:21.529.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:11:36.500.INFO.Socket connected to getscreen.me:443..04:13:49.653.INFO.Signaling force websocket stop..04:13:49.653.ERROR.Socket unable to read..04:13:49.653.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:13:49.653.ERROR.WebSocket connection error getscreen.me/signal/agent..04:16:03.011.INFO.Signaling force websocket stop..04:16:38.117.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:16:48.208.INFO.Socket connected to getscreen.me:443..04:19:02.517.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250825.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):770
                                          Entropy (8bit):4.979819295110671
                                          Encrypted:false
                                          SSDEEP:12:SW3ERfVWQj8P40AfV/5ojZYn2ChlfJ2tvvQXeEvjQj8P40dK5T:yRtWDAbthojZY2GFctvYXeErDAZT
                                          MD5:8897DA0CF6AEDAF09CE4874D28EA758B
                                          SHA1:1782714341E5641403D2A4A5EA3EDC2929FE8FA6
                                          SHA-256:3C1AB382B22113E48101FD90E6C17ADCFC901FEC9A548DA6E4FE4A2462BB599E
                                          SHA-512:D07B2EB15E66995953C6688415CC707D301A13AC58E57B1E5685DA45EC1AF6FBEF03480DFDE29ECD7E93915DCD62138483C014CCB2D302EAB771BE66BB04AB76
                                          Malicious:false
                                          Preview:07:33:31.131.ERROR.Socket unable to read..07:33:37.546.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:33:37.546.ERROR.WebSocket connection error getscreen.me/signal/agent..07:36:02.970.INFO.Signaling force websocket stop..07:36:46.454.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:37:10.535.INFO.Socket connected to getscreen.me:443..07:39:10.262.INFO.Signaling force websocket stop..07:39:11.224.ERROR.Socket unable to read..07:39:11.264.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:39:11.274.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250827.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.979362982153347
                                          Encrypted:false
                                          SSDEEP:12:MV32KOChiitvvlTR2KW9OBRQj8P40ZOBq5T:MVGvGiitvlQeRDAXCT
                                          MD5:ACBA57B5EBF449E7394E2E7BF8EFE311
                                          SHA1:F0AB766CF6B2593368732728E9AD422074808FCB
                                          SHA-256:096457DB919E4580431DEA016B97E26E6BC0D4F6A019C18D93549497618E112D
                                          SHA-512:5082F8093AA53A29D6C0167C4714C9681344A6199EA5F4627FF63C9DF65692431A6CCEE20DEC25FD9FDA4E261F39F98D31C95FF7AC8605FE8B1F6B476BA85B2C
                                          Malicious:false
                                          Preview:10:53:41.054.INFO.Signaling force websocket stop..10:55:56.513.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:56:05.571.INFO.Socket connected to getscreen.me:443..10:58:21.654.INFO.Signaling force websocket stop..10:58:26.772.ERROR.Socket unable to read..10:58:26.803.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:58:26.803.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250830.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1948
                                          Entropy (8bit):4.983860939798936
                                          Encrypted:false
                                          SSDEEP:24:wQZG6tvdSmuV6DA9tqGPtvY+QDAwsGAtvPe2BEbEBDAQESXt/XGhtvAPDA0T:Wu1wV6DctrlLQDZhweH4BDQSMD4DVT
                                          MD5:3CA08AAC4671E3446FBCCEA4F496A351
                                          SHA1:97C2AA29B54310B4F74746300E7F3F3AB6EB2E80
                                          SHA-256:922305646082E48FCD415A094EA70A48A144CFBDE618DBCB4CDF6AF928E162D4
                                          SHA-512:DB8FBB4E6C071637F46C32600F1C74514ED236D8AAB9049D991208DA946BD0D7D3FAD62E9C3B55B4F58E2286FF9A040951A4759E85DD91E09958A6565A4ECCB5
                                          Malicious:false
                                          Preview:14:13:34.371.INFO.Signaling force websocket stop..14:13:45.412.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:14:10.738.INFO.Socket connected to getscreen.me:443..14:16:11.081.INFO.Signaling force websocket stop..14:16:12.063.ERROR.Socket unable to read..14:16:12.063.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:16:12.063.ERROR.WebSocket connection error getscreen.me/signal/agent..14:17:35.814.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:17:36.695.INFO.Socket connected to getscreen.me:443..14:19:59.540.INFO.Signaling force websocket stop..14:19:59.802.ERROR.Socket unable to read..14:20:00.073.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:20:00.073.ERROR.WebSocket connection error getscreen.me/signal/agent..14:21:51.341.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250901.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.971703568259996
                                          Encrypted:false
                                          SSDEEP:12:pTK3ChUQtvvLOKAmGQj8P40oP5xrK+2Ch7tvvn:pT2GUQtvyGGDABxxrZ2G7tvv
                                          MD5:0F3382638DC4EC4995FD9CA4C8F00B66
                                          SHA1:E491C78568E0126AAD781A0B5A759E0D72C2F5E6
                                          SHA-256:327D663F11298951AB78D134E62FE187102EC7649050F1FB5785C77CC1A5FC04
                                          SHA-512:571D9EBE874192F9D2B0B4CA3B22A95DB7FC0644FD4DDE2C9130624CDFC28D5A4FE702D56C690938278510D2D4E0B957F69DE441CCD5491596D68E33691337F6
                                          Malicious:false
                                          Preview:17:46:33.063.INFO.Signaling force websocket stop..17:46:33.741.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:47:05.925.INFO.Socket connected to getscreen.me:443..17:49:19.360.INFO.Signaling force websocket stop..17:49:19.962.ERROR.Socket unable to read..17:49:20.012.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:49:20.012.ERROR.WebSocket connection error getscreen.me/signal/agent..17:51:32.765.INFO.Signaling force websocket stop..17:53:00.912.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:53:10.793.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250903.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):5.005940907332281
                                          Encrypted:false
                                          SSDEEP:24:DfhBDA6SbkG02tvnQfDAEb5vGNQtv2DQk4DA9nT:PDYbZ0a4D1b8NA3DAT
                                          MD5:0374FF28F1B3DB9030AA1406FF8170C2
                                          SHA1:E0ACC4EFE453BACF48101BE119C63D2DA704171D
                                          SHA-256:8D604803D4BA36687140F476CBD15DF490B6889D9A446D449ED2AFDB02EA8057
                                          SHA-512:D5D8C20A88A154F22E877198894738D6E4D71DD92F12E225EA15D78A94E3753A0B1080EDB6B1C4E758F00FCC10E91E9AC18B84F43474C09B803B01B1B3722D21
                                          Malicious:false
                                          Preview:21:08:54.793.INFO.Signaling force websocket stop..21:09:07.773.ERROR.Socket unable to read..21:09:07.773.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:09:07.773.ERROR.WebSocket connection error getscreen.me/signal/agent..21:11:19.005.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:11:30.646.INFO.Socket connected to getscreen.me:443..21:13:43.565.INFO.Signaling force websocket stop..21:13:43.635.ERROR.Socket unable to read..21:13:43.675.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:13:43.685.ERROR.WebSocket connection error getscreen.me/signal/agent..21:16:08.852.INFO.Signaling force websocket stop..21:16:38.097.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:17:50.911.INFO.Socket connected to getscreen.me:443..21:18:51.901.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250905.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.960496859722534
                                          Encrypted:false
                                          SSDEEP:24:7b0GWtvME+SEDAH7x2GcFtvJQRDANptPGatvM12vDAXT:56UtSEDI7Jc3wDUGOU1GDuT
                                          MD5:AFEA4BEE2D707512C316F51F052234D1
                                          SHA1:FFDC1AA97E80986213FF26E08C21D67408D20446
                                          SHA-256:DEEF7EA5F687997C052E69B36E925931FE894E586DA6558BAEF8E2290A7C5687
                                          SHA-512:A0A8A6E6BC9CE3F6AD657B853991731C787E9B0DFE860B09FA45A85567240FCD7D11BBFB300CBD4B518EC434FB569A7717F49318892CD93A6A62E2D37C85C26E
                                          Malicious:false
                                          Preview:00:33:28.999.INFO.Signaling force websocket stop..00:33:43.144.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:34:08.178.INFO.Socket connected to getscreen.me:443..00:36:08.491.INFO.Signaling force websocket stop..00:36:09.003.ERROR.Socket unable to read..00:36:09.013.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:36:09.013.ERROR.WebSocket connection error getscreen.me/signal/agent..00:38:12.790.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:38:20.851.INFO.Socket connected to getscreen.me:443..00:40:36.928.INFO.Signaling force websocket stop..00:42:42.947.ERROR.Socket unable to read..00:42:43.287.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:42:43.308.ERROR.WebSocket connection error getscreen.me/signal/agent..00:45:08.619.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20250907.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.975429079990794
                                          Encrypted:false
                                          SSDEEP:6:QfJXXIX+WgIJULMcriXIXNLD4EQN9S4X2dzvRWl8RvvbVDqXXIX+WgIJUVEMZsgk:QRXKc2ChaSs2tvvxCTPQj8P40w5T
                                          MD5:3B955FA6EC3527D3C38D7046EAE3D216
                                          SHA1:C8606D9CADAD9CDEB58FDEE72CB7BB7A1FCAA832
                                          SHA-256:A36E476E9247629A4E35BCA6DEF18D29E433032EE3826916A4D0A0FF90EA8C9A
                                          SHA-512:C6158B9486BD7426EE7130D206F7D72E52B7ABE961256C2041E099C7DA5C5E9E9B6FEEC307A403BCA0E5E2779B22B4975B8421BB80B2524EEF55350BFA5B973A
                                          Malicious:false
                                          Preview:04:03:20.739.INFO.Signaling force websocket stop..04:03:53.238.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:04:01.784.INFO.Socket connected to getscreen.me:443..04:06:17.941.INFO.Signaling force websocket stop..04:06:18.762.ERROR.Socket unable to read..04:06:18.793.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:06:18.793.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250909.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.790894053201402
                                          Encrypted:false
                                          SSDEEP:6:S27qXXIX+WgIJU4/Ar2XIXNLD4EQgQdzvRWl8Rvvn:S27m+ChdQtvvn
                                          MD5:956B4CE7AF4C361A911D8E24BF1E7F66
                                          SHA1:0D5D469076BC8E6F1C4FBBDAE59B96BBA74FFF67
                                          SHA-256:FFE0EF250C8D76FC740BA787FD9F262B8D51E8D7A785B2145EBA6AF3E7B5FF3C
                                          SHA-512:A9396637F9A77C1B2841E08E69DAF1AD548FC343776DD30F8FCF6492D695EFEC6F92C1D28CA750F6DCAF9DE92E914A513C110FF24B3986CD8EB1AC5433448115
                                          Malicious:false
                                          Preview:07:21:14.689.INFO.Signaling force websocket stop..07:21:50.735.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:22:00.332.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250911.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2004
                                          Entropy (8bit):4.994740777602189
                                          Encrypted:false
                                          SSDEEP:48:2cDhhDFHD8AEvktOljDrA3vSgDej8Rvc3:28hDO/ZlTA36Ljmy
                                          MD5:745997E8FA9C0A0FCB5DAC284A4D6F5B
                                          SHA1:715D745B02AED383CB0D7157317A882D7220A304
                                          SHA-256:7863B290C49700447810BF9FA1A48B0460A426280254C0B1A6B78FAADC96B6F0
                                          SHA-512:65F759D87ABC38740367DACC3B0FA4C7EF6AA920A7466B6C76D20F671CDCB1C098C340917FCDD42908D252A99BC012F45B3003425B1E4F3C09A792D5C9BD382B
                                          Malicious:false
                                          Preview:10:37:42.161.INFO.Signaling force websocket stop..10:37:45.468.ERROR.Socket unable to read..10:37:45.468.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:37:45.469.ERROR.WebSocket connection error getscreen.me/signal/agent..10:39:58.977.INFO.Signaling force websocket stop..10:40:06.478.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:40:06.694.INFO.Socket connected to getscreen.me:443..10:42:31.942.INFO.Signaling force websocket stop..10:42:32.164.ERROR.Socket unable to read..10:42:32.194.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:42:34.183.ERROR.WebSocket connection error getscreen.me/signal/agent..10:44:49.926.INFO.Signaling force websocket stop..10:45:38.436.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:45:44.041.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20250914.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.921670098574929
                                          Encrypted:false
                                          SSDEEP:6:IywUsnXXIX+WgIJUUgQrHMFQnud2M0CCQP5K0CAQjDNBQEQ1dKXIXNLD4EQ1CGsU:IkIXKVZuQj8P40sH5aKChXKtvvn
                                          MD5:1605C0A2811DC13E9D850B7A79EA05D6
                                          SHA1:B281A387BB72BAF5DAEB7AFE75636E1D448DA16F
                                          SHA-256:F011618A75085611FE834C81AE87049A767E0E7FE838DAFC91C3572D4AD49CD1
                                          SHA-512:BB3002CDC8979613AD6F159A528D74D0B2804D33A0108798B6451E3B7B3BE8C59004D0F923C1F57F0FD462B4D9C960A18C90CE118D7B21D3385C2DA7B45BC5AB
                                          Malicious:false
                                          Preview:14:10:02.183.INFO.Signaling force websocket stop..14:10:05.641.ERROR.Socket unable to read..14:10:05.681.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:10:05.681.ERROR.WebSocket connection error getscreen.me/signal/agent..14:11:50.180.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:11:52.670.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20250916.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.806656707462825
                                          Encrypted:false
                                          SSDEEP:3:L/7VsKWXXINF+WgIO0/Vyn:DR5iXIX+WgIJUn
                                          MD5:820CEE510E6E301BAF8DCCB6BDFA69FF
                                          SHA1:8CD1F90CAF7F380815658BBD33027149713FF304
                                          SHA-256:74C7648A8A19FB6FA39B7990FB6A1A8DE21E692038CB55E779516D69EB52E884
                                          SHA-512:03594C69A801FE50CAC919CA32B6B7017CCEFEB7051EBC2E92A8D84CF679070CD1D76D4D1FF4692DF79DD98B5E22ADBE2D2D052D1D91FBA944B000E66835EDC7
                                          Malicious:false
                                          Preview:17:26:45.030.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250918.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):255
                                          Entropy (8bit):4.8618386147428865
                                          Encrypted:false
                                          SSDEEP:6:gfUw1MND6zUud2M0CCQP5K0C85D6zQDNBQEQ4:oomBQj8P40Zw65T
                                          MD5:DBFF2E353C228F83DCA03595D23C58A0
                                          SHA1:8025B8D26A0D610A9DCA1EF27C88D8EE32CB39C8
                                          SHA-256:D4AB62240A707E83952B1DEFE6D6C00C7DAC18457B815C75123DE33C17C36180
                                          SHA-512:9D7C626833250C8B13865D97B447EDD459E27AEE330C5730952051D8BD1808F2333437D58E7B073EF800F60524F39065A8CB922F6DBEAFB6ADD6B910B0F8F64D
                                          Malicious:false
                                          Preview:20:41:16.514.ERROR.Socket unable to read..20:41:19.343.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:41:19.343.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250920.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:8RJcmss2XINF+WgIO0/Vyn:8PlN2XIX+WgIJUn
                                          MD5:1C099670A8E56B3EBC7506CC2B0E5CC6
                                          SHA1:4AC2BF94455BFD4AE006FC9EB3408BCCB41E7F2D
                                          SHA-256:7C4B961C2E114A790ADE88F2FEF899697AE3D4236AD804B4B76D16798608F105
                                          SHA-512:94F22E37C3F8335F3CC48883DDB7C6351899C5B0806DF84C789DF1973F7C83963EE9423AA5F3637C8D8C2666CC6FD0AA823CA6567C6286A09FE448BF28E4E09A
                                          Malicious:false
                                          Preview:23:55:48.992.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250922.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.963375978652804
                                          Encrypted:false
                                          SSDEEP:6:ONgdQXIX+WgIJU8M42XIXNLD4EQtX32dzvRWl8RvvWVKXIX+WgIJU8bTUBaHMqfd:ONgyI2Chg2tvvWIlBCCQj8P40i5T
                                          MD5:CE761E96A6A711AFD5E910EBDFA3601C
                                          SHA1:1212D1D9978C1FB4EBEAD6E6C8BAD38F861E8ABE
                                          SHA-256:0F0C58EB52785431F4E12C5E3CDDAB8ECF656CB9CBD0721FD9F6DF977170C581
                                          SHA-512:BE9E6F9E74A11D5E9B7FD2F258B4091E8D8042F1FE15EA7044EBA007B649B65FF884A686FE4CCC555E59FA930C38CDD13590CF9A7C29E5093F5EA1D9D81B3716
                                          Malicious:false
                                          Preview:03:11:41.138.INFO.Signaling force websocket stop..03:12:17.993.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:12:19.824.INFO.Socket connected to getscreen.me:443..03:14:42.300.INFO.Signaling force websocket stop..03:14:42.561.ERROR.Socket unable to read..03:14:42.611.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:14:42.611.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20250924.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.6637995646056805
                                          Encrypted:false
                                          SSDEEP:3:KhXINF+WgIO0/Vyn:GXIX+WgIJUn
                                          MD5:C86ED7A9652941AA6D107644CC793AE6
                                          SHA1:26339AF7CD397B76F3C81A0CDC2E37993A9BC53F
                                          SHA-256:D713E0751C5440A3362EE34A28583FB353EAB87A7155C33CB8D1FC713C8BA96D
                                          SHA-512:8CA46EC9F852ED24CF2DC2059F99996A98D092976875C6E2D2784529E2FD02A425B839A3EB3A31BDB53414534E0C727F9D41654E392A21A9EDACA30D87FFE8E3
                                          Malicious:false
                                          Preview:06:30:05.088.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20250926.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1178
                                          Entropy (8bit):4.973559921699526
                                          Encrypted:false
                                          SSDEEP:24:fCG5FtvSm9xKDAE8bgPGptvNX1DA/8DXGxtvv:LNUD1tO7FlDec2T3
                                          MD5:C302BEB073BCB0336FEEB0FBE825F1D0
                                          SHA1:7709384DBE01F3EA411DAF1538F4CE3D0EEC26D4
                                          SHA-256:E3E7AB569850F5C01844DC924133370E1BD1F5F5A455FD4E35F0189C07CC423A
                                          SHA-512:D773F80ECEA15C0E02124598B97E8ED7970BD1871A9C6A4F58B062631AA86D2B17C348433EE401991EAF7A87F0988E7A1EFB09982A21BFA460264FB54D17A76D
                                          Malicious:false
                                          Preview:09:45:16.145.INFO.Signaling force websocket stop..09:45:20.903.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:45:23.371.INFO.Socket connected to getscreen.me:443..09:47:34.361.INFO.Signaling force websocket stop..09:47:34.652.ERROR.Socket unable to read..09:47:34.662.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:47:34.662.ERROR.WebSocket connection error getscreen.me/signal/agent..09:49:59.961.INFO.Signaling force websocket stop..09:50:24.185.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:50:35.374.INFO.Socket connected to getscreen.me:443..09:52:49.958.INFO.Signaling force websocket stop..09:52:50.740.ERROR.Socket unable to read..09:52:50.760.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:52:50.760.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20250928.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.927327257822777
                                          Encrypted:false
                                          SSDEEP:6:Nb1s2XIX+WgIJUUBFEMSOud2M0CCQP5K0CvKDNBQEQ4:NNKBFSQj8P40r5T
                                          MD5:7F7029A4CB0255E198A3384353D01B4D
                                          SHA1:2B8D2A9DD478451A68DE5987CDC38D8248F4F0FB
                                          SHA-256:E6C13E5F9F7E19CE55464346D21B1B3D32756D3E8FEB048B61DF1CDEAA423C14
                                          SHA-512:EABAC6C3FB7492FA18E7BE216750FABDD25345EA0C39FE5542CA7127215021C20AEA5E407F849D226CDD27408A51D7E68EF0A2A0740C34486B8B49B9C6B0E4EE
                                          Malicious:false
                                          Preview:13:11:40.625.INFO.Signaling force websocket stop..13:11:46.166.ERROR.Socket unable to read..13:11:46.186.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:11:46.186.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251001.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.978472921926358
                                          Encrypted:false
                                          SSDEEP:6:KIXXIX+WgIJUUBGLas2XIXNLD4EQvPs2dzvRWl8Rvvoy2XIX+WgIJUUh/Mi6ud2W:bXKBGLaXCh4vtvvoy2KhZbQj8P400c5T
                                          MD5:ADDC4FB5BA49D51827A472AC021328CD
                                          SHA1:9031DF99CE65654998B689EB61C5084E76202F13
                                          SHA-256:1C96942A9397E2B3E338DC60CCCADA557C54D803E86C336AF53438C4C74293F4
                                          SHA-512:797A5DFCDCC60F0D50BA956E89678BB981CDA0BD1156AF22D4DAC1DF51B77949BF0F064CF5A2358B8FE7AA01B01586C8ABB383FC38929A9EA0D6BFF1FE7D5C71
                                          Malicious:false
                                          Preview:16:28:16.283.INFO.Signaling force websocket stop..16:28:23.871.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:29:19.025.INFO.Socket connected to getscreen.me:443..16:31:33.034.INFO.Signaling force websocket stop..16:31:33.836.ERROR.Socket unable to read..16:31:33.886.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:31:33.886.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251003.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.999633770559127
                                          Encrypted:false
                                          SSDEEP:12:/iKcVz2ChSX2tvvKts2KrBxQj8P40PBK5T:/ijVCGSmtv2s2mDAtT
                                          MD5:1C7B7E61A9F711C912CE0301E446B2FA
                                          SHA1:7E36D5AF2AF3EB1028646AB0B4A17EE7F4A18A4F
                                          SHA-256:F87CD45CFD678CE6352358A048CD044025010F11654F064076AD6CA371D4D487
                                          SHA-512:1777F35555882CD7475653CE71054FE50E6AED9CCE19B385C99CAFCE7D2F0F2214B441D46D2B0780D0933338A5FC2CB4EF9D2C03D869D4F58CDA8C0D0EACB26E
                                          Malicious:false
                                          Preview:19:46:53.109.INFO.Signaling force websocket stop..19:48:02.758.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:49:14.444.INFO.Socket connected to getscreen.me:443..19:51:28.086.INFO.Signaling force websocket stop..19:51:28.146.ERROR.Socket unable to read..19:51:28.196.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:51:28.196.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251005.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4064
                                          Entropy (8bit):5.002345408513269
                                          Encrypted:false
                                          SSDEEP:48:ADhDkbus9NDSbUnvFpDSbfJ9qDwbLcoDJbKcHpWDNbe1D1drDrblTCD+T:AKyYAq6LXvFhIg1FRdT
                                          MD5:54905A41E1711327BC738B86C31793AF
                                          SHA1:A5D8FAD824F9218243D05CBFEE24F4D08660E0AB
                                          SHA-256:AE82E08AC582D299175648866F0AD98E2B34C0804FB2F43EB5B0F8B061150951
                                          SHA-512:93F6CA6502E9774825F56A9D7213066E42E08AD8B5BAE14FE76751143263D1F153196C10BCF6F3570141FD8CDAF0822A91D98BD8E3AFF4A63ED4D0BA2B85F657
                                          Malicious:false
                                          Preview:23:06:44.632.INFO.Signaling force websocket stop..23:07:28.493.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:07:28.750.INFO.Socket connected to getscreen.me:443..23:09:51.881.INFO.Signaling force websocket stop..23:09:52.823.ERROR.Socket unable to read..23:09:52.823.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:09:52.823.ERROR.WebSocket connection error getscreen.me/signal/agent..23:12:22.691.INFO.Signaling force websocket stop..23:14:07.289.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:14:42.119.INFO.Socket connected to getscreen.me:443..23:16:31.602.INFO.Signaling force websocket stop..23:16:33.144.ERROR.Socket unable to read..23:16:33.145.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:16:33.145.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20251007.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5242
                                          Entropy (8bit):4.987772241731065
                                          Encrypted:false
                                          SSDEEP:48:OgqrmodDHmP1jD6g+eGLDmb5zIBRDECrW0GIJDL4kIDGNN6lELGZD2qpNW5DDJQ2:lrPcVKb5Wr54CNIpNCJvOtaDzq217EAp
                                          MD5:6E1EB980C97E0B7FB36A250EACB7E019
                                          SHA1:536244A5F4F0EEEEA026E8086144360CE1C1A533
                                          SHA-256:F049F33B642580FCE5D31995A4C226A8E9F68AE8870B96FE000879D5B340DA08
                                          SHA-512:47A62FEBC744DD27A4E5A10EFEBB9BBFA60EFB9D00370159E6754BE573D2CB7E9CBC14952D849F5217633B3EE9130032F1553BB4A040785000CF119F5F6E0C88
                                          Malicious:false
                                          Preview:03:03:13.344.INFO.Signaling force websocket stop..03:03:31.941.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:03:39.575.INFO.Socket connected to getscreen.me:443..03:05:56.434.INFO.Signaling force websocket stop..03:05:58.468.ERROR.Socket unable to read..03:05:58.498.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:05:58.498.ERROR.WebSocket connection error getscreen.me/signal/agent..03:08:14.390.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:08:29.358.INFO.Socket connected to getscreen.me:443..03:10:39.121.INFO.Signaling force websocket stop..03:10:39.532.ERROR.Socket unable to read..03:10:39.933.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:10:39.943.ERROR.WebSocket connection error getscreen.me/signal/agent..03:12:51.991.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20251009.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1892
                                          Entropy (8bit):4.990005129369776
                                          Encrypted:false
                                          SSDEEP:24:JMxDAGYGWEtvgw+nBDAtSTnGM2tvsDlDAYN3QGdtvcMJDAwqYQGetvv:JMxDv1WkH+nBDKSiMaulDNN9/ZJDBNy3
                                          MD5:C7128FE47361A794DF2F602F451BA46D
                                          SHA1:392F4D1E32CB05E39ED933B6B8906FC0292AC92D
                                          SHA-256:8619445B722FD79F8FEBB988CE6EF87042A377AB6168CB3765D37582A4F9996E
                                          SHA-512:89662E4BF91E76E7E0DE961952029F0D6BEDC8830D4D4486606DD7AEFC1F3B1309E3F7A8E66D066949E9E82A8594EC2557D7FFDFE76367AACE92B3C52FD80D78
                                          Malicious:false
                                          Preview:07:13:09.588.ERROR.Socket unable to read..07:14:21.434.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:14:21.444.ERROR.WebSocket connection error getscreen.me/signal/agent..07:16:28.912.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:16:35.404.INFO.Socket connected to getscreen.me:443..07:18:52.315.INFO.Signaling force websocket stop..07:18:53.337.ERROR.Socket unable to read..07:18:53.337.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:18:53.337.ERROR.WebSocket connection error getscreen.me/signal/agent..07:21:18.684.INFO.Signaling force websocket stop..07:21:19.001.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:21:21.470.INFO.Socket connected to getscreen.me:443..07:23:44.235.INFO.Signaling force websocket stop..07:23:45.132.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20251011.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1836
                                          Entropy (8bit):4.977478495301255
                                          Encrypted:false
                                          SSDEEP:48:zjDIjk1vRGjDtjVe+48D9j05XaakDBxvu3:Ej2gjVGkj05q5o
                                          MD5:96E3CA49294E14032D23261C530C3682
                                          SHA1:59F80381B3974A9C6B3A2F9094BFAD31A0A4C52A
                                          SHA-256:B64CAD6FAB9097FCAC3D7F60921B60B8584516CCA34EA6E4EE21D94EA12C6CFA
                                          SHA-512:97CA583224EB1846B1627F045047B70C3C8153A9F719D175256CC88B110320168CCC7D6C358B71373DA8F241D995795B3B0EBE435F5E9DA2FAC1E345253509AE
                                          Malicious:false
                                          Preview:10:48:29.781.INFO.Signaling force websocket stop..10:49:26.915.ERROR.Socket unable to read..10:49:26.925.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:49:26.925.ERROR.WebSocket connection error getscreen.me/signal/agent..10:50:25.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:51:26.981.INFO.Socket connected to getscreen.me:443..10:52:36.921.INFO.Signaling force websocket stop..10:52:37.333.ERROR.Socket unable to read..10:52:37.373.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:52:37.373.ERROR.WebSocket connection error getscreen.me/signal/agent..10:55:00.173.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:55:07.330.INFO.Socket connected to getscreen.me:443..10:57:25.393.INFO.Signaling force websocket stop..10:57:25.414.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20251013.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.9178561450012115
                                          Encrypted:false
                                          SSDEEP:6:IDyZX2XIX+WgIJUUtZM+sEud2M0CCQP5K0CNgjDDNBQEQ4:IC2KqRQj8P40B5T
                                          MD5:D43282D60451D7F29D82ADE5583CDE20
                                          SHA1:5684FE51366F5CDAEF9831B3ACBC0F4E2CE82C5B
                                          SHA-256:7C80EA6CD528029E89C814B8841A099378583CE16281C772E5E2FB610038F5F9
                                          SHA-512:71542DAAF9A9D7C78F0D99BBC6B7A94DC2097E116774CFF89AC9E00B4B2122464A65A195FE499365EE5C23FF90575EC0F59F50CCE42FFC11E7633810733A2EE2
                                          Malicious:false
                                          Preview:14:17:44.346.INFO.Signaling force websocket stop..14:17:48.140.ERROR.Socket unable to read..14:17:48.160.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:17:48.161.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251016.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.984322177221715
                                          Encrypted:false
                                          SSDEEP:12:jiK3WFChYYtvvLn2K3Cq39Qj8P40l5v32K3aKr2Ch7N2tvvn:jiwgGvtvr2wp39DA6+wriGx2tvv
                                          MD5:A66AEB143624F55BAD770FB5A67F176D
                                          SHA1:43CD6EEF7BB18DDF5BCDD3DCACF48C2B5F5FC8F4
                                          SHA-256:A3EEA04399033898F9B9388250B9C7524FBF732FEAB72B287E8DFD39D65BFD86
                                          SHA-512:7C7049504CD7726338C6B81230A3AC19F092DCCBFBBE4981F2A5918FD88C872ED75191407C38D4E2BE3729D6675592283A5EF432FE2AB907F6442C46A2356DB3
                                          Malicious:false
                                          Preview:17:32:49.343.INFO.Signaling force websocket stop..17:33:48.302.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:33:49.212.INFO.Socket connected to getscreen.me:443..17:36:45.606.INFO.Signaling force websocket stop..17:36:45.967.ERROR.Socket unable to read..17:36:45.997.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:36:45.997.ERROR.WebSocket connection error getscreen.me/signal/agent..17:39:11.204.INFO.Signaling force websocket stop..17:39:14.424.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:39:18.235.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251018.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.931452170593978
                                          Encrypted:false
                                          SSDEEP:6:Krds2XIX+WgIJUx3kMruEud2M0CCQP5K0C83uADNBQEQ4:GdXj3FuRQj8P40Z3uq5T
                                          MD5:C9C9922066E70C650AB95E20E4BB3A8D
                                          SHA1:BA7A825E848C6B341F71B509ACB8CDE70A0EF689
                                          SHA-256:19FF26A0BACA86123DA5138CB03A4FC461DBD1305761858626B1B050E0330426
                                          SHA-512:CA0C1955AC0CA00134C1D823576BD4959F14349947423D32CE3D4732BF54AD1CF307F47C5600C02DA8D38ABC2146B8995668AE088B08844C11D3389B0CF8C193
                                          Malicious:false
                                          Preview:20:54:13.065.INFO.Signaling force websocket stop..20:54:16.512.ERROR.Socket unable to read..20:54:16.562.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:54:16.562.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251020.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.628085278891396
                                          Encrypted:false
                                          SSDEEP:3:T9X2XINF+WgIO0/Vyn:TR2XIX+WgIJUn
                                          MD5:0F62B3E90983FBD35CAFECB0F1C741AE
                                          SHA1:30F371EEE19E3BBB1BBF787BBB9A5109B3A8CBC7
                                          SHA-256:AE47E5C07CAA202EFA0A979B1CE6A0F1EB1BD547E59DA2C58FB9B7FB7D0C4132
                                          SHA-512:673FB471110E0F748C099040BEF349F6169E134718E454858197DA5B2004785F9F9472DED0BBEF44ED17C14B39F113E7152948AB2F66E39C0370451D7B8E67B9
                                          Malicious:false
                                          Preview:00:09:58.095.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251022.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.753465268772973
                                          Encrypted:false
                                          SSDEEP:6:OausXXIX+WgIJU8Z5npn2XIXNLD4EQ+RQ3dzvRWl8Rvvn:OaLkpn2ChTGtvvn
                                          MD5:C6EC9429AD92E0FA485D0EDEE0E62EFF
                                          SHA1:F68C4DAB9DE32C927ED5F013E2E82B555CE2D7B0
                                          SHA-256:672D914FD22AFD32AAB7454C1645F340246974F726B773FE1FE1640A95B27D07
                                          SHA-512:15D1FF19C638C520DEDE95BB07AECF1F91473A2011F3169A6551788382D5E716F011A75C6FD3765B78B24725126344CBEC0E95A3ADCE68910F824AA9C03DBF76
                                          Malicious:false
                                          Preview:03:24:32.973.INFO.Signaling force websocket stop..03:24:37.936.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:24:41.098.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251024.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.996394938112361
                                          Encrypted:false
                                          SSDEEP:12:MXy36Qj8P401yi5tiGNn2CheeetvvB47wXwfajQj8P401wXI5T:wy36DAAyqtiGR2GedtvbjjDAAKUT
                                          MD5:975E4D99569273373C7BC82F6D34C63B
                                          SHA1:836497B692A9AE457DAFECE12824286965C2EF49
                                          SHA-256:CE2EB32C89C8D1E22AF92AE9F334F219D0C8A91A30F9F0F243CFDB9E53D01FB3
                                          SHA-512:8382BC42F346986A52BD71306CC2AA609486BC9372832C2F8385F5C11A956B56ED3ED6C49DA9315F6E847A028D82D0695C6693E4E74851377799C20D1CD50CB0
                                          Malicious:false
                                          Preview:06:39:46.565.INFO.Signaling force websocket stop..06:39:50.317.ERROR.Socket unable to read..06:39:50.348.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:39:50.358.ERROR.WebSocket connection error getscreen.me/signal/agent..06:42:04.051.INFO.Signaling force websocket stop..06:43:22.716.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:43:31.901.INFO.Socket connected to getscreen.me:443..06:45:48.345.INFO.Signaling force websocket stop..06:45:49.477.ERROR.Socket unable to read..06:45:49.507.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:45:53.262.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251026.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.932811169655486
                                          Encrypted:false
                                          SSDEEP:12:MbKj2ChBC2tvveXK3OQj8P40Sn5sKFwmChTitvvn:MbTGDtvimODAT5sgfG+tvv
                                          MD5:73EDB8A4897DD644DA01FACE4A458700
                                          SHA1:36F141AE1144E3F992154FD4A407ABE797430F53
                                          SHA-256:7B20BCB924A159C272272995E2F99D055708B11FE1998F8E1574ECCDDDFE5401
                                          SHA-512:2D76E869C234706FB030A00D8114DF31C6C90112C6F81B7EC566F34836249653FC252647609CB5286BFAB8C4618031CFC44087474BDE934BD1128C8DCC8C399F
                                          Malicious:false
                                          Preview:10:01:35.260.INFO.Signaling force websocket stop..10:01:38.174.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:01:45.874.INFO.Socket connected to getscreen.me:443..10:04:03.619.INFO.Signaling force websocket stop..10:04:03.679.ERROR.Socket unable to read..10:04:03.709.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:04:03.709.ERROR.WebSocket connection error getscreen.me/signal/agent..10:06:17.362.INFO.Signaling force websocket stop..10:07:41.920.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:07:42.353.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251028.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.721748002067049
                                          Encrypted:false
                                          SSDEEP:3:PhXG3rr2XINF+WgIO0/Vyn:pXG32XIX+WgIJUn
                                          MD5:676450650BBFD440B5F9C33D4BF6D41D
                                          SHA1:80A18EE9175F856CF6569192C4770DB9D5D33DD1
                                          SHA-256:E1D3BF1AE1766BEBEEA451368FEE7B4EF1845B3532471F06E4798B5688E32BDA
                                          SHA-512:CAE72D258BEEECDEDDBA39FA03F0E9751031D57405E5FE5365177A9EA954E14A93191F4321B52F2411A26E4B6AC239914516221AF04CC5AA5FE29333C266E67C
                                          Malicious:false
                                          Preview:13:24:26.924.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251031.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):255
                                          Entropy (8bit):4.858396102748465
                                          Encrypted:false
                                          SSDEEP:3:Kfmgt8XKZA12Ey33MX+//KKX76VyITHiC1uPLRyOML0Hi+33MTAUOg1MGXAELD84:KunMB3Uud2M0CCQP5K0C+3QDNBQEQ4
                                          MD5:FC7484B65D6403D9BC60178F0BCA7112
                                          SHA1:B80B60439B189DA11E2AE36D67E6926E76CF0434
                                          SHA-256:21D0B2BBDB218F0B3A9F82EA14F6C0326284BC6355557013FA8EC9393D56BF77
                                          SHA-512:1348305982036B0092BB320D1257F11B8E5DF2709BAD76DC26DEC37BAFE3A5E725570A8C89C16F1907FB7720312A54A3B6D3500D2C7E9C4503BC469168C091C2
                                          Malicious:false
                                          Preview:16:40:29.766.ERROR.Socket unable to read..16:40:33.696.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:40:33.696.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251102.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.775476175614507
                                          Encrypted:false
                                          SSDEEP:6:L3rs2XIX+WgIJUURr2XIXNLD4EQgfdzvRWl8Rvvn:rrXKoChhftvvn
                                          MD5:A3ADFC7009CDC4EF28C16DD4B7EA3AB2
                                          SHA1:16A6A9CD42D8AD0F1E7CA68462C8CE00ADD98ADA
                                          SHA-256:BFA506676DDAA6D44C67C0D2FBD2053D04634FE9FF19B8AA89201A04D6D3D37B
                                          SHA-512:1EE0B512F2512680A72C017B0481DABB7D4D35CB8E64672EE8CE5487C71A8B8386E717E87834BA695E4AEA4B3B2B9BCACAEE74CB9C681555783A99D641986D09
                                          Malicious:false
                                          Preview:19:55:52.767.INFO.Signaling force websocket stop..19:56:25.157.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:56:25.848.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251104.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.960570287537442
                                          Encrypted:false
                                          SSDEEP:12:2YFfIBCFfIBRQj8P40GfIBq5b3QxChXtvvn:2mywyRDARyCbgxGXtvv
                                          MD5:13369239C40E73112F03DEC2EBA62084
                                          SHA1:6B77974C90DCDA8A7E18175F82577059E6E14BBB
                                          SHA-256:7334E9152A02245ABD9B8AF33F0B31A51C9658CDFB232C657DE4DDBC5AD5B7A3
                                          SHA-512:DE7A27F17741060578699E7C4397434D4C6C91C565136D97F4BF098E11388786906E56CEC328227A1A75048C1DE0B1B88FD734D025B999A4157160D4024ED683
                                          Malicious:false
                                          Preview:23:11:30.785.INFO.Signaling force websocket stop..23:11:32.604.ERROR.Socket unable to read..23:11:32.604.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:11:32.604.ERROR.WebSocket connection error getscreen.me/signal/agent..23:13:15.980.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:13:21.129.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251106.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2519
                                          Entropy (8bit):4.985774254401697
                                          Encrypted:false
                                          SSDEEP:48:LgD9QqaNFDLHRNqDGgQtuNQDmwMiNhDZjKDhN/:YQnHJgQtawMmC3
                                          MD5:E16EEC42208B3D712ADD7647D8E1A73F
                                          SHA1:8F35F0A7F90E26BF0CEEE826ECB148D8EEF3680F
                                          SHA-256:57682AEFA2B452BC952A459B999B009B786D6ADE8213670976D6D3AE4753F51D
                                          SHA-512:2392C26F597D830AF18A72D8D5E2F47CAF9B0661010B53721209ED528952BD106993A5BA652632457E1E24A49C3277C39709A173119FD1DF46F4B44A4EBEE1D6
                                          Malicious:false
                                          Preview:02:28:16.386.INFO.Signaling force websocket stop..02:28:20.957.ERROR.Socket unable to read..02:28:20.957.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:28:20.957.ERROR.WebSocket connection error getscreen.me/signal/agent..02:29:21.867.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:30:24.346.INFO.Socket connected to getscreen.me:443..02:31:35.873.INFO.Signaling force websocket stop..02:31:36.405.ERROR.Socket unable to read..02:31:36.435.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:31:36.435.ERROR.WebSocket connection error getscreen.me/signal/agent..02:34:01.508.INFO.Signaling force websocket stop..02:34:18.288.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:34:23.893.INFO.Socket connected to getscreen.me:443..02:36:41.751.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20251108.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.960480076166803
                                          Encrypted:false
                                          SSDEEP:6:rMoud2M0CCQP5K0CEdDNBQEQYT9CXXIXNLD4EQPas2dzvRWl8RvvBKjmXIX+WgI+:+Qj8P401l5t0CheaXtvvBX5
                                          MD5:4F3C5BE758820335FB5FBC83E2C04E4E
                                          SHA1:014CD39B5F6458C52B8D2A441DDF7A2CC43F130D
                                          SHA-256:EEE9D3DBC7CE1DD5CB7BE4E03460F789D1DEAA11696C8D89496596895A2D8BA2
                                          SHA-512:668B96D1151210DB48BB8F4CF22EB09FA102962D8458FAA6391E309DE3AD5A591EAFF5E1E858837C113A5B8AE550D7CD2C5B076CDFA46354ACC928D196384927
                                          Malicious:false
                                          Preview:06:07:05.126.ERROR.Socket unable to read..06:07:15.274.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:07:15.284.ERROR.WebSocket connection error getscreen.me/signal/agent..06:09:16.181.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:09:21.347.INFO.Socket connected to getscreen.me:443..06:11:41.620.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251110.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3820
                                          Entropy (8bit):5.000107538258136
                                          Encrypted:false
                                          SSDEEP:48:cDDCBR5ewuDfh7ViZ5DpKbbsHL1DL6Na7DHe1vX0RqRHRuDwRZJsvjLsDISK3J:KCBXeZhnbiV6qgxJ23dS8
                                          MD5:946B45629372D5AA12C3AB0034B06010
                                          SHA1:A6846C2445CDE934F2D019C97D235C08663D3B04
                                          SHA-256:BDAD14125E99599546FAD6E07FA0C473E5EF44263711E75CB269D3924D691B37
                                          SHA-512:E9FBF4748F1415C166E5448ED6515005A3EACECDB1FA010A219C367E10F870F6B8F7B63CC31E3C5D8B0AA52D1CDC8DA3E8B905A13A84E549BED087B50A4E6A43
                                          Malicious:false
                                          Preview:09:27:51.404.ERROR.Socket unable to read..09:27:55.175.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:27:55.175.ERROR.WebSocket connection error getscreen.me/signal/agent..09:30:20.459.INFO.Signaling force websocket stop..09:30:22.082.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:32:45.574.INFO.Signaling force websocket stop..09:35:11.030.INFO.Signaling force websocket stop..09:38:05.368.INFO.Signaling force websocket stop..09:40:30.906.INFO.Signaling force websocket stop..09:42:56.352.INFO.Signaling force websocket stop..09:44:03.898.INFO.Socket connected to getscreen.me:443..09:45:21.511.INFO.Signaling force websocket stop..09:45:21.703.ERROR.Socket unable to read..09:45:21.703.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:45:21.703.ERROR.WebSocket

                                          C:\ProgramData\Getscreen.me\logs\20251112.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):432
                                          Entropy (8bit):4.975504652816034
                                          Encrypted:false
                                          SSDEEP:6:P2XIX+WgIJUUhm2dzvRWl8RvvP+Y1XIX+WgIJUUP3EMe3Eud2M0CCQP5K0Cv3ADh:P2Ko2tvvPV1KPcBQj8P40E65T
                                          MD5:B930CB543307FD83680622D5374E4794
                                          SHA1:39E5B4A5F530598C72BF704FAC85D8F864247341
                                          SHA-256:A98E99D756B5A6EAE9D930F66CEADD40FEC6A2A52D9644BD173F071B99540B0C
                                          SHA-512:2340597C9FD265A065725D2A4291F320995AA8679C1073E5453B7D5485836EC5B0AE7CF5AEF82B2A83AC628589A234C36F352834B6E4B3471291BA9AE8AE7FDD
                                          Malicious:false
                                          Preview:13:36:54.396.INFO.Signaling force websocket stop..13:38:10.994.INFO.Socket connected to getscreen.me:443..13:39:24.618.INFO.Signaling force websocket stop..13:39:25.020.ERROR.Socket unable to read..13:39:25.020.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:39:25.020.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251115.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2087
                                          Entropy (8bit):4.99166056677551
                                          Encrypted:false
                                          SSDEEP:24:mU2GjtvVKDAeEARGVRtv/uRDAqCyGFtvw8ODAY5RG5tvlkDARaGC2in2GY:/pEDHQ90D2T3QDBcL6DsaxJvY
                                          MD5:E4069E1761E7983D4C23211B3E3874E4
                                          SHA1:46D35157021E5C64C60288AC2D802966610CDF28
                                          SHA-256:F69568FEF0312AE34B2961AB1F4ED5D10EDCFAA5506884F172BD25FA37307768
                                          SHA-512:F87E63C3A6D4E63A071117D04DFAB00F45125C7A22B11230C36A36302DBAD50629D3C4A85ECE4204A2402131BF53B7A16A6A2A12BF7CF3EBA562300FDFCD1A5B
                                          Malicious:false
                                          Preview:16:55:38.051.INFO.Signaling force websocket stop..16:55:38.090.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:55:56.257.INFO.Socket connected to getscreen.me:443..16:58:10.161.INFO.Signaling force websocket stop..16:58:10.443.ERROR.Socket unable to read..16:58:10.554.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:58:10.554.ERROR.WebSocket connection error getscreen.me/signal/agent..17:00:24.012.INFO.Signaling force websocket stop..17:01:12.218.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:01:18.985.INFO.Socket connected to getscreen.me:443..17:03:36.113.INFO.Signaling force websocket stop..17:03:36.564.ERROR.Socket unable to read..17:03:36.604.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:03:36.604.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20251117.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1299
                                          Entropy (8bit):4.985172249413872
                                          Encrypted:false
                                          SSDEEP:24:Y/tvODAgsbVGG+Ntv2OB1DAg4bV+2zNG+vtv4QNDAg/T:QGDpsbV/+v1Dp4bV+V+FAODp/T
                                          MD5:5981145BD3CBBDA1231D089BB31EDFF6
                                          SHA1:B102ED00130D54D150C721B34B05E6798CEDB321
                                          SHA-256:574DBEBD62FC303F1844D5176D0C647C1C26D7050698A5C16FA3B0C43654F00D
                                          SHA-512:A800B18510342D7C45C562086B29B11E487AF1E2EDA3B5292956943B75FE3CFCB1B15BA6687E534C5339A0E55EB7607D46F7C05BF720CE0AF103F57C1D8558E2
                                          Malicious:false
                                          Preview:20:28:39.954.INFO.Signaling force websocket stop..20:28:44.733.INFO.Socket connected to getscreen.me:443..20:28:49.330.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:28:49.553.ERROR.WebSocket connection error getscreen.me/signal/agent..20:31:10.858.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:31:20.230.INFO.Socket connected to getscreen.me:443..20:33:34.427.INFO.Signaling force websocket stop..20:33:34.848.ERROR.Socket unable to read..20:33:34.889.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:33:34.889.ERROR.WebSocket connection error getscreen.me/signal/agent..20:35:47.536.INFO.Signaling force websocket stop..20:36:02.103.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:36:05.735.INFO.Socket connected to getscreen.me:443..20:38:27.265

                                          C:\ProgramData\Getscreen.me\logs\20251119.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.966721881051146
                                          Encrypted:false
                                          SSDEEP:12:2YwXChz2tvvYBmYzFzUQj8P40Ul5biV2Chbltvvn:2ZGz2tv7fDA7bs2Gbltvv
                                          MD5:1776C9AA76379DE024AB8BC66DF06317
                                          SHA1:3EEEDB5FEEE9C75CC487DF46B87007464430BDE7
                                          SHA-256:E3328A891D18F289A6479CD4A4FEFA8EE37DCCB094F14E17D909F1A9F12D789B
                                          SHA-512:7C245A216128DA2EB5235345EAE89F49613AAD5EF434C9C18A2D40606939DC22105193B83E646C5CEA8D568295E103BD9595C410C739B00B4FB8942D116C18D3
                                          Malicious:false
                                          Preview:23:53:19.559.INFO.Signaling force websocket stop..23:54:10.619.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:54:11.513.INFO.Socket connected to getscreen.me:443..23:56:35.122.INFO.Signaling force websocket stop..23:56:35.143.ERROR.Socket unable to read..23:56:35.143.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:56:35.143.ERROR.WebSocket connection error getscreen.me/signal/agent..23:58:44.379.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:58:47.078.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251121.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.628085278891396
                                          Encrypted:false
                                          SSDEEP:3:OJlP73qXXINF+WgIO0/Vyn:OJ572XIX+WgIJUn
                                          MD5:A23853AF2C81914318065CBD9EE24E3B
                                          SHA1:7CD25349DB6DD4647EAB80B6BFADD0E364E85F51
                                          SHA-256:94A41A414C2ABED875E9C4847ADDA26E81FD154C0E7D857BD02C55BB91441C48
                                          SHA-512:8B4CECE9B1D340A38D65F5B5C714B892067F3D8E261D72C29D150D3051C49EEE8E2FC642447AFD06352B8C0D38A642E5C1B9B5BC97FA1B66D50AA6F48E71E32A
                                          Malicious:false
                                          Preview:03:15:33.130.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251123.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):255
                                          Entropy (8bit):4.8409750632550965
                                          Encrypted:false
                                          SSDEEP:3:stiyKZA125o5Wfsb+//KKX76VyITHiC1uPLRyOML0HiEo5R3syaDAUOg1MGXAELT:mMwYsbud2M0CCQP5K0CEoP3BQDNBQEQ4
                                          MD5:11E76E73BF50142C836A39D1BE30BB0F
                                          SHA1:5EFDFBB2363A40204B76B2076F2EE02597E982C5
                                          SHA-256:8EF4DED35AC7AD8856DF58870BF14D1EC017F48E7FD0619085F0CF2357F76260
                                          SHA-512:45EA20C7795321AC93A1E8110A6D0E3EB3F2A1C07477845273CB78126B486CA38888824615517E7F345F000CBE4FDD5183639997E56419D39A50BAC48723087E
                                          Malicious:false
                                          Preview:06:32:33.432.ERROR.Socket unable to read..06:32:37.388.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:32:37.408.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251125.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):260
                                          Entropy (8bit):4.808558691618608
                                          Encrypted:false
                                          SSDEEP:6:4mLjmXIX+WgIJU2HXon2XIX+WgIJU2H9XIXNLD4EQIgmdzvRWl8Rvvn:/jmoA2oH9ChImtvvn
                                          MD5:9E1676C98C67B1F728DAEDE242091299
                                          SHA1:D3E699C4D5A18F7D1DE873BBE3BA2D27D980DADF
                                          SHA-256:CBD8A2216FF29FBA3B2100FF163481E01E6F22457F49CFA7BC19ED71B3B09E7A
                                          SHA-512:5FF2ECFC820E023BF23967A96F1A6802669A642E459602D07E4823A1B8A03104FF79A4C414678FA1337D43565DBBA1828F42583E7EC4A49968DF977B6B199015
                                          Malicious:false
                                          Preview:09:47:26.408.INFO.Signaling force websocket stop..09:49:43.256.INFO.Signaling force websocket stop..09:50:17.369.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:50:30.009.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251127.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.976589881214697
                                          Encrypted:false
                                          SSDEEP:12:5iKrnQj8P40W5fu2KEHjmCh3aeAtvvP855iKOBwQj8P40ikqn5T:QaDAzfu2MG3AtvXHrwDA55T
                                          MD5:B49C8316E50A1C2FC0982DFC0F2BE3DA
                                          SHA1:98DE1A8617B72014DA4517230FCAC8A4ED573ED6
                                          SHA-256:7A1D8B783675304684AAC28FCECE913E3A7215469A16005CFDEB0D61A95A911B
                                          SHA-512:7F58731D845DE8FC3E667A770FB09A428A9422C8752F41F8120704EAFF4CF97D422D2B5B51744664D910BF5E8A37770E88F0E9A83A2340F74C2D1B77A28ED282
                                          Malicious:false
                                          Preview:13:07:01.468.INFO.Signaling force websocket stop..13:07:53.671.ERROR.Socket unable to read..13:07:53.702.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:07:53.702.ERROR.WebSocket connection error getscreen.me/signal/agent..13:10:19.176.INFO.Signaling force websocket stop..13:10:50.965.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:10:51.842.INFO.Socket connected to getscreen.me:443..13:13:03.703.INFO.Signaling force websocket stop..13:13:04.114.ERROR.Socket unable to read..13:13:04.144.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:13:09.283.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251130.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1749
                                          Entropy (8bit):4.994772543285407
                                          Encrypted:false
                                          SSDEEP:24:w2WRR2Gw2tv9SNDAzditGmtvty2OfODAT5lx2GSS2tvHci/DAGSrFQZsG1tvv:wFRRvwawDOdFKly6DQjvSSaRDxS5Un3
                                          MD5:19CF11A4A23AF9007EA76AFBA6569863
                                          SHA1:3F8CE277D10C9C351D2FCD0BA8095FF11217426A
                                          SHA-256:78A5EC41B267C7A9A34406070EE530F95BD4F0988FBB74CC411DF22D01DE2FEE
                                          SHA-512:535952C225383D5AE58C18DFD87E9AF3B86ABCA8006902045FA87E93AD81491ED1954D2F1BD075153BAE58FD7D509C49E14AE626283A3D4289513A5BDFF1AE7D
                                          Malicious:false
                                          Preview:16:28:46.536.INFO.Signaling force websocket stop..16:28:54.326.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:29:07.476.INFO.Socket connected to getscreen.me:443..16:31:20.150.INFO.Signaling force websocket stop..16:31:20.682.ERROR.Socket unable to read..16:31:20.722.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:31:20.722.ERROR.WebSocket connection error getscreen.me/signal/agent..16:33:45.981.INFO.Signaling force websocket stop..16:33:46.024.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:33:56.841.INFO.Socket connected to getscreen.me:443..16:36:11.232.INFO.Signaling force websocket stop..16:36:13.055.ERROR.Socket unable to read..16:36:13.055.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:36:13.055.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20251202.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.964895595059808
                                          Encrypted:false
                                          SSDEEP:12:c2R7aw6Qj8P40Zyb5bVWm2Ch+mD2tvvzQ5:HR+w6DAgytbVWm2G+NtvLQ5
                                          MD5:5BD64B5100CC9F4E6E27FB308D6D802B
                                          SHA1:70F49CCEE9E0993DB7ADC83BAE4F97AFEFDBCD71
                                          SHA-256:6A4A49852BA45120DEFBE382BBC645FB7DDAD5E6753E2F4531DF8708E6DA4D11
                                          SHA-512:D57D71A9EDB1AB20224980B5CEF2B41BDB7994DB413CB3AEEFEA2875E19A15D3267C53ED0812280B017EB304C6C1E458DFFFA0216E73A968D545B21833C5209F
                                          Malicious:false
                                          Preview:20:00:40.984.INFO.Signaling force websocket stop..20:00:48.719.ERROR.Socket unable to read..20:00:48.769.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:00:48.769.ERROR.WebSocket connection error getscreen.me/signal/agent..20:02:47.399.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:03:51.684.INFO.Socket connected to getscreen.me:443..20:05:01.525.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251204.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1592
                                          Entropy (8bit):5.004602505831358
                                          Encrypted:false
                                          SSDEEP:24:ocODAObzGhtv32G/DApbGGv4rQtvZtDAbbXbGdm9Cvy+5:ojD/bKDfRDsb/ZzDibivp
                                          MD5:460F55045DFC2D26122B857C602D9715
                                          SHA1:713F6B4BBB0A65DFB030D9709E80A66C0A12A029
                                          SHA-256:FBAD0599E5453A288E4CAB0A4A59F88144D590A2A0A2B86E1C3CC55A804D26F9
                                          SHA-512:C8FEBFE4EC37D43147C9FBD9CC6D78F8EEE859FF8A2AB82B0163731C5F408A24E795F2E0BC25B668B8D1BCF254EDE0159C397F962837AC9E3FFEE0BEC7221F70
                                          Malicious:false
                                          Preview:23:22:10.102.ERROR.Socket unable to read..23:22:20.283.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:22:20.284.ERROR.WebSocket connection error getscreen.me/signal/agent..23:23:47.877.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:23:53.682.INFO.Socket connected to getscreen.me:443..23:26:11.986.INFO.Signaling force websocket stop..23:26:12.568.ERROR.Socket unable to read..23:26:12.598.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:26:12.598.ERROR.WebSocket connection error getscreen.me/signal/agent..23:28:03.152.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:28:27.709.INFO.Socket connected to getscreen.me:443..23:30:29.189.INFO.Signaling force websocket stop..23:30:29.249.ERROR.Socket unable to read..23:30:29.269.ERROR.SSL

                                          C:\ProgramData\Getscreen.me\logs\20251206.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):121
                                          Entropy (8bit):4.6519199586061415
                                          Encrypted:false
                                          SSDEEP:3:OXb7j2XINF+WgIO0/VyVW16Tds2dzvRWAAEzRWovn:Or7yXIX+WgIJU816TdXdzvRWl8Rvvn
                                          MD5:73A824E301E5AB4A37FFA9A4134B2F98
                                          SHA1:35081D390FA10140414A09CE49E8F2063B682229
                                          SHA-256:60C04750537696EF2B31CBE49F322F2BFBA0E53D2FC5F3978F3A9F4DBE02B6D2
                                          SHA-512:A3375150C4143A002FEDA5EC66ADDC604A31852CBD2B841E40A92C9C2F56B2212579910A944DAF09AAA7E25630224B4FC03A3715BC100C2DF01E17BF7516028A
                                          Malicious:false
                                          Preview:03:00:35.488.INFO.Signaling force websocket stop..03:02:44.369.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251208.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):918
                                          Entropy (8bit):4.9932185633655495
                                          Encrypted:false
                                          SSDEEP:24:mExDAADith2GeHQtvKQ8AhDAA8ytXGeNQtvv:TDIPvCASRAhDmyIP3
                                          MD5:2E319799517F25EBD58CD71FA3F3EA7A
                                          SHA1:435F01C97061E915F4EE792C742CC64838B96776
                                          SHA-256:402C645BFBDB183B7AC845381DA3EE93DBC8A783914DF888B479BA9915F2780A
                                          SHA-512:B7061C898F625CD7BE0B8255CBE0F76C6A1667287FF907149EB4039092A0A9DF9C1B1C333FBC51C6F99626B7539D7A71516A2811CFC2ABB16E434A76324A77FF
                                          Malicious:false
                                          Preview:06:17:27.832.INFO.Signaling force websocket stop..06:17:37.805.ERROR.Socket unable to read..06:17:37.815.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:17:37.815.ERROR.WebSocket connection error getscreen.me/signal/agent..06:19:27.126.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:19:35.808.INFO.Socket connected to getscreen.me:443..06:21:51.312.INFO.Signaling force websocket stop..06:21:51.392.ERROR.Socket unable to read..06:21:51.512.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:21:51.512.ERROR.WebSocket connection error getscreen.me/signal/agent..06:23:55.554.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:24:09.249.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251210.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):747
                                          Entropy (8bit):4.995783947273711
                                          Encrypted:false
                                          SSDEEP:12:4amomsQj8P40i58YNrioJyChviiR2tvvYX+s2oxcQj8P407:4amUDAb8arikyGvzR2tv1HDA2
                                          MD5:43A922442A09039771D3F55A8E3FCCA3
                                          SHA1:9D9AC75ECC67A1BC1998119DA347DCF10B3663CE
                                          SHA-256:F9714D38B83D3910BD0AC1F0B34F293C3BFF15321B94D5EF77010E97614E1206
                                          SHA-512:4DAFFC55EFDD7C1FF563D5239582C606A66556E25BFF8F2AC2A27C5985DEDFD4215C61BF6E5350A932504A0813E221BA86F652E721ACE60AA3DF5650EE103731
                                          Malicious:false
                                          Preview:09:39:09.527.INFO.Signaling force websocket stop..09:39:22.952.ERROR.Socket unable to read..09:39:22.962.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:39:22.962.ERROR.WebSocket connection error getscreen.me/signal/agent..09:41:36.135.INFO.Signaling force websocket stop..09:42:27.728.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:42:38.506.INFO.Socket connected to getscreen.me:443..09:44:53.211.INFO.Signaling force websocket stop..09:44:55.025.ERROR.Socket unable to read..09:44:55.025.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..

                                          C:\ProgramData\Getscreen.me\logs\20251212.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2343
                                          Entropy (8bit):4.98465829323232
                                          Encrypted:false
                                          SSDEEP:48:N0Wf+MBDDMSgNrmfsD24qTfGND+ov7fODwdC3:N0ZUzgBY4qaAizds
                                          MD5:CCCF27F663EBF158D6A41981C02F0038
                                          SHA1:FA9552ABE34A6627B7F2C088023E6A00E9CC9842
                                          SHA-256:5C9AE7E93FFD00F941824BB4917C8D8BA14C6D0429E6FA43766A9952FB4CEBE8
                                          SHA-512:08C28A198E86F9FED094875AEE573F4DEFEE024C11BEB8075E83C85424AF2FF551741544ACF85B90694A9B5A0E8453A48DD0C7A1900A66A9B3B3BBA7DE200AA6
                                          Malicious:false
                                          Preview:12:59:23.585.INFO.Signaling force websocket stop..12:59:23.886.ERROR.WebSocket connection error getscreen.me/signal/agent..13:01:59.213.INFO.Signaling force websocket stop..13:02:57.971.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:03:08.961.INFO.Socket connected to getscreen.me:443..13:05:23.400.INFO.Signaling force websocket stop..13:05:23.471.ERROR.Socket unable to read..13:05:23.511.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:05:23.511.ERROR.WebSocket connection error getscreen.me/signal/agent..13:07:44.498.INFO.Signaling force websocket stop..13:09:39.517.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:09:51.622.INFO.Socket connected to getscreen.me:443..13:12:05.303.INFO.Signaling force websocket stop..13:12:05.323.ERROR.Socket unable to read..13:12:05.323.ERROR.SSL hand

                                          C:\ProgramData\Getscreen.me\logs\20251215.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.9973340424095065
                                          Encrypted:false
                                          SSDEEP:12:trKYkHkRQj8P40vkq53qr2KXiCh+KtvvqO2KqLRQj8P4005T:ZlU6DA8tHaiG+KtvcFLRDAxT
                                          MD5:5EA23E22E45624509BB9C5CD1891D88E
                                          SHA1:0B55273FEE96D96ACE17956D4D67D049C322C877
                                          SHA-256:C7B162579DF9C0651947F4B83ED41796DC93149104B7F70917A10AE99B1C9BAC
                                          SHA-512:AB4B77A6BB91872F7D9D4729B767A68C2CD9D6125C83594718E07EE95F4E27BF8DB0C78E3AA9C61526275002E4CD0B1DD25B3F0521A7B17FAF2A9767237457E5
                                          Malicious:false
                                          Preview:16:41:17.832.INFO.Signaling force websocket stop..16:44:17.002.ERROR.Socket unable to read..16:44:17.002.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:44:17.002.ERROR.WebSocket connection error getscreen.me/signal/agent..16:46:29.494.INFO.Signaling force websocket stop..16:47:16.080.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:47:24.637.INFO.Socket connected to getscreen.me:443..16:49:41.544.INFO.Signaling force websocket stop..16:49:42.286.ERROR.Socket unable to read..16:49:42.286.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:49:48.963.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251217.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.784585443016094
                                          Encrypted:false
                                          SSDEEP:6:oyXIX+WgIJUPYRw2XIXNLD4EQjkaXdzvRWl8Rvvn:JRYRDCh+PXtvvn
                                          MD5:7B121FEC66DB740EC56E2D199F46D802
                                          SHA1:B659B54A553CF4B6201839981D3370557616A600
                                          SHA-256:C8804C8053AA64CE1B44BB6710616D237CE8D01B874180D784ECB9C7579CCFAA
                                          SHA-512:E26C6CA4E6B0A742FE233A06CA6B58280A627E132E32683FEF7A0AC1A51FF3B7E1C814FCF0CB9B51A77847898092E752C6B2611CE5023A61C2F27282B51A83D3
                                          Malicious:false
                                          Preview:20:05:43.528.INFO.Signaling force websocket stop..20:06:14.285.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:06:22.791.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20251219.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2606
                                          Entropy (8bit):4.965829601107633
                                          Encrypted:false
                                          SSDEEP:48:VnDObh7nDibvyVQKBD9bsJioDRbBKW5/RD6Cbgn5DTT:Vid6LIQsE15MZT
                                          MD5:78C3C5411B9B94A9BDD13822356AAC7B
                                          SHA1:6A7009A1C0A55D9DD34170550A45EC0C370890F1
                                          SHA-256:C08605274D5A8B8896BE1BAC37CC5E35B64E8073E17039B64BE5F01765295C0B
                                          SHA-512:F3AC95B0F1A28560EA808CF3A7CB4F241D4425852D2CD8DA79A37BB128C2A7147DB9CB2486D12337FFBDE81F8D083C781FCF1B22B7BCB5D5D9DA86086AB5226E
                                          Malicious:false
                                          Preview:23:22:08.811.INFO.Signaling force websocket stop..23:22:13.393.ERROR.Socket unable to read..23:22:13.423.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:22:13.647.ERROR.WebSocket connection error getscreen.me/signal/agent..23:23:20.460.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:24:22.287.INFO.Socket connected to getscreen.me:443..23:25:32.330.INFO.Signaling force websocket stop..23:25:32.941.ERROR.Socket unable to read..23:25:32.941.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:25:32.942.ERROR.WebSocket connection error getscreen.me/signal/agent..23:26:58.763.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:27:01.444.INFO.Socket connected to getscreen.me:443..23:29:22.425.INFO.Signaling force websocket stop..23:29:22.726.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20251221.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.770942421748538
                                          Encrypted:false
                                          SSDEEP:3:yTfFPjrWXXINF+WgIO0/Vyn:yTB2XIX+WgIJUn
                                          MD5:232FF8E544E2783D943DCE82CF6BD54C
                                          SHA1:4CAFCED83B70900CD8CDBFBA3F3B646F696A709B
                                          SHA-256:0DBB49A9A671C99C7892131FD1DEF70BC0A39236DBF3B2638DEB377670A22033
                                          SHA-512:4DD86AE5FDD1CF0067B89D34D0A43F82436181E2AA6594A606A2AAE19627C9D0B1BC1D0923B17EFA253B04E28F681C2B90FB33019E537F8BC6D90CA211BAE98D
                                          Malicious:false
                                          Preview:02:56:20.978.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251223.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.951141668921157
                                          Encrypted:false
                                          SSDEEP:6:vHLtQXIX+WgIJU0QXIXNLD4EQPGZmdzvRWl8RvvBIopXIX+WgIJUyoqxUMooayUN:vpQGQCheG8tvvBPqHBQj8P401965T
                                          MD5:C10E9583D5C9404DD06A893509E0AC76
                                          SHA1:B6A67B4F86945DAD19582F636E3619569F5D1291
                                          SHA-256:0E399C5D11C83C383A89F71899851D558B8432DBB6A1A8468A5ACEE169459341
                                          SHA-512:76BC8444A343EFB6AFA41385B44F27F63AE74A54FEAA0526D91045F6A2E322F1A2BFC2DDFB70013B1A4D3AC245680D9049CBAC74BEE1563E3E4014DFE3FE4080
                                          Malicious:false
                                          Preview:06:11:22.192.INFO.Signaling force websocket stop..06:12:08.150.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:12:13.301.INFO.Socket connected to getscreen.me:443..06:14:32.001.INFO.Signaling force websocket stop..06:14:32.232.ERROR.Socket unable to read..06:14:32.282.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:14:32.282.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20251225.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):139
                                          Entropy (8bit):4.809741543138587
                                          Encrypted:false
                                          SSDEEP:3:4Kss2XINF+WgIO0/VyVc6AXXINFDhL1JDEELD8Kru5:4KR2XIX+WgIJU2PXIXNLD4EQh
                                          MD5:3E9F0D4987C700A7BFC1736713662993
                                          SHA1:CF239DBB88FD718ACF507E612BA9FBFF367703A4
                                          SHA-256:2EE54E5A1E5C7C6C0BBF569645F9D067141B8B27CB1AAF74D7F434BD529C911A
                                          SHA-512:A7B55AB9FFEB48970CFBD936FE6E7001E17B148ED88BC00C289E9C848B2432670D08A999B4FE00347C0B43428079ABC602F435B2E8252C71C5885AA4389C0CF6
                                          Malicious:false
                                          Preview:09:29:51.624.INFO.Signaling force websocket stop..09:30:37.640.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20251227.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):168
                                          Entropy (8bit):4.833770734617252
                                          Encrypted:false
                                          SSDEEP:3:OfRLcLV3X2XINF+WgIO0/VyUpdfFsaXXINF+WgIO0/VyUoat7s3mXINF+WgIO0/s:O5LcLVn2XIX+WgIJUUz1XIX+WgIJUUoM
                                          MD5:9C56A4B4B21D7EF69F6697BAEF0351EC
                                          SHA1:F1BABF3845E80222BD6BB904964C651E476DE3DE
                                          SHA-256:1CE173CD0494CFB80577FB7F6EB973E80E8C45EB6C5844D5DAE1174AF25A084F
                                          SHA-512:066BF8D23E67627F7A17CD780636742A59BBB4DB612C43438DE65ECCA62454080FF134E0352C96E3D8F4C0DEE40C0C3265F0C24FFC4D2A3FAA4FAF20578335A2
                                          Malicious:false
                                          Preview:12:45:59.756.INFO.Signaling force websocket stop..12:48:28.780.INFO.Signaling force websocket stop..12:50:54.032.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20251229.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):891
                                          Entropy (8bit):4.967314998208572
                                          Encrypted:false
                                          SSDEEP:24:KVQ+tvrXQMkRDA3kCRJGAfwXtv9y6DA9ST:uWRDRCRUAfo06DCST
                                          MD5:FDCC0053C98C9A8200BB730D1D752074
                                          SHA1:FD89FB7A0373E3C3067A470060F1A7E609C4FC91
                                          SHA-256:0F8293AAC2BD2C3777DFCA664850DA6960BF55FADF893695FEFAD40FB3DE1632
                                          SHA-512:1846DCE81998FA8DD6DC1D82EAECBE9AAE4AF52178B243D59BD39BFEEDA4B0C95D649EFFED0BD2F2565759D7A44446B0C14B2CEEFD70A890987939A8A8DC039C
                                          Malicious:false
                                          Preview:16:07:34.037.INFO.Signaling force websocket stop..16:09:30.298.INFO.Socket connected to getscreen.me:443..16:10:08.252.INFO.Signaling force websocket stop..16:10:08.322.ERROR.Socket unable to read..16:10:08.363.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:10:08.363.ERROR.WebSocket connection error getscreen.me/signal/agent..16:11:06.121.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:12:07.939.INFO.Socket connected to getscreen.me:443..16:13:20.161.INFO.Signaling force websocket stop..16:13:20.442.ERROR.Socket unable to read..16:13:20.482.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:13:23.014.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260101.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):5.00959146454115
                                          Encrypted:false
                                          SSDEEP:12:nFU2KgX2ChJitvvrXKoLuBLuRQj8P40JLuq5T:nRr2GJitvLTutuRDA6uCT
                                          MD5:804620A890358CFFF33B0261BBF2AAFD
                                          SHA1:A7710C323993A45824EE94F6B25E80C984E34F38
                                          SHA-256:26E81F57C4225C9B85E9632AACE93551D2087FA8DAE0FDA23DEA83ED090034D7
                                          SHA-512:5E2C146C3850F6159A674B7F739C1C3B8E450F833053F64A8C79098A0C61E74EE73126C1A64C939A101A210EB319FC66E294482AE14A2A42704E963630002D6F
                                          Malicious:false
                                          Preview:19:28:15.744.INFO.Signaling force websocket stop..19:29:29.486.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:29:37.282.INFO.Socket connected to getscreen.me:443..19:31:52.628.INFO.Signaling force websocket stop..19:31:53.089.ERROR.Socket unable to read..19:31:53.089.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:31:53.089.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260103.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.973954557495743
                                          Encrypted:false
                                          SSDEEP:6:HiXIX+WgIJUQl2XIXNLD4EQh5QkN2dzvRWl8Rvv48sn2XIX+WgIJU4nBHMqnLbuS:Cul2ChKN2tvvsn281L6Qj8P40aLb5T
                                          MD5:C2FC5715F9101D8A5B7FADCDF8A49F93
                                          SHA1:A0F231BCB620A18A8E7BFF71637E45679E715845
                                          SHA-256:83C519A9C3E36F3BCBB20B46419EDD0D8C6D53DB90F93425463E1414FAD49D4C
                                          SHA-512:98A90A0C4D1D152DC93257A22838C931859266D19AC56593C11DF9F32EEA9FE26AA900444B627FE3A554EECABFD22DB596D0E88A073D199B03296A01180EDC0F
                                          Malicious:false
                                          Preview:22:46:37.523.INFO.Signaling force websocket stop..22:47:58.326.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:48:00.390.INFO.Socket connected to getscreen.me:443..22:50:38.814.INFO.Signaling force websocket stop..22:50:39.225.ERROR.Socket unable to read..22:50:39.245.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:50:39.245.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260105.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.761971825113706
                                          Encrypted:false
                                          SSDEEP:6:p5jmXIX+WgIJU3eSZXXIXNLD4EQLiXdzvRWl8Rvvn:pQdXChaiXtvvn
                                          MD5:636401878FA177F3DB1C5EA3166FEA44
                                          SHA1:C1006D775133421F3A907DF65E2F57E9A9F4AF78
                                          SHA-256:5948628030B6F5C38F1C0E4CE8AB5493E01200426DBA0736105D456DA01C753A
                                          SHA-512:940DB9DB5CF6F84643ACFEFFED4739835A065A055FC05FAAF09EF76B992EB2E442A3B692FE5EB3FA4402D61BDAEE07D9F7BA326777C13C179B18A4A8DEBF8E12
                                          Malicious:false
                                          Preview:02:06:28.349.INFO.Signaling force websocket stop..02:06:47.783.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:06:49.348.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260107.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.899321098952137
                                          Encrypted:false
                                          SSDEEP:6:0Hmg2XIX+WgIJU66c3UMsfyc3Uud2M0CCQP5K0Cac3QDNBQEQ4:m2k3u3BQj8P40A65T
                                          MD5:6F3F47DFDD7FCD28950633E1A90C156C
                                          SHA1:0E3677B7A1438CD44091CBE6E7140EC6D5034ADA
                                          SHA-256:4FBE16D32397207AE6F56D1E923CEE58A5A63DB1A3F3A12B7BB948CA9C756884
                                          SHA-512:6968A65FA28E88AAA4C3F4B1D58F2030E02CF11BC0D524D71AB13B5AD62999F0E688E3A4B83B248CC8166C6A6376DD23564D0E7361A42CA8DA3A0E6B31FFF6FE
                                          Malicious:false
                                          Preview:05:22:25.256.INFO.Signaling force websocket stop..05:22:29.014.ERROR.Socket unable to read..05:22:29.014.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:22:29.014.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260109.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.9681798555071905
                                          Encrypted:false
                                          SSDEEP:6:Os4iXIX+WgIJUy2XIXNLD4EQB3rXdzvRWl8RvvvFiXIX+WgIJUJXEMf7ud2M0CCG:9RQ2ChiXtvv9igQj8P40175T
                                          MD5:01FFCB0C3DB6C3FB831BCEC977367512
                                          SHA1:30FA7B00603D552693C2FF047391F9996E1801DA
                                          SHA-256:75E84B37484E227E3C9613356592F011548F498039CB2B712C4F7AEC84F8CCAF
                                          SHA-512:1074B3E93D7DC4B5C942740FBEA1F506BC5C309953933B0778178276A73B982D7A62AB28F75B7C3BCD77A885A8145E0EDF5A01F3A18E4083B5D57991DE1EF177
                                          Malicious:false
                                          Preview:08:37:15.270.INFO.Signaling force websocket stop..08:38:38.726.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:38:43.443.INFO.Socket connected to getscreen.me:443..08:40:51.981.INFO.Signaling force websocket stop..08:40:53.464.ERROR.Socket unable to read..08:40:53.474.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:40:53.474.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260111.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):260
                                          Entropy (8bit):4.812240854714923
                                          Encrypted:false
                                          SSDEEP:6:K4XIX+WgIJUUHc6XIXNLD4EQlTL4KWXdzvRWl8RvvNRKC2XIX+WgIJUn:K4KhChQL4nXtvv45
                                          MD5:9940AD7CCF7F49ACA11B81044071B994
                                          SHA1:981A7C196CFB9E2BCF3A18996E473D4F03247BA2
                                          SHA-256:E807A352618E2174B03394CDCD0291A126439420123E909874B00FE11C469471
                                          SHA-512:8ED343C330481A024AA97A7FFFF0802540CCF062C06C9DC327EBC1E377525B740C6B0F2DA6C6E7E3606FA4A14B88657908E02A824247C907D750C45BDB230C71
                                          Malicious:false
                                          Preview:11:56:26.820.INFO.Signaling force websocket stop..11:56:55.032.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:56:56.583.INFO.Socket connected to getscreen.me:443..11:59:18.957.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260113.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.982782069026276
                                          Encrypted:false
                                          SSDEEP:6:GBEMYHud2M0CCQP5K0ClDDNBQEQBW/s2XIX+WgIJUUYLn2XIXNLD4EQWXdzvRWlG:UQj8P40O5L/K02Ch5Xtvvn
                                          MD5:F254E6E3EBF3B2F58732198B72551480
                                          SHA1:737A7D5AF41156DC5D05AF09D54F5A09AFEF3032
                                          SHA-256:A0D4F2E95DB4E713A5B59E5F52457956E571C66E4796AAB83EA62E16A2637859
                                          SHA-512:8BF21D87CDA8D34E9051EF9B1424F3E413E8ECD15483395601DD7BDA75ACE15C30B13E94AC5A02BB76D3CE5F1BC4505F5DE44F752DEB2092343C5892A2029C1A
                                          Malicious:false
                                          Preview:15:14:21.223.ERROR.Socket unable to read..15:14:25.497.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:14:25.497.ERROR.WebSocket connection error getscreen.me/signal/agent..15:16:38.425.INFO.Signaling force websocket stop..15:16:54.934.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:17:05.243.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260116.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1489
                                          Entropy (8bit):4.998568242511683
                                          Encrypted:false
                                          SSDEEP:24:EoAH1DAoLKVGM2tvtUX/TTDAoTQy8Ghtvl2BDAMkyu/G+mtvv:Eoc1DVK4MaFmTTDxQ8DaDJT+K3
                                          MD5:303439177CB5B54F3C639992D1A6C5DC
                                          SHA1:AF91C4A3B71EC8016CD5CB9D3C73539C195C58EE
                                          SHA-256:A404E4BAD65F33AA8CC277514988C80155CFC1B784AF5FE345856EA210062C6B
                                          SHA-512:43652F15C30D95A781C56800F2299A058BFC4CA40E2A5BCA7131BD039DF045B0B4A94A78F32246107F2CA9488F5A59C7C6C8744FBAD1AE3946D43BC8303416CE
                                          Malicious:false
                                          Preview:18:32:07.092.INFO.Signaling force websocket stop..18:32:10.521.ERROR.Socket unable to read..18:32:10.561.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:32:10.561.ERROR.WebSocket connection error getscreen.me/signal/agent..18:34:14.650.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:34:19.396.INFO.Socket connected to getscreen.me:443..18:36:39.239.INFO.Signaling force websocket stop..18:36:39.309.ERROR.Socket unable to read..18:36:39.309.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:36:39.309.ERROR.WebSocket connection error getscreen.me/signal/agent..18:39:04.748.INFO.Signaling force websocket stop..18:39:35.630.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:39:46.151.INFO.Socket connected to getscreen.me:443..18:42:18.992.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260118.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):506
                                          Entropy (8bit):5.019243121561197
                                          Encrypted:false
                                          SSDEEP:6:Yi2XIX+WgIJU7QsyUMNscHud2M0CCQP5K0C+bscDDNBQEQaXj2XIX+WgIJUUX2XN:B2G9OQj8P40Fn5baVChhi5
                                          MD5:A5DE7CAC3564B6CF785233B16E43ABD3
                                          SHA1:EC7CE60B07B17978C148BE0B70BADD8892226255
                                          SHA-256:785C5CB1B5EC7BCF9D1ABABAF41BFCCE9C12B55FEBB8AB0C14375CE58BDAAD40
                                          SHA-512:95B26F79FB8D2F7DBFBDDF66519046EFCAA08D59794D402DD57E9FCFC66DB35F8510C19DF4D123B2841CC3D20CCEC0FB7D524B4E2389C60BE8A130B319F5F98C
                                          Malicious:false
                                          Preview:22:01:28.964.INFO.Signaling force websocket stop..22:01:38.915.ERROR.Socket unable to read..22:01:38.955.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:01:38.955.ERROR.WebSocket connection error getscreen.me/signal/agent..22:04:04.277.INFO.Signaling force websocket stop..22:04:38.587.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:07:04.141.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260120.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):728
                                          Entropy (8bit):4.838505712660361
                                          Encrypted:false
                                          SSDEEP:12:TgETXgkgDR2g+gv3mgtyigj2Xg5HUmg5og50ig5uBXgiFQ5:TpXZBn/Kyieaa0maoadauXr65
                                          MD5:4ADCC533DCFAB8CC68F9E9ADE5CDFA4C
                                          SHA1:0E2936E356EB0647DB6F6147C7F53F0B256F8C43
                                          SHA-256:356BD1DB8C55C6A6586373621D13B5555FDC558C0C9EC4B9931D472F6D7E05C6
                                          SHA-512:8300C2F670717A0D5D61F1453BFF40927EC2050537FD5BE6D000B10435D751FF72696F9AE7960013C559D433D9E796B9F32D9F79854EAA749648540D4400627B
                                          Malicious:false
                                          Preview:01:22:50.805.INFO.Signaling force websocket stop..01:25:25.839.INFO.Signaling force websocket stop..01:27:50.943.INFO.Signaling force websocket stop..01:30:16.224.INFO.Signaling force websocket stop..01:32:41.585.INFO.Signaling force websocket stop..01:35:06.727.INFO.Signaling force websocket stop..01:37:24.571.INFO.Signaling force websocket stop..01:39:49.728.INFO.Signaling force websocket stop..01:42:15.081.INFO.Signaling force websocket stop..01:44:40.552.INFO.Signaling force websocket stop..01:47:05.898.INFO.Signaling force websocket stop..01:49:31.067.INFO.Signaling force websocket stop..01:51:56.413.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260122.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1778
                                          Entropy (8bit):4.9873809994041265
                                          Encrypted:false
                                          SSDEEP:48:Lhsdmu/gLDSI9dWjbJhDrRVBSf3u3BDG3SaUO2G:LhsV49dMJVRVIf3u3A3SaUOF
                                          MD5:4F1DC12742FFFA83A6CDE9814D037294
                                          SHA1:5431EA5953DB0765CE941633FDD2AEC0CA466E71
                                          SHA-256:E8299765F6C17D580E985583311A28FF0B61169717BC9A6F804D4EA0E8B6380C
                                          SHA-512:FA5FC913C2D5B246D79A9B20E5C74CFDB68C51747DCF3A00DD4AD21AC6B1BCA1149BDC857349B46EFECB5A5FCE5EB3D2E3F41D5C4D32C5AD73F841E7A904C647
                                          Malicious:false
                                          Preview:05:08:05.178.INFO.Signaling force websocket stop..05:10:39.519.INFO.Signaling force websocket stop..05:12:52.655.INFO.Socket connected to getscreen.me:443..05:13:04.654.INFO.Signaling force websocket stop..05:13:05.937.ERROR.Socket unable to read..05:13:05.937.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:13:05.937.ERROR.WebSocket connection error getscreen.me/signal/agent..05:15:31.342.INFO.Signaling force websocket stop..05:16:54.598.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:17:07.805.INFO.Socket connected to getscreen.me:443..05:19:18.112.INFO.Signaling force websocket stop..05:19:23.451.ERROR.Socket unable to read..05:19:23.461.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:19:23.461.ERROR.WebSocket connection error getscreen.me/signal/agen

                                          C:\ProgramData\Getscreen.me\logs\20260124.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3941
                                          Entropy (8bit):5.008222988888658
                                          Encrypted:false
                                          SSDEEP:48:LDEV7ApDTavu7DmzoPLD4uWxkaDDztHyjP0jDaAVsh1QD674mage7:kJwAZsQhx5tHk0yAOL7FK
                                          MD5:BA2EE8CC5ABECA77EC2BA4912CAD2D21
                                          SHA1:DA623D0B5B96D6DEF218F8EA4D7E371E5BB1D594
                                          SHA-256:9F0A993764C40444F2C53051E8BB00A183497A80B79E6C815EE36C8CBAB55FA0
                                          SHA-512:762D963362C76886125E2C145B09283B00D7C06F24C8B79F98AE6336CCBED3E22314CBB17CDD5861EB9F3F4557FDF983CB736EED7277C5D64B6BCD8A9BB45608
                                          Malicious:false
                                          Preview:08:44:44.355.ERROR.Socket unable to read..08:44:49.303.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:44:49.304.ERROR.WebSocket connection error getscreen.me/signal/agent..08:47:14.336.INFO.Signaling force websocket stop..08:47:26.589.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:47:27.045.INFO.Socket connected to getscreen.me:443..08:49:38.254.INFO.Signaling force websocket stop..08:49:39.356.ERROR.Socket unable to read..08:49:39.356.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:49:39.356.ERROR.WebSocket connection error getscreen.me/signal/agent..08:52:04.538.INFO.Signaling force websocket stop..08:52:58.726.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:53:06.531.INFO.Socket connected to getscreen.me:443..08:55:23.659.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260126.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):255
                                          Entropy (8bit):4.8429874064033465
                                          Encrypted:false
                                          SSDEEP:3:OfQSffr3UKZA12wQxex3X+//KKX76VyITHiC1uPLRyOML0HiIxex3TAUOg1MGXA+:ODkMnWHud2M0CCQP5K0CIWDDNBQEQ4
                                          MD5:46D6E751687E076D6A1361E7C21BE94D
                                          SHA1:FFC9C4CB5D498354FBE829C54C70A398845FE06B
                                          SHA-256:D0F717A19FD87E246997FD4BF09584F82D7E7970F417211EBBB2A7799692CDF6
                                          SHA-512:5E6F607F18D7F1A13D2F551F5002892A0ED3BA0B52163CA556B6A3CAA2E595DF0033E95CD086EDBECBD5D774778C31590CFBDC03AC0548CD3FF91D496A8751F8
                                          Malicious:false
                                          Preview:12:57:17.251.ERROR.Socket unable to read..12:57:23.525.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:57:23.525.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260128.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.732481568098983
                                          Encrypted:false
                                          SSDEEP:6:KKAXXIX+WgIJUUuc5r2XIXNLD4EQl2dzvRWl8Rvvn:xcKucQCh02tvvn
                                          MD5:7A3620E81AE2DC0D8AB0EBA79BF57EF1
                                          SHA1:0A2F9E7774DDC27BB1ABF7C64D90BB89343D1A13
                                          SHA-256:A70B9815F02052A26AA0C85677A88114187BAFD5D1E569187595ADC3712E2D07
                                          SHA-512:B58FD0FB219114FE503308F40B4973FE914902E1B0609B730631FC0D2DCAC2385A98058902DDDC8BD78584E0CA2289D32BEEE3B3CC86374B6B8C9BC4C87BCFB5
                                          Malicious:false
                                          Preview:16:13:36.129.INFO.Signaling force websocket stop..16:13:36.157.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:13:37.814.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260131.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.982430706275885
                                          Encrypted:false
                                          SSDEEP:12:kXKmKvTJTpBRQj8P40ITpBq5zNaXChGn2tvvn:kXKmmdnRDAznCJ2Gy2tvv
                                          MD5:D4C9A9B2A02DC1D18E0AE77D9472F39D
                                          SHA1:CB6460B559B180BF98ED65BF12B3FCEA0BA32CCA
                                          SHA-256:C845EBC8201BBEB470012EF35C5017FE9A4BBA28004FD1F95BDE6666D6E59472
                                          SHA-512:2BD65F8E20E8FFFB24174ACE68235A8087E66FB47CE8672A9DB16551B7F0BF00FEE46FC6CAECBBF3F73C7B6B66F3807C1D44D7B9D96B4B35E38ACDC90E7C563C
                                          Malicious:false
                                          Preview:19:29:42.885.INFO.Signaling force websocket stop..19:29:46.359.ERROR.Socket unable to read..19:29:46.369.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:29:46.369.ERROR.WebSocket connection error getscreen.me/signal/agent..19:30:53.591.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:31:00.556.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260202.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):918
                                          Entropy (8bit):4.94919397556994
                                          Encrypted:false
                                          SSDEEP:24:hyzz6DAItb9G2N2tvtEsXc6DA9tbFZQG0Ltvv:0z6DrtbA5lE0DybjtU3
                                          MD5:23289E1ACA020D14B37EB4C0E4E815F0
                                          SHA1:8BC556BD8C6A9705B72416BBA578A21C1832CC5E
                                          SHA-256:3083E5294B1876DAB92473E5C3BCBC756D8100048EFAC540FF97D98344CEB2B6
                                          SHA-512:8B316DB615A3458426D37F044CDE08E6D2728FBB4F124DFBE147004CD063371B4088053147349375D49AE0C533C62EBD8388FE4B984CDA1AD71508DC6E06D2F3
                                          Malicious:false
                                          Preview:22:46:58.168.INFO.Signaling force websocket stop..22:48:00.626.ERROR.Socket unable to read..22:48:00.656.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:48:00.656.ERROR.WebSocket connection error getscreen.me/signal/agent..22:49:38.700.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:49:42.492.INFO.Socket connected to getscreen.me:443..22:52:02.121.INFO.Signaling force websocket stop..22:52:02.452.ERROR.Socket unable to read..22:52:02.492.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:52:02.492.ERROR.WebSocket connection error getscreen.me/signal/agent..22:53:45.289.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:53:49.332.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260204.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.978383566991967
                                          Encrypted:false
                                          SSDEEP:6:OsXXIX+WgIJUSSOM4SOud2M0CCQP5K0CA8SKDNBQEQYXgXIX+WgIJUlXIXNLD4EZ:r3Qj8P40xU5pgnCha5n2tvvn
                                          MD5:EA5C08FDC4F1002F090BF9D8EB450B61
                                          SHA1:45C73E308CAF272D03CE8C9109401B4DC8D650B7
                                          SHA-256:EE3F151BF723E88E22AEC449FD8A691644E84494D2A259D0EDC1708E95B72529
                                          SHA-512:6B081392E17BA7A50634E32563641575A547AC1515F12F6024E3ADF213DA00CF6D52A5AEDE797BB8F118344F77D4F35FB117287B2B2BA22E3A49417711896B4B
                                          Malicious:false
                                          Preview:02:08:46.818.INFO.Signaling force websocket stop..02:10:26.784.ERROR.Socket unable to read..02:10:26.784.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:10:26.784.ERROR.WebSocket connection error getscreen.me/signal/agent..02:12:52.040.INFO.Signaling force websocket stop..02:12:52.799.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:12:58.594.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260206.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.9582962720267645
                                          Encrypted:false
                                          SSDEEP:6:0NG45r2XIX+WgIJU6MTbMsfE2bud2M0CCQP5K0CsjDDNBQEQ4:S+kuD6Qj8P40t5T
                                          MD5:755ADE1AD12D98D01F230B180B4E8135
                                          SHA1:F38E0D715299B553EAF1134B297EB9C8A8E53B99
                                          SHA-256:2933E667F5A7013ADEAE3DBD94F1B9C25B51E73BE1CD36B478C058A8C5CE0DDC
                                          SHA-512:AF56E404C04CEF749634B7B63D2A4252F84218BFEAFFD122CFA71823AFF950A06D58D872364E30DB3E90B11F81166DA011C96644C34010EE3696619AE659A22D
                                          Malicious:false
                                          Preview:05:28:12.157.INFO.Signaling force websocket stop..05:28:16.072.ERROR.Socket unable to read..05:28:16.123.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:28:16.133.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260208.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.957283589420393
                                          Encrypted:false
                                          SSDEEP:12:AwXChTitvvLiFTxQj8P4011K5g3ZiChJfntvvn:AwXG+tvu3DAngAGJfntvv
                                          MD5:CF0753A584E8AFED59AC3D018570A1CB
                                          SHA1:5AA0E187D78CF022765EA81F62BB3903981ABD5F
                                          SHA-256:911E88C99F35950668FE8ED59B3AB608B17DEFEE815F9D0CDFB6DA4B2F5E699A
                                          SHA-512:75DA6A39F07CB8895CBD91395EDA43A9C969688913E75A8DF27306F4F1FFFABC2B95E967F405126B1F769F00E50C3A7C3D81D83829296D45BF53791DD10923A1
                                          Malicious:false
                                          Preview:08:44:34.890.INFO.Signaling force websocket stop..08:44:37.271.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:44:43.501.INFO.Socket connected to getscreen.me:443..08:46:53.468.INFO.Signaling force websocket stop..08:46:53.859.ERROR.Socket unable to read..08:46:53.859.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:46:53.859.ERROR.WebSocket connection error getscreen.me/signal/agent..08:47:52.757.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:47:57.472.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260210.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.940175783205544
                                          Encrypted:false
                                          SSDEEP:6:O9IuXXIX+WgIJUUEgHMngHud2M0CCQP5K0CkgDDNBQEQ4:ghKVVOQj8P40Wn5T
                                          MD5:19123BFB5CAFD395C87E544FB72164A0
                                          SHA1:F7116E80AF633E0563EC30FEDD897C90B3D66181
                                          SHA-256:1304E9DFF5DB83D90087E97B81ECBB5A19172A213662D246421A14700D6E8C2D
                                          SHA-512:F0EDCB17DD46BBB2CE4B79C22255AC8D05496FA78461316FACC6C71214B424CF35B1AFF9672908694A9FC5B2F5C8471010483778969828F653E66E1A23206644
                                          Malicious:false
                                          Preview:12:02:40.698.INFO.Signaling force websocket stop..12:02:45.491.ERROR.Socket unable to read..12:02:45.491.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:02:45.491.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260212.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.7913835898195885
                                          Encrypted:false
                                          SSDEEP:6:imXIX+WgIJUU9cTKXIXNLD4EQrtidzvRWl8Rvvn:imK9iKChntvvn
                                          MD5:FE274153E9F4FC8DC943F7A3C277587C
                                          SHA1:06FBAB3DEC437D77A42A6B3248D844C7FC86F69B
                                          SHA-256:1B8BFDBD7702053CDC37F88D3AFA090A5AE03573C7ADBF345F2B2EA61E997B45
                                          SHA-512:B5E75AA6FEEBD80E39147FD47FE85DCAC0EDDAC319C5210C9EFDC5632104F49A683C6EA1FCFDD6D18B2515508EFE6734E4C536FCAB42D55BE4DCC0A774F877E0
                                          Malicious:false
                                          Preview:15:17:43.923.INFO.Signaling force websocket stop..15:18:40.960.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:18:45.648.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260215.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):571
                                          Entropy (8bit):5.0133375120292865
                                          Encrypted:false
                                          SSDEEP:12:EJKAyGQj8P401J5JE3nXKzChoRS4mtvvMP25:EJgGDAo/JCnXWGoRS4mtv025
                                          MD5:30545B72B5318123D51103B19AA408A9
                                          SHA1:F19CE7A8E490142D0EA5F8BACAE03966673F21EA
                                          SHA-256:4E31BD4328733C8A899C0A6801F0C9426ADAE5BB40B4212ACB1C5C1B4DBF32EF
                                          SHA-512:A5B21C99815A6A03A81235DFA76490ACAA7934FCC54EB9B4739A18E5185772276DDF970C8991CFE2C29C46B746A261A131B3FDA0A1C766F143E57C15E5AC4F67
                                          Malicious:false
                                          Preview:18:34:03.971.INFO.Signaling force websocket stop..18:34:08.854.ERROR.Socket unable to read..18:34:08.894.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:34:08.894.ERROR.WebSocket connection error getscreen.me/signal/agent..18:36:21.267.INFO.Signaling force websocket stop..18:37:59.052.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:38:03.560.INFO.Socket connected to getscreen.me:443..18:40:22.596.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260217.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1377
                                          Entropy (8bit):4.981650802345142
                                          Encrypted:false
                                          SSDEEP:24:/DAebz2G5tv2rsVt6DADttbpG7CVtvX+lRDAICbtxGx2tvv:/D/bzvL56Dqtb0WH2lRDtCbt8xa3
                                          MD5:B0B38277D7F70402156C488690CBA1B1
                                          SHA1:695426F61C8EA085B5F1C7F2CA17ED910AB1CB06
                                          SHA-256:90275AAB28D5A2BF0A3C9CDA3DB657E816142AA4EC408D6BDD60C067438EA97E
                                          SHA-512:4198A4701BA43058877A57FD040ED62FEE51C4CF2CED2B63B7341A0222F833EBC0BC86E2D51E178DC62B8D373E6A7A09775E19579D7AC8C9A69EC79EFFAEB6C4
                                          Malicious:false
                                          Preview:21:54:50.277.ERROR.Socket unable to read..21:54:54.826.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:54:54.826.ERROR.WebSocket connection error getscreen.me/signal/agent..21:56:43.072.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:56:50.210.INFO.Socket connected to getscreen.me:443..21:59:08.762.INFO.Signaling force websocket stop..21:59:09.053.ERROR.Socket unable to read..21:59:09.093.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:59:09.093.ERROR.WebSocket connection error getscreen.me/signal/agent..22:01:27.858.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:02:28.075.INFO.Signaling force websocket stop..22:02:35.789.INFO.Socket connected to getscreen.me:443..22:04:53.674.INFO.Signaling force websocket stop..22:04:53.964.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20260219.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.944843800936037
                                          Encrypted:false
                                          SSDEEP:6:g2m2XIX+WgIJU+/MScHMofXqEud2M0CCQP5K0CLqADNBQEQ4:fm2gEScjoQj8P40W55T
                                          MD5:5A9E70B2EF060350CF494AB1B1D5C49C
                                          SHA1:94116EA8AC86B848421ACF132D6DEFD4D74C0F73
                                          SHA-256:BF9AEA48A9363A1102854FB6E859E39FB5D2C4282318CE3E0ECEC584E4FADD0D
                                          SHA-512:1938848086931C968403BDCDE42FD23F49B255265FF8BEE878CC624F336214C409EE884999FA2B7E172D42B4AA4E915C3D1CDD7BB10E2D1882FE183B1005A40B
                                          Malicious:false
                                          Preview:01:21:58.406.INFO.Signaling force websocket stop..01:22:03.867.ERROR.Socket unable to read..01:22:03.907.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:22:03.907.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260221.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.743661347204346
                                          Encrypted:false
                                          SSDEEP:6:YmXIX+WgIJUgcn2XIXNLD4EQNoRaXdzvRWl8Rvvn:D3n2ChgXtvvn
                                          MD5:F7F9795492C3316B393FCDBA9735980F
                                          SHA1:11FC908DABDBFCD270DE055BA0CE105BEFD3AB4E
                                          SHA-256:EE04F8C77E8EC0B0DABFB11F51DDAC7C333D8C7F0FFB850511AF4EED7A1C6992
                                          SHA-512:7E7F784B659795A9E041982A8875E4DD5C9ABB69178E653233FE7282B94AFB0F468D757BCD0B32AA7649305D4AE487ABCA2B977689CA97E01C7783323FCB8EF1
                                          Malicious:false
                                          Preview:04:36:49.942.INFO.Signaling force websocket stop..04:38:09.624.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:38:13.639.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260223.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4814
                                          Entropy (8bit):4.989069987471607
                                          Encrypted:false
                                          SSDEEP:48:JYDgwLGbVDB/YZD0FZGD0Mipl5eDZcC6DZt5WbtDDW3AbgxDci18dDrwSImRDuCr:JhQsP/nFNMQlscdtGWP1AwqwG
                                          MD5:8DF22747B04B027AAAF0E05E3F11D7B7
                                          SHA1:6B9FF96B51135914EEB6DCEBDB171F0185D33543
                                          SHA-256:633010A17F175EDF30704E3EA01E35BA43F28CBDA0C09E0B0BBF83DBAE0837B4
                                          SHA-512:8EB390EC09CF92B33BB0FB7DCEDC3C22677623FF5BD3ED6834315AE458179B1E963110700242B9FF1F004C3D8838DEF25788D93914CDEB3EBF257BFD55DDBFA4
                                          Malicious:false
                                          Preview:07:52:53.361.INFO.Signaling force websocket stop..07:52:58.481.ERROR.Socket unable to read..07:52:58.481.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:52:58.481.ERROR.WebSocket connection error getscreen.me/signal/agent..07:54:34.972.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:55:35.239.INFO.Socket connected to getscreen.me:443..07:56:48.872.INFO.Signaling force websocket stop..07:56:49.143.ERROR.Socket unable to read..07:56:49.183.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:56:49.183.ERROR.WebSocket connection error getscreen.me/signal/agent..07:58:33.897.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:58:34.110.INFO.Socket connected to getscreen.me:443..08:00:58.279.INFO.Signaling force websocket stop..08:00:58.470.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20260225.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4666
                                          Entropy (8bit):4.998525609360697
                                          Encrypted:false
                                          SSDEEP:48:Up9DO8GNM3aPDOrh2vAbDh+Yj8D8z4Lw3PPuD+T9G3L+lDENypKDUdlUNEDP2saL:UpHGNCh24R+skc3nBT9G9NadlUA2HaiT
                                          MD5:4F8A071F228DA6CD906F2EEA72C36131
                                          SHA1:D5ADBFEC74CFEA265DF6CF6E957E9C24C92DA031
                                          SHA-256:3D11847561AECE4D5FBAB5DDBF21F5C21915D997B6A4B5335B032246C44A230A
                                          SHA-512:6A3BE2B871CBA026AE486B4AD8F5346AE2F3310C886AC5B38D47B2964037CE359FBE4208CC9D28FB28D1DB433A03C91370747DC19BED4637B3A097A21ABADB12
                                          Malicious:false
                                          Preview:11:53:03.504.INFO.Signaling force websocket stop..11:53:22.035.ERROR.Socket unable to read..11:53:22.075.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:53:22.075.ERROR.WebSocket connection error getscreen.me/signal/agent..11:55:47.565.INFO.Signaling force websocket stop..11:55:59.170.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:57:02.716.INFO.Socket connected to getscreen.me:443..11:58:35.891.INFO.Signaling force websocket stop..11:58:36.944.ERROR.Socket unable to read..11:58:36.944.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:58:44.991.ERROR.WebSocket connection error getscreen.me/signal/agent..12:01:02.398.INFO.Signaling force websocket stop..12:01:36.535.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:01:52.254.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20260227.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1433
                                          Entropy (8bit):4.994532658025289
                                          Encrypted:false
                                          SSDEEP:24:JCG3tvCfDAF+GR2tvXiXDAXUGQtvA2dKDAUT:d9mDsXRa/iDGJAI9DlT
                                          MD5:AE5B8491BDEEF05F4BFA374EBE45243F
                                          SHA1:4EDA70EE9A09962A4FABDE6C5D3DC9851BCEC394
                                          SHA-256:B7155D6B62202BB57D1A39B1261071527BDD6D74CAD4AB1F3E81846C1101D57D
                                          SHA-512:0967344477185960509B35489D103B1ED0DE7FA567879A3227095FBC8FDB156D59096A182EE9EEEAA36691EC9F20D43E0340591B72EEB1C259DAA80487506767
                                          Malicious:false
                                          Preview:15:51:45.013.INFO.Signaling force websocket stop..15:52:58.488.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:52:58.961.INFO.Socket connected to getscreen.me:443..15:55:12.382.INFO.Signaling force websocket stop..15:55:12.443.ERROR.Socket unable to read..15:55:12.443.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:55:12.443.ERROR.WebSocket connection error getscreen.me/signal/agent..15:57:12.829.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:57:15.306.INFO.Socket connected to getscreen.me:443..15:59:38.478.INFO.Signaling force websocket stop..15:59:46.385.ERROR.Socket unable to read..15:59:47.458.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:59:47.458.ERROR.WebSocket connection error getscreen.me/signal/agent..16:01:47.252.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260302.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.721748002067049
                                          Encrypted:false
                                          SSDEEP:3:FNvIs2XINF+WgIO0/Vyn:zvR2XIX+WgIJUn
                                          MD5:B2F7753C8933359FCC10F121977A6C43
                                          SHA1:CAF27D3B2A0C6D19D631095422C3170597B2C4C2
                                          SHA-256:858CE1D632475102B50BE601FD859D7911AF1670F85F043AF50FBD3DB2D44079
                                          SHA-512:82FDCB16B5D95525C7CF62593ABFC9BEB2ADE29CD1A489E2E91F75CD0B96FEB3F30C914CFA6D30444ADAF0EA45273BE2B73BB988BA73650FD3D2A6722980E9C1
                                          Malicious:false
                                          Preview:19:19:02.516.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260304.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):999
                                          Entropy (8bit):4.978323303480343
                                          Encrypted:false
                                          SSDEEP:12:Jct0rChWGM2H2LXbU2tvvFbr2+Qj8P40O5bKEXzChztvvn:Jct0rGx3H2LXbvtv9bi+DA3b7zGztvv
                                          MD5:3DC8040B4C4635D0CC24823EBEE5E9D2
                                          SHA1:4F3C2AA985531B849CC66A3850F03AE80ED4E4CF
                                          SHA-256:1D1A6A4AB214B74691E065266D367E622CADAE4EBE942772E3D4B4F7DD672A24
                                          SHA-512:CEE3115A3242731703663DBB22EFF95DAC0FDD359EA3128385E6E0E713F71E71813AD4A5D0DD9FD423B26C163DCA9E3CB0F0DDB994B3C4B80A4A56F35549F34B
                                          Malicious:false
                                          Preview:22:33:48.299.INFO.Signaling force websocket stop..22:34:11.131.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:36:36.633.INFO.Signaling force websocket stop..22:39:01.817.INFO.Signaling force websocket stop..22:41:14.356.INFO.Signaling force websocket stop..22:43:39.567.INFO.Signaling force websocket stop..22:46:04.681.INFO.Signaling force websocket stop..22:48:02.704.INFO.Socket connected to getscreen.me:443..22:48:30.014.INFO.Signaling force websocket stop..22:48:38.150.ERROR.Socket unable to read..22:48:38.180.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:48:38.180.ERROR.WebSocket connection error getscreen.me/signal/agent..22:50:51.875.INFO.Signaling force websocket stop..22:51:37.618.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:51:38.300.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260306.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.980774921210168
                                          Encrypted:false
                                          SSDEEP:6:ws2XIX+WgIJU3UgkMhUGUud2M0CCQP5K0CA9UGQDNBQEQYXPUzXXIX+WgIJURHnR:wX6g4mQj8P40x9Uv5pPYPWChazEtvvn
                                          MD5:856395A5E6E4247CCE693971226FA078
                                          SHA1:07514EA627D7A16CEFCEE71D8185283BCE90DBF0
                                          SHA-256:D514CF073CA96BF5A78AC602D361509B2776D66C6B89555198C9C0FAD747E6E0
                                          SHA-512:BA937C921C53F68A7B431F930A17856FA811BC42C6E830C822D2D9DEB2AA668BEBD8842102955F87B02D2EE46D4D9894E205F8515AF72493775DE68170DB3BB8
                                          Malicious:false
                                          Preview:02:08:28.275.INFO.Signaling force websocket stop..02:08:38.618.ERROR.Socket unable to read..02:08:38.658.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:08:38.658.ERROR.WebSocket connection error getscreen.me/signal/agent..02:11:03.933.INFO.Signaling force websocket stop..02:11:19.677.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:11:28.338.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260308.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):394
                                          Entropy (8bit):4.990752449574125
                                          Encrypted:false
                                          SSDEEP:6:0jzXIX+WgIJU6IlHBEMsfAlbsyUud2M0CCQP5K0ColbsyQDNBQEQYKfs2XIXNLDe:czk2o2I6Qj8P40rIb5QE2ChY
                                          MD5:D794AE37B1AB24C9FD32EF4A53722C95
                                          SHA1:C595485BFA1E28D6B1C4D78AAF34F4FCBCB1EB15
                                          SHA-256:A71F32337DF553F7E3DB36CEA728ADA2AD4813E5927C9488D8D78C3421EA87F2
                                          SHA-512:8E46B17B2138F3D544B6B5F65CC2D56C40305692A9AA6B774FEFE4AED06E8B73C03ABF28F75FF65A74EEA51CABF61488D1E2344C5572C56B73FDF4120C6A72D1
                                          Malicious:false
                                          Preview:05:27:03.379.INFO.Signaling force websocket stop..05:28:12.422.ERROR.Socket unable to read..05:28:12.462.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:28:12.462.ERROR.WebSocket connection error getscreen.me/signal/agent..05:30:10.498.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20260310.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):325
                                          Entropy (8bit):4.937729748934337
                                          Encrypted:false
                                          SSDEEP:6:mKX2XIX+WgIJUJJIXdzvRWl8Rvvvg4kud2M0CCQP5K0CK5G4gDNBQEQ4:BX2OtvvI4xQj8P401G4K5T
                                          MD5:C5BE26C5E1A5F0D2A85CC86F164E04F8
                                          SHA1:76BE99A314757CADD24DF3624959A7DFDDB32657
                                          SHA-256:75F9FEE1E46076FCD0C8115CDC394043D005F5C8EC2CDEF92C3F1E9F08B2B1DD
                                          SHA-512:34A0FB25CE58286A5C5AD4CC9EC6CAD7705953B6C5A969EFE6FBBC29F907AAD9A1566709DD0DC27EE27AF3508912E9BEBEDE90F42BAB4DD72C474C0985866893
                                          Malicious:false
                                          Preview:08:44:38.164.INFO.Signaling force websocket stop..08:44:41.461.INFO.Socket connected to getscreen.me:443..08:44:44.952.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:44:44.952.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260312.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.796997545837856
                                          Encrypted:false
                                          SSDEEP:6:mnQXIX+WgIJUUHcq2XIXNLD4EQms2dzvRWl8Rvvn:oQK72Ch9Xtvvn
                                          MD5:E6FA0567A381C1B7A40853D69992F201
                                          SHA1:66CCCCE15A0E7C0726C3B5D70BD4BD7F3BF0EC1B
                                          SHA-256:3F2DFBEC0F6B4DDC2EBC703F77063D1105B5636DDA7615E6728877D1FC2AE66D
                                          SHA-512:9D929EE56E7313748E8E9BA57C117376744E58DB165ED76D5B60D6E25D210295FBE39E47A0E637068421A9CE52B05A1AA06A62CE1B47E251006ABC749F571E54
                                          Malicious:false
                                          Preview:11:59:14.082.INFO.Signaling force websocket stop..11:59:58.976.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:00:02.575.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260314.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):770
                                          Entropy (8bit):4.9858476890591374
                                          Encrypted:false
                                          SSDEEP:12:RK6pBQj8P40x65A2ChctvvjKMugXugxQj8P40fugK5T:RvpBDAWSA2Gctv7PDAXT
                                          MD5:C0AEE0672425B52F627383340F517087
                                          SHA1:D390B02E9755B2F4921038DBCCA869C171838894
                                          SHA-256:9EA182187597B77B3668C2E93E1A8E2D2EC92B8089A065DF5E60044BBEC3D612
                                          SHA-512:FAF088E077A09E15C3CF6D347416E653AD1D5F1EB89481E624F56491A126A38B0A284F08E775EB8C8DCB801464A1BE891F2781DB0D0EAC7C46799343190E94C0
                                          Malicious:false
                                          Preview:15:15:12.901.INFO.Signaling force websocket stop..15:15:18.276.ERROR.Socket unable to read..15:15:18.276.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:15:18.276.ERROR.WebSocket connection error getscreen.me/signal/agent..15:16:31.015.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:17:31.252.INFO.Socket connected to getscreen.me:443..15:18:42.590.INFO.Signaling force websocket stop..15:18:42.658.ERROR.Socket unable to read..15:18:42.658.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:18:42.658.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260316.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):251
                                          Entropy (8bit):4.851233308860002
                                          Encrypted:false
                                          SSDEEP:6:EuMLKXIX+WgIJUUU5nlXXIXNLD4EQXPEs2XIX+WgIJUUU6eiXIX+WgIJUn:EfKKaVChi8XKTei5
                                          MD5:4A0B98C357E4CAF1B54A352CB0BABDDE
                                          SHA1:6A7B1B973838272BD344D6E81937325AFD8653F6
                                          SHA-256:D473D467FE27E4D7D1E4E79AF6B8830FEB9831FFFE154E85C4BB1A014AF406B6
                                          SHA-512:1BC0849E6A587E1297FAFD4927409DC9D98D7B1E88B5D855F37FE48547E2B92E1D8BDBAED59420FD19F21CA4E104255EBCF51BEF16FD78B495618F14B067CF6B
                                          Malicious:false
                                          Preview:18:34:18.710.INFO.Signaling force websocket stop..18:34:23.372.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:36:48.855.INFO.Signaling force websocket stop..18:39:02.418.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260319.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:JQBRiXINF+WgIO0/Vyn:eBRiXIX+WgIJUn
                                          MD5:FF0732193C66821CDC3B3D7C2CE111B9
                                          SHA1:61AFF60A7AB6C4C8698C6E685F19DE88A1B057D3
                                          SHA-256:90EE1096C6D087BE28B54068C3DFE919ABD87A9768D8E8CC79763786375D4A1D
                                          SHA-512:C8B9B689687C04525BAD6B2A9DC53F3475242187678F7979ABB36287C8028F0581AD15EE53644BA229CBB0C6D2527FE7A120992D41B7C07BCCB1FA33922E8F4F
                                          Malicious:false
                                          Preview:21:54:50.288.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260321.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):112
                                          Entropy (8bit):4.6958855292791934
                                          Encrypted:false
                                          SSDEEP:3:gUGV6WSGs2XINF+WgIO0/VyVU8WBR3rWs2XINF+WgIO0/Vyn:gUGiGs2XIX+WgIJU+H32XIX+WgIJUn
                                          MD5:3FCD9EBDC06027B7FC9A3D9C3A8E4E72
                                          SHA1:B5E58D080E16FF22434920FFDEEE5F0177802EEB
                                          SHA-256:C57634A997D0F63A1A745302B04D56A2ED8F4BF924AFD07F7274D923FAB5D1AD
                                          SHA-512:8CBA8E73CCE27E63952B086BC5C4B6F2812C4CECA40F21B86E9F422F92949B5913885B6271E86E0395770DF85D181434B740147A6A56BBE852C585F15D1818D0
                                          Malicious:false
                                          Preview:01:11:09.370.INFO.Signaling force websocket stop..01:13:41.144.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260323.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):121
                                          Entropy (8bit):4.682577032528015
                                          Encrypted:false
                                          SSDEEP:3:w/Fs4qXXINF+WgIO0/VyVRfsnmns2dzvRWAAEzRWovn:w/+XXIX+WgIJUymns2dzvRWl8Rvvn
                                          MD5:35A3B29A3A4F1D601273C81CB9337563
                                          SHA1:BD315A841386A02735257B17E74B205882DFB218
                                          SHA-256:82680B58E8557220A109380370223F9AF3A6C6FB10CD2A52E5D21980178D51CF
                                          SHA-512:20C36B808546114671360FA60B64B1E02C64988797FCEAE94E08ED40587F02E449D2DD46838152A13E1A09C9C1A6A296848631147258B4B79A16E6E3DF006989
                                          Malicious:false
                                          Preview:04:29:08.619.INFO.Signaling force websocket stop..04:30:40.505.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260325.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):5.004244770208396
                                          Encrypted:false
                                          SSDEEP:12:Ss32MZRkK3RQj8P40XK3q5eMQ9s2ChVS5r2tvvysXCeQj8P40/65T:M25DA8eMIGs5itvKsXCeDAEST
                                          MD5:3F526F1AC2F4AFB6EE3A0AD0609D16EE
                                          SHA1:87BAEF1F4AD4094C6C8A3D3D256F3DFB90A77FBC
                                          SHA-256:ECE90E914619F61BC7821C7AE84A5F701CF79CA38D4D222D555001A25055166E
                                          SHA-512:A36BFA23BD7536DE4282E84D58634918EB5E75D4D25C812C62D94EA6161798AC0739C9552AD38C54786712B610CA0CD44DF188C61649267C98BB986D252DD777
                                          Malicious:false
                                          Preview:07:46:21.934.INFO.Signaling force websocket stop..07:46:26.317.ERROR.Socket unable to read..07:46:26.327.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:46:26.327.ERROR.WebSocket connection error getscreen.me/signal/agent..07:48:51.697.INFO.Signaling force websocket stop..07:50:07.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:50:21.014.INFO.Socket connected to getscreen.me:443..07:52:30.639.INFO.Signaling force websocket stop..07:52:31.521.ERROR.Socket unable to read..07:52:31.541.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:52:38.276.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260327.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1433
                                          Entropy (8bit):4.965383332111347
                                          Encrypted:false
                                          SSDEEP:24:GddXDGrtvk+X5ODAJ5P2GGtvm4iqDAUOiGRDtvF2pDAAT:GzqBcaODC5PvqhDdyzNADNT
                                          MD5:73307AB322D2B11207CBB655523C84C0
                                          SHA1:A5799D7DA07952D1C1E1ECDB338F990EF2A9B8FB
                                          SHA-256:208DCA6A3586F2122A46440AF0BD6464244CFB6DCD87B341CB390CF8699E4494
                                          SHA-512:316072A12B539249AF1FF3800B4AACBFFFB60B9149E126FFD37C087DC6B69DDCB2F414BE3D22371EC798CE919A34A94D173FD5B4F5A9693A7BB1638A2CEAFB31
                                          Malicious:false
                                          Preview:11:09:14.589.INFO.Signaling force websocket stop..11:09:18.982.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:10:31.498.INFO.Socket connected to getscreen.me:443..11:12:48.567.INFO.Signaling force websocket stop..11:12:49.009.ERROR.Socket unable to read..11:12:49.039.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:12:49.039.ERROR.WebSocket connection error getscreen.me/signal/agent..11:14:36.196.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:14:41.351.INFO.Socket connected to getscreen.me:443..11:17:00.545.INFO.Signaling force websocket stop..11:17:01.036.ERROR.Socket unable to read..11:17:01.697.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:17:01.707.ERROR.WebSocket connection error getscreen.me/signal/agent..11:19:08.915.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260329.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.9730514865405215
                                          Encrypted:false
                                          SSDEEP:6:IduXIX+WgIJUUi2XIXNLD4EQ3XtdzvRWl8RvvYdRr4mXIX+WgIJUUYMgkud2M0CX:IwKVChWXttvvkr4mKqxQj8P40mK5T
                                          MD5:D999F4F6D44B9972C682CEC0EA2B2E09
                                          SHA1:652268BD5513179B7590FB7BBC2067C400AF468E
                                          SHA-256:D7CF24DB9FB5FF31D69E6B67367F59F0FECE2C861A7882169BD72A004036C1D3
                                          SHA-512:FC891A2B8A2872ECEE1FAC2A51F59198A147EA3FD2B63254F7F8DF398BA04209C804045D48E2DA01E7E3EFF3CADFC21F8A7EA65FB1A8350AD653A142812DF897
                                          Malicious:false
                                          Preview:14:37:48.611.INFO.Signaling force websocket stop..14:37:49.277.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:38:06.720.INFO.Socket connected to getscreen.me:443..14:40:19.843.INFO.Signaling force websocket stop..14:40:20.314.ERROR.Socket unable to read..14:40:20.354.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:40:20.354.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260331.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.794104945515391
                                          Encrypted:false
                                          SSDEEP:6:mQXIX+WgIJUUx5uXIXNLD4EQ7xQFr2dzvRWl8Rvvn:mQKGChgxw2tvvn
                                          MD5:19EAD8DB63F1C1A2030FD6321E698599
                                          SHA1:DE307EA06AF6FCF810DFBB34C4CCE0CEFE589C66
                                          SHA-256:F0BD237CC859F9554D140D2F431B5B7883A817B83FE4BE142BB346484DF49F5E
                                          SHA-512:2C169F6461539CE216AF7B81FAE879B0E683C5C8A30C8BFCED90D05F9DCFB4E6FF0AC0E377E5D5121ECEC855046F2C81A9A611E59FB7F86E00BC1AD315572635
                                          Malicious:false
                                          Preview:17:55:20.829.INFO.Signaling force websocket stop..17:56:06.400.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:56:16.456.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260403.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.9676993778624405
                                          Encrypted:false
                                          SSDEEP:6:3QXIX+WgIJUEpdCMCpdtud2M0CCQP5K0CvdpDNBQEQa92XIX+WgIJUErXIXNLD4U:3QOo6Qj8P40Mb5b92wCh/tvvn
                                          MD5:D1A46066404722BC299742ADBBADDCA5
                                          SHA1:6F63BD0D85DA4C6A829595B0FB77BC59B0872CDE
                                          SHA-256:E1660B520817535D6C7E8BC65089E8A078E004570F26B0F6A33920FAA3AEE9B0
                                          SHA-512:907F3D4A9950CCE49D94E06AB6DD32853678800845F64122467D4FF3EB2480FA463B9A59B3546ADB20EFE3C6DF37023CE17D51B1BA9067E4C9495C2E38AD9B7C
                                          Malicious:false
                                          Preview:21:12:09.793.INFO.Signaling force websocket stop..21:12:18.158.ERROR.Socket unable to read..21:12:18.188.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:12:18.188.ERROR.WebSocket connection error getscreen.me/signal/agent..21:14:30.214.INFO.Signaling force websocket stop..21:16:03.609.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:17:11.269.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260405.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):965
                                          Entropy (8bit):4.9852088283028975
                                          Encrypted:false
                                          SSDEEP:12:/i6AlQj8P408W5WQChILmKjX2tvvlDmXRpRRQj8P40BRq5hLSS12ChF5:69DAKTGIbjX2tvFmhbRDAKChLSG2GF5
                                          MD5:DA9FD00C26BA31F41B7FD979D3A140D3
                                          SHA1:FF25CE3944296FE1042F110EE1011C3746C0D5EE
                                          SHA-256:1BE2F24BEBBF83A0BED5FD3DAA67975DCF19A04687E91BDA81365BE623377F2E
                                          SHA-512:22814E6D10890E21508DB6DB729F09FAC9B0D322DB8E4F9B5EB95EEA1F1E5F97C59365953CDDD13BABA0D9424191356B99BE65C40CD68FD01FFC23C929466584
                                          Malicious:false
                                          Preview:00:32:23.501.INFO.Signaling force websocket stop..00:32:42.248.ERROR.Socket unable to read..00:32:42.248.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:32:42.248.ERROR.WebSocket connection error getscreen.me/signal/agent..00:34:55.235.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:35:22.686.INFO.Socket connected to getscreen.me:443..00:37:20.929.INFO.Signaling force websocket stop..00:37:21.881.ERROR.Socket unable to read..00:37:21.881.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:37:21.881.ERROR.WebSocket connection error getscreen.me/signal/agent..00:39:34.578.INFO.Signaling force websocket stop..00:40:56.876.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:43:20.953.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260407.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.806656707462825
                                          Encrypted:false
                                          SSDEEP:3:OJ1UQXINF+WgIO0/Vyn:OJ1FXIX+WgIJUn
                                          MD5:C3ACDFFAB1E44C7D1B472D19652B2C08
                                          SHA1:404D9AD33309AECE40BAEF0F1DD5666C91ADD174
                                          SHA-256:7CAE90E8191E5F376ABDA5D4BFE4AB709E796A3E8EC9B2E964DE3CA14C953A04
                                          SHA-512:3405440FDEA3B48095945A1B77872348866D0839FB23988E79A0B42243B76F00ABE0510D4F436535E03211F2B5A3AFA1B9B686970E72F0D5569D53B0499F0B2A
                                          Malicious:false
                                          Preview:03:59:02.768.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260409.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):336
                                          Entropy (8bit):4.822903221360098
                                          Encrypted:false
                                          SSDEEP:6:SUauaXXIX+WgIJU4NPQXIX+WgIJU4/fsXXIX+WgIJU4/WmXIX+WgIJU4/br2XIXL:SvRXSPQPzm0r2nNm5
                                          MD5:58CD262E277963372AE3327B870499CA
                                          SHA1:E90A43D765B4A1EF7C02F0619085A9003D52760E
                                          SHA-256:3813253EE4AD900F76CF98D61FF5F274B2515D590A0E5B371E18AF0F9B9E4947
                                          SHA-512:4022ABBBA3A31B011D58E95037FE482A0D1CE260C6C20200384EFB52678B64F12709EFDFABB20AF78FA713E423ABFC6B624B912985D2B3CF6D9DFFEBB869EBCB
                                          Malicious:false
                                          Preview:07:16:06.219.INFO.Signaling force websocket stop..07:19:09.612.INFO.Signaling force websocket stop..07:21:34.842.INFO.Signaling force websocket stop..07:24:00.128.INFO.Signaling force websocket stop..07:26:25.278.INFO.Signaling force websocket stop..07:28:50.608.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260411.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4552
                                          Entropy (8bit):4.9962399326583995
                                          Encrypted:false
                                          SSDEEP:48:7L5LOHbDl4j920eFDmmTkDJFAvya56D4XR0pt2SD6bXEDALgDIYvHaTjDaAkNtVM:7tpj92VAmIw5hAOb0DE1SGk7/nB2T
                                          MD5:A8F7E59ACB69046E79AE613423047223
                                          SHA1:2909179A6DD3B5A4CB442B4E7E024F167D846DFD
                                          SHA-256:405B693C885E2BCC5470CC82D482D23ED447C1A2C46DDD0531F1561E3E86680E
                                          SHA-512:2A9D249830CC6639324F2A7C752EF2E1A5AE5325AA58D77E004C7FA0CC5267B8904CC11EF0699871E84D6AC70D77372E445090F143A409E7F2568CC08548B595
                                          Malicious:false
                                          Preview:10:44:32.924.INFO.Signaling force websocket stop..10:47:08.202.INFO.Signaling force websocket stop..10:49:33.655.INFO.Signaling force websocket stop..10:51:59.000.INFO.Signaling force websocket stop..10:53:04.950.INFO.Socket connected to getscreen.me:443..10:54:24.521.INFO.Signaling force websocket stop..10:54:25.874.ERROR.Socket unable to read..10:54:25.874.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:54:25.874.ERROR.WebSocket connection error getscreen.me/signal/agent..10:56:51.013.INFO.Signaling force websocket stop..10:57:08.283.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:57:30.502.INFO.Socket connected to getscreen.me:443..10:59:35.977.INFO.Signaling force websocket stop..10:59:43.169.ERROR.Socket unable to read..10:59:43.200.ERROR.SSL handshake error: error:00000000:invalid library (0):OP

                                          C:\ProgramData\Getscreen.me\logs\20260413.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1122
                                          Entropy (8bit):4.968069994815454
                                          Encrypted:false
                                          SSDEEP:24:gRZeGAXtvnzipdjDA2AWmGrtvJgjE8DAgzniGQtvv:kZ3Y+djDDAWfBCDxDA3
                                          MD5:63AAD0EEC7583883C78C6B9CC309F27E
                                          SHA1:A942DD8F946827A8B806B9AEE818E16B85375A96
                                          SHA-256:7A8B525FFE43C299C0F9F90C1E5065E7465DA5D6C9E3EC1D7A2148E043A1FA45
                                          SHA-512:AF49C089526F3C50E3E9CBA2F37F14154BB7A5BD89520C1250B65B93BF4D7EEF58445702F3155E7EC89593AADBFCFF22546B5F231E090081F63C578B0D74DB35
                                          Malicious:false
                                          Preview:14:52:23.520.INFO.Signaling force websocket stop..14:52:28.475.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:53:51.967.INFO.Socket connected to getscreen.me:443..14:56:04.141.INFO.Signaling force websocket stop..14:56:05.274.ERROR.Socket unable to read..14:56:05.274.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:56:05.274.ERROR.WebSocket connection error getscreen.me/signal/agent..14:57:44.521.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:58:03.728.INFO.Socket connected to getscreen.me:443..15:00:08.891.INFO.Signaling force websocket stop..15:00:09.253.ERROR.Socket unable to read..15:00:09.725.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:00:09.725.ERROR.WebSocket connection error getscreen.me/signal/agent..15:02:03.418.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260415.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.961087643341857
                                          Encrypted:false
                                          SSDEEP:6:EMfcr2XIX+WgIJUUWY2dOMRY2dOud2M0CCQP5K0C2Y2dKDNBQEQA8pXIXNLD4EQa:EMa2KWPDP1Qj8P40/G516Chg0tvvn
                                          MD5:EE696DC1910438DB03255DEE2ABE3DFF
                                          SHA1:0F4884C2B0F0F98385EDDF37D8096BE0D6E95DBB
                                          SHA-256:554F2AD08DACCBB432A4C640287C6DC0DAECAAAA815D6C80914588EC28D2C96F
                                          SHA-512:895785428C0011C701D8D9DE4CB5F54DF0BE5F16D8B2F532FB3C87AF2F38CA6842E3F26ABFD4EAD235F12FA1A05204C65436C5BF4D0BC241942D0CDE9A7C3A68
                                          Malicious:false
                                          Preview:18:18:25.086.INFO.Signaling force websocket stop..18:19:29.886.ERROR.Socket unable to read..18:19:29.886.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:19:29.886.ERROR.WebSocket connection error getscreen.me/signal/agent..18:21:18.230.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:21:20.729.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260418.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):367
                                          Entropy (8bit):5.005798136174465
                                          Encrypted:false
                                          SSDEEP:6:YdR2XIX+WgIJUEwUjMCwUjud2M0CCQP5K0CWUnDNBQEQaEX2XIX+WgIJUn:YdR2T5ZQj8P40Zi5bw25
                                          MD5:A60ABB669377444A958186773FE5A241
                                          SHA1:76F3DA02E73EFEF3AF60D638ACD7C8902CDCE9AE
                                          SHA-256:902967ABA830BF08919B454F210DD893C74854BC5103E6362F3875549303982F
                                          SHA-512:2AC01E87A219179047CAF82AA27494ED79F578EC4E5BCF8986FC4CF9C0BC8063042581D62EA0CAEDBB2469B64C3D3E7BC716E0686CFFB75F7367C47C04A7213F
                                          Malicious:false
                                          Preview:21:35:48.394.INFO.Signaling force websocket stop..21:35:51.704.ERROR.Socket unable to read..21:35:51.704.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:35:51.704.ERROR.WebSocket connection error getscreen.me/signal/agent..21:38:17.304.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260420.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1178
                                          Entropy (8bit):4.960625925377122
                                          Encrypted:false
                                          SSDEEP:24:mjmG3tv2g7DAfKEsGFtv+vi03VODAdV5k8G7tvv:q9/DqD32p30DyLkxR3
                                          MD5:654965B4895B6AC76249B5D955552866
                                          SHA1:A743BCE0296C3A21538E5D33333FE10F06C61E3E
                                          SHA-256:385EC34D0BE6E05DC44A0875C9BEB1287E4215B7F4EB46A37BA46E827F2065CE
                                          SHA-512:CEB48D62151F45ACD9762A735B1670E2D53967C30CA657F5B0D6BF2903F3A32F8F3C48AB3EC5255D5582CBEB3160CED969E742737572A44C9AD7C383FEC0F5C0
                                          Malicious:false
                                          Preview:00:52:51.092.INFO.Signaling force websocket stop..00:52:54.284.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:53:22.978.INFO.Socket connected to getscreen.me:443..00:55:23.844.INFO.Signaling force websocket stop..00:56:50.934.ERROR.Socket unable to read..00:56:50.974.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:56:50.974.ERROR.WebSocket connection error getscreen.me/signal/agent..00:59:16.217.INFO.Signaling force websocket stop..00:59:57.019.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:00:01.961.INFO.Socket connected to getscreen.me:443..01:02:20.921.INFO.Signaling force websocket stop..01:02:21.943.ERROR.Socket unable to read..01:02:21.983.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:02:21.983.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20260422.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):918
                                          Entropy (8bit):4.952522870685578
                                          Encrypted:false
                                          SSDEEP:12:QCvQQj8P40B5MYChztvvO58A/Qj8P40CI5Dd2Ch4n2tvvn:QCoDAaMYGztvW58A/DAfUwG42tvv
                                          MD5:222BDC919D34497F650887D61FC3FB02
                                          SHA1:11252F6AC86851AB546403226D90859A502F1AB3
                                          SHA-256:B6C61DBDF77A9300836976BEAFD079CE31A623CE4884EA6625DCCE11FAB622CA
                                          SHA-512:A9B20C44C73C0F467627ADB6AF2FE55925598020D8ECB50C18064D3012E901693E681E1401D3576453E985E2A4159CF6AA1B018F04057674E48AF05495C0106A
                                          Malicious:false
                                          Preview:04:20:30.699.INFO.Signaling force websocket stop..04:20:36.331.ERROR.Socket unable to read..04:20:36.372.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:20:36.372.ERROR.WebSocket connection error getscreen.me/signal/agent..04:22:47.451.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:22:54.403.INFO.Socket connected to getscreen.me:443..04:25:12.369.INFO.Signaling force websocket stop..04:25:12.740.ERROR.Socket unable to read..04:25:12.780.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:25:12.780.ERROR.WebSocket connection error getscreen.me/signal/agent..04:27:03.204.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:27:05.734.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260424.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.969364115999104
                                          Encrypted:false
                                          SSDEEP:6:S5XIX+WgIJU45Gp7MufRGpzjHud2M0CCQP5K0CLGpzjDDNBQEQ4:S5MGpxRGp2Qj8P40jpf5T
                                          MD5:5309358DCFA07181C657A2628DA4F908
                                          SHA1:3D35A401DD8E437A6224B837C8B99AAC958D98D2
                                          SHA-256:F2854E0019A8AAC05398088913865D5D48C2979872A3355B98CDAB219A8D938B
                                          SHA-512:7CD650FC41CEA69F757DFE795F8447E959E18146856250664B8BE89370D7836693FE7B3135D1DE291C347938DD048A8C630E54DC84D110346FF63C9F51B82C81
                                          Malicious:false
                                          Preview:07:41:47.988.INFO.Signaling force websocket stop..07:41:52.149.ERROR.Socket unable to read..07:41:52.189.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:41:52.189.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260426.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.786704087651043
                                          Encrypted:false
                                          SSDEEP:6:MIH2XIX+WgIJUUWaX2XIXNLD4EQ/WsridzvRWl8Rvvn:MIWKWdCh0Wsritvvn
                                          MD5:BC0012170573FCB0BC5BC03F380D2267
                                          SHA1:B882D03C8692BB66316984F8BB27595A3F1A1DB3
                                          SHA-256:BA797D416C5C0CF53DF2E56133679D228BBBE7E40046ECD1AB3DCE5EAA220C05
                                          SHA-512:0BFFF588E20E0448E8B39EAABE4EF10020C79E870D3F2440ECE22629DE4769673F81F1BABD9AE74FED5A0A9EECF6F2E25764243FAB2C12C65DF7118DCCDD3305
                                          Malicious:false
                                          Preview:10:57:49.877.INFO.Signaling force websocket stop..10:58:27.307.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:58:32.450.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260428.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.983299887874896
                                          Encrypted:false
                                          SSDEEP:6:IJXIX+WgIJUUvMpbud2M0CCQP5K0CAfDNBQEQbvXXIXNLD4EQ1Z8yn2dzvRWl8R3:IJKI6Qj8P40vb58/ChPRtvvn
                                          MD5:04EC34C2A345F2314A6630A058FE02CA
                                          SHA1:9F05444CAF6754AF10DB563FB65BB77C04C656C3
                                          SHA-256:0C7C7B9EB0AAE20203EF929DDD6E25F12B18D632FF6200B16B188E0CF1E15966
                                          SHA-512:338669A4B6C802EA7BFEDC56F96D0588D5D1D97CB07EE5DA6EA47A45B09C00636B4AC55572554C8C483BDD6A985535D98BC487AA5A95E238F310F32420D649A4
                                          Malicious:false
                                          Preview:14:13:33.050.INFO.Signaling force websocket stop..14:13:37.766.ERROR.Socket unable to read..14:13:37.796.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:13:37.796.ERROR.WebSocket connection error getscreen.me/signal/agent..14:15:59.829.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:16:00.495.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260430.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):367
                                          Entropy (8bit):5.02704419206122
                                          Encrypted:false
                                          SSDEEP:6:k2XIX+WgIJUU3BMoBud2M0CCQP5K0CXhgDNBQEQsXXIX+WgIJUn:vK3ZMQj8P40YK59X5
                                          MD5:50AE8A5686F5E2A952E35B2BDBF5704E
                                          SHA1:30AEF1888CB8B7D3F738AC3E392CAE2103DBDFFA
                                          SHA-256:E5B248A806A7DF77B5E6E8BC3F65BC7A9C3D4CC341809B42B1503762B88369BE
                                          SHA-512:5F6C6AA86632C73401985B6AE42EC06AE8E69611ACF35BA330031C05B3704EF5FE3D3CBFEB631D1015AD5FDDFBA6ABF87FB6BEC5A6E89D94E1AE36E85CBE4AF8
                                          Malicious:false
                                          Preview:17:32:22.899.INFO.Signaling force websocket stop..17:32:27.835.ERROR.Socket unable to read..17:32:27.835.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:32:27.836.ERROR.WebSocket connection error getscreen.me/signal/agent..17:34:40.891.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260503.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.737294384935488
                                          Encrypted:false
                                          SSDEEP:6:ofL2XIX+WgIJULwjmXIXNLD4EQj1pWXdzvRWl8Rvvn:1VwiCh+1gtvvn
                                          MD5:F0A0B16929EF0543F6B4770E9334E5F5
                                          SHA1:BFF7D9D9FA9F44BB1CA8752655B1C01095275C95
                                          SHA-256:562F0310550C17F9990F4D017C8900F4E5277C0883CE0A105477C31269C1050A
                                          SHA-512:D6A17C0F945A4FAC446453AE594ADCC0DFD416F4EA1FBE58D42FA4E071ED2FD087ED9839416E5119146CD6DD04E58060D26BBB3E503B88E1F1670D860143C3C2
                                          Malicious:false
                                          Preview:20:49:40.585.INFO.Signaling force websocket stop..20:49:44.343.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:49:49.741.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260505.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.934975324592635
                                          Encrypted:false
                                          SSDEEP:6:rQXIX+WgIJUUMqud2M0CCQP5K0CCIDNBQEQYV9K22XIXNLD4EQJMdQdzvRWl8Rvv:0HQj8P40+5sVChhytvvn
                                          MD5:7B36F464933A2A0FB774ED2DE31042B0
                                          SHA1:AB280E98108E512EC83D4E3E09A0F5D17F46FF97
                                          SHA-256:A96C15D8EB8A4E4C13D6591891CFCA575ADB2DBC75812EEBF2ACF8CF30AD260E
                                          SHA-512:103875CD1FABF174EA35DD058C517104551FA8B34A54DC916BA0231696A17C8722185E5A8E4879FCEE2F1D863DC95909164DC861224FBA072F26EE506DBFCBBA
                                          Malicious:false
                                          Preview:00:06:21.692.INFO.Signaling force websocket stop..00:06:25.917.ERROR.Socket unable to read..00:06:25.917.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:06:25.917.ERROR.WebSocket connection error getscreen.me/signal/agent..00:08:20.372.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:08:20.638.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260507.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2922
                                          Entropy (8bit):4.979708888350474
                                          Encrypted:false
                                          SSDEEP:48:OLD19OIjDdI+i2DaNRskDjmjNaDDflZmDJMR3:O9x52Nz8WlAMt
                                          MD5:4461F4DA2820692E3E39291E5CEFF9D4
                                          SHA1:9DDC682944A4547750F5227024CE38A70CBBF27B
                                          SHA-256:ABD3FF6A1B8E5296C2A3B3EDCE2D855C6649DA14679FF5BFBEAE82087E66DE44
                                          SHA-512:5FE2876A592C9C8F5C9D8E87A1B59BF2FBB346A15F3ABD1587E440D53C429BB415150D0DE21A370B94ADDE5A1B193E30997223B04FADE5C0D7B28B2BECA52428
                                          Malicious:false
                                          Preview:03:24:44.763.INFO.Signaling force websocket stop..03:24:49.727.ERROR.Socket unable to read..03:24:49.757.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:24:49.757.ERROR.WebSocket connection error getscreen.me/signal/agent..03:26:15.924.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:26:21.047.INFO.Socket connected to getscreen.me:443..03:28:41.749.INFO.Signaling force websocket stop..03:28:42.080.ERROR.Socket unable to read..03:28:42.080.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:28:42.080.ERROR.WebSocket connection error getscreen.me/signal/agent..03:30:30.115.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:30:33.063.INFO.Socket connected to getscreen.me:443..03:32:43.070.INFO.Signaling force websocket stop..03:32:43.210.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20260509.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1341
                                          Entropy (8bit):4.990226203551448
                                          Encrypted:false
                                          SSDEEP:24:PIjVIDATTIriGTtvc8Ra+iNiDA/h6ZigGotvZ2ASODA45T:AjeD+kvZPicDS66IBvSODD5T
                                          MD5:2506490E577C7596C8D50CDB17837E1A
                                          SHA1:11DB8860673EB49396C9161252F43342DB2456A0
                                          SHA-256:1E51A8924839F58C32A546995BEA13475A35212C468E3DF120B0C1AC6469EEA3
                                          SHA-512:9B1BB33283D0EE0AB8072AD7F5E756DABCBF722BCE045640744E022714E4DC7CCE71C576107C7F7BE3F48EBFC7F5B51E67380A572660C98D6AF528C65C946324
                                          Malicious:false
                                          Preview:07:06:06.505.INFO.Signaling force websocket stop..07:06:13.588.ERROR.Socket unable to read..07:06:13.588.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:06:13.588.ERROR.WebSocket connection error getscreen.me/signal/agent..07:08:26.040.INFO.Signaling force websocket stop..07:08:52.915.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:08:57.843.INFO.Socket connected to getscreen.me:443..07:11:18.331.INFO.Signaling force websocket stop..07:11:21.086.ERROR.Socket unable to read..07:11:21.116.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:11:28.462.ERROR.WebSocket connection error getscreen.me/signal/agent..07:13:46.511.INFO.Signaling force websocket stop..07:14:02.387.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:14:10.905.INFO.Socket c

                                          C:\ProgramData\Getscreen.me\logs\20260511.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4982
                                          Entropy (8bit):4.997224576003849
                                          Encrypted:false
                                          SSDEEP:48:cnG5DvI9N6D1rvAYe7DEYjNayWyDlFjBSUlDXt3fDlXjKDf/uvD0nbfLRDCC+z8r:cG1IqDXeUYjNpjBdBt5X8/PnXgC+2T
                                          MD5:D771C7F5E80B679BDE669357351B8C87
                                          SHA1:0887077621E8A030EF9A66FE74A2B576ABE18FBB
                                          SHA-256:476C99FA039FB4708C427E13C234B71B817F84EEC9A9865CC096FEB4B2D55056
                                          SHA-512:155143E2DD7EBB81FADFCAE5D019D32462946EB6F0A4FEFB2B33C548240A9286A2389159A3A335177562ACB19F28E11BA4B5113EEE388079448025B91CC62985
                                          Malicious:false
                                          Preview:10:31:12.653.INFO.Signaling force websocket stop..10:31:41.129.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:33:38.280.INFO.Socket connected to getscreen.me:443..10:35:10.652.INFO.Signaling force websocket stop..10:38:07.597.ERROR.Socket unable to read..10:38:07.617.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:38:07.617.ERROR.WebSocket connection error getscreen.me/signal/agent..10:40:32.782.INFO.Signaling force websocket stop..10:42:02.859.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:43:02.660.INFO.Socket connected to getscreen.me:443..10:44:26.896.INFO.Signaling force websocket stop..10:44:32.575.ERROR.Socket unable to read..10:44:32.605.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:44:32.605.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20260513.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1086
                                          Entropy (8bit):4.998411382113921
                                          Encrypted:false
                                          SSDEEP:12:ItKgChWsmtvvqOK+7xQj8P40TK5Fs2KTiChctvvNXK6QRQj8P40oq5gX5:M9GctviO/DAbC2GiGctv1XH2DAQ85
                                          MD5:1DD3BACEA4216A52A9D1724526AFD181
                                          SHA1:963311CA12FB374780501E9D5693C9A7BFD3ED16
                                          SHA-256:65ECFEE4A527EB838B0CE6CE19C072C2D1EB36811F89DE102979B8411E4DDED1
                                          SHA-512:F122FAEFF91E620E585E6BF75536005A4E97815F334A376CFDF79871044B4B388A4E05E4AA8FFACEE339C5F5A41B9E5DE27C36C54C97E2E8995EE782F548F353
                                          Malicious:false
                                          Preview:14:38:10.445.INFO.Signaling force websocket stop..14:38:13.982.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:38:17.760.INFO.Socket connected to getscreen.me:443..14:41:23.660.INFO.Signaling force websocket stop..14:41:26.798.ERROR.Socket unable to read..14:41:26.798.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:41:26.798.ERROR.WebSocket connection error getscreen.me/signal/agent..14:43:52.086.INFO.Signaling force websocket stop..14:44:03.478.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:44:12.230.INFO.Socket connected to getscreen.me:443..14:46:27.180.INFO.Signaling force websocket stop..14:46:28.478.ERROR.Socket unable to read..14:46:28.488.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:46:28.488.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20260515.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2866
                                          Entropy (8bit):4.993776113128979
                                          Encrypted:false
                                          SSDEEP:48:E3g/qDnaOdDtsge8HhDfylVM4DRg+avhD2ySIaKDZT:SgEa0sBllgLS0T
                                          MD5:2AA5E78425A45176FF05A06FD6F0B80E
                                          SHA1:C4EEEE92BAFD62A5A59691B355D2893F835FD74C
                                          SHA-256:979386434A20BD70D5F6735E80ACF1E2AC03F1A4114049279089BC6B53672068
                                          SHA-512:AF3038D1ABD1CBE9B2F459B8FD6945CFD58763D157CDFB98B6D1864B0FDCD054C761DC19BC2A846420F1D393B4687C9E49A57D817816A485AE3B1D7290080807
                                          Malicious:false
                                          Preview:18:03:26.078.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:03:26.282.INFO.Signaling force websocket stop..18:03:41.384.INFO.Socket connected to getscreen.me:443..18:05:44.990.INFO.Signaling force websocket stop..18:05:45.071.ERROR.Socket unable to read..18:05:45.071.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:05:45.071.ERROR.WebSocket connection error getscreen.me/signal/agent..18:08:10.754.INFO.Signaling force websocket stop..18:08:27.871.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:08:36.601.INFO.Socket connected to getscreen.me:443..18:10:53.229.INFO.Signaling force websocket stop..18:10:53.540.ERROR.Socket unable to read..18:10:53.540.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:10:53.540.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20260518.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1178
                                          Entropy (8bit):4.998391308461941
                                          Encrypted:false
                                          SSDEEP:24:3kMuGBjtvu98DA+CboGBKXtvuRNDDAKbmMUDGZzmtvv:VDGWD3CbFkGDDnbmdaZW3
                                          MD5:426356EA8D704DD47728A4AD7F35634B
                                          SHA1:EC9F3045B9FE3EE7D0610806FF5BFE6C0642392D
                                          SHA-256:2F1DF2C092D3B116E7123AD6AF1E40405262929D97A05151769F3017CE3E030C
                                          SHA-512:CA4FFA547BA7A26521546B1F704FDB92E0A8E5DF71164EB1E7FCBB42C9ACB38CCE0AB2407D58DF8CABF9F2581AD8649E1333361022AC7116B7969D77F59894E0
                                          Malicious:false
                                          Preview:21:41:39.575.INFO.Signaling force websocket stop..21:42:20.760.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:42:24.988.INFO.Socket connected to getscreen.me:443..21:44:33.548.INFO.Signaling force websocket stop..21:44:33.769.ERROR.Socket unable to read..21:44:33.799.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:44:33.809.ERROR.WebSocket connection error getscreen.me/signal/agent..21:45:59.673.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:46:01.939.INFO.Socket connected to getscreen.me:443..21:49:10.043.INFO.Signaling force websocket stop..21:49:11.606.ERROR.Socket unable to read..21:49:11.958.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:49:11.968.ERROR.WebSocket connection error getscreen.me/signal/agent..21:51:36.838.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260520.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.952254189828213
                                          Encrypted:false
                                          SSDEEP:6:gHtmXIX+WgIJU+9fMofVfud2M0CCQP5K0CJbDNBQEQYGXyas2XIX+WgIJU+9IXXP:4mg979WQj8P40C5k1XgmXChKXtvvn
                                          MD5:414B17781BD658AA14F32866CD48B4C5
                                          SHA1:EB07E3E604AB5D4EF6E83064FAEB362CDD8BF69B
                                          SHA-256:CD05716AC04E5E7F057286DBC2FDD8326E35DA6A711A804C8BE337917B8A1783
                                          SHA-512:4F9A670CC14EA396744D80C0267891D4BFCBF4FCA9035D316B30E991BC311F564E251DA3CAE4E55084EFAF5181D1D409FAC948B2DEF7A014019B881E7BCB0F62
                                          Malicious:false
                                          Preview:01:08:11.480.INFO.Signaling force websocket stop..01:08:15.476.ERROR.Socket unable to read..01:08:15.476.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:08:15.476.ERROR.WebSocket connection error getscreen.me/signal/agent..01:10:40.655.INFO.Signaling force websocket stop..01:10:44.283.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:10:49.671.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260522.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.955724499013276
                                          Encrypted:false
                                          SSDEEP:6:8aR2XIX+WgIJU2eM0isg3aHud2M0CCQP5K0CG/VbDNBQEQ4:8aR2AsyaOQj8P40N/5T
                                          MD5:E17D97DAA83FD5405C27EB8895163593
                                          SHA1:1C9E41A84DDDE13359813E1EB07E8AF719B848D3
                                          SHA-256:97AB6C41DBBB0C753015D32686C80047AE62D44AE574D65557062CAE05757080
                                          SHA-512:E210A7834BBEAE53F4C3992925B506AAC7BBC7A51923AFE9D630A150259BE9F108824E1C55E024326E4CA85760921C3E9EDED81EC95034E6CED36E1CA5734A0D
                                          Malicious:false
                                          Preview:04:25:52.824.INFO.Signaling force websocket stop..04:26:56.990.ERROR.Socket unable to read..04:26:56.991.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:26:57.001.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260524.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.806656707462825
                                          Encrypted:false
                                          SSDEEP:3:SRPaVs4mXINF+WgIO0/Vyn:SxXIX+WgIJUn
                                          MD5:93A441211934E3E0B2EFCB5B8142E83F
                                          SHA1:93527F646E8F5D06E88238FDF5C82911E803B82A
                                          SHA-256:C34CCCED44DED2AA187509643D86D9FFF40E8551A3F245050CC1454C48DE24D3
                                          SHA-512:550D9923FA27A76AC2871DB93D2C99892A3B671D346A50D55D2DA8EC53A3BED94E87F5C6A73E424D0EE23E844634997937EA1633F4F6810AB692D4197154CAA8
                                          Malicious:false
                                          Preview:07:42:13.890.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260526.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.794104945515391
                                          Encrypted:false
                                          SSDEEP:6:MRqXIX+WgIJUUo2XIXNLD4EQas2dzvRWl8Rvvn:MRqKrChRtvvn
                                          MD5:7321AF60DC2C84B0E95080CF58D26DB5
                                          SHA1:4CD48F45534DA90510DA7E39A801A83EAC1D9FBA
                                          SHA-256:D5E862C335BA220A8838A8B7C0692A00ED9D56DC5D8E4AF65A72ED33263D8CF6
                                          SHA-512:6A264FE5137A8B78D49A3C23DAAF6A2E9FD2C13EC59FC719FAB4646A5435EEA6A682E867A94FCF8DC3AC748D80E92DD2BFFCAB4743EFB567120124DBFC1EFEE8
                                          Malicious:false
                                          Preview:10:57:24.862.INFO.Signaling force websocket stop..10:57:27.945.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:57:37.025.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260528.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.960063510384056
                                          Encrypted:false
                                          SSDEEP:6:ImXIX+WgIJUU2kMRkud2M0CCQP5K0CWgDNBQEQ4:ImK2DxQj8P407K5T
                                          MD5:5C398FD0CF3B276E664989489D0250F2
                                          SHA1:48E2B1DBD1AEE1B639EA7E17C030C64B28FF4FC0
                                          SHA-256:19634EEB85FE7AF8F5549778F190B9016A8F5EA8BA1A72051F1F73CB1DA7E409
                                          SHA-512:3508085A1C84EC978E2636B5B43719D742D4ED922EE0FACDCE002A8848AB166CF077137A1F16DEE85964B7AE754F34B8EA651FAA167A80545788C88F80C8DB52
                                          Malicious:false
                                          Preview:14:12:26.850.INFO.Signaling force websocket stop..14:12:31.570.ERROR.Socket unable to read..14:12:31.570.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:12:31.570.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260530.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.735228136034253
                                          Encrypted:false
                                          SSDEEP:3:L/xWT5r2XINF+WgIO0/Vyn:DwFr2XIX+WgIJUn
                                          MD5:677D0911E2E45A1BBB7632FC101B9472
                                          SHA1:4438A836CEA1B7182B8CA2AE18015182CB7D6F9B
                                          SHA-256:DEF37E8536DE8BD00E4923A0B299E9537E94BC4F638FDAE049A6F526A392B6E3
                                          SHA-512:1AB223EE2F9FA463A5D44854F9DC145EEE0B488CA73D98A76ED2C6E4C463C3AFC1177A726BD7923F363BE3C5149C9F8A465001BB0673CE53A8FACBA72049C276
                                          Malicious:false
                                          Preview:17:27:56.456.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260601.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.96900768548519
                                          Encrypted:false
                                          SSDEEP:6:quX2XIX+WgIJULWAXIXNLD4EQj2zHs2dzvRWl8Rvv2yaXXIX+WgIJULq+KHMNqkD:qRVWACh+2z3tvv2XVmekQj8P40Zu5T
                                          MD5:A004D484C04F18023BE94C6566613AE2
                                          SHA1:785C14363DD7C32E7F545E344B86BC355B06E2D3
                                          SHA-256:D04DA1F5CE320EFBF1B6580ACF3041743C364C36447D8B7B89B29579BB6A31AB
                                          SHA-512:9B00AAEC99501DD6873394EB1DCAE761BDC396B2B26A00BF9FE93DC1284DDFE20430285F2B32F90C14DB254956BA60DA9FDC691DE62387B02A666BD3BBDABAE3
                                          Malicious:false
                                          Preview:20:42:44.385.INFO.Signaling force websocket stop..20:42:48.380.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:42:52.205.INFO.Socket connected to getscreen.me:443..20:46:01.139.INFO.Signaling force websocket stop..20:46:01.139.ERROR.Socket unable to read..20:46:01.149.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:46:01.159.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260604.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):663
                                          Entropy (8bit):4.8926235955928155
                                          Encrypted:false
                                          SSDEEP:12:62S2Ch7tvv7ngK4Qj8P40T5OdXChytvvn:62S2G7tvDnj4DA0yXGytvv
                                          MD5:48929C3FA5C45C905B78CB34C030E539
                                          SHA1:9724DE12436E429440F9C3E4A585D34662CF6B01
                                          SHA-256:DD56C9CA57708440758F86BB2C2D2C9807FAE61DDAACA7B81E5922F8CCAB6BB6
                                          SHA-512:1F12ADDAE26C55E27935AF84055F406ED1F7E68D277E0C1E8427ECFFD24565B8B5E748CD5F2B61C871AB1AA5BAB4FD09D5C1094CBCB61FFB2A0A55F65FC2588A
                                          Malicious:false
                                          Preview:00:02:08.106.INFO.Signaling force websocket stop..00:02:18.806.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:02:26.411.INFO.Socket connected to getscreen.me:443..00:04:42.038.INFO.Signaling force websocket stop..00:04:42.339.ERROR.Socket unable to read..00:04:42.349.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:04:42.359.ERROR.WebSocket connection error getscreen.me/signal/agent..00:06:18.832.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:06:22.229.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260606.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.996823222266052
                                          Encrypted:false
                                          SSDEEP:12:OzfXjmJSnqS2Qj8P407Sf5GbiChTWr2tvvn:OzPicp2DA7BGbiGTWitvv
                                          MD5:96D913CAD7B8A35A09A9B8962A6E6CE4
                                          SHA1:211F88AA2C21B99EF65AE9A2C42A38E7219ECA5B
                                          SHA-256:DC41AFAE3BA1D3E52DD186DE0C6C6BD8D5DCD0CB18E77D0263DBA49727B5EB3F
                                          SHA-512:D5955FFBD285407F747EBEED0316D0F3714B93E21C143230049AA7FEDB432E718C7275A8969CD1F7148767EDB9D255D148ABE46ACA9FA8D20693B4DFAE614464
                                          Malicious:false
                                          Preview:03:20:51.888.INFO.Signaling force websocket stop..03:21:59.769.ERROR.Socket unable to read..03:21:59.789.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:21:59.789.ERROR.WebSocket connection error getscreen.me/signal/agent..03:24:24.999.INFO.Signaling force websocket stop..03:24:33.337.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:24:40.074.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260608.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.980929444227591
                                          Encrypted:false
                                          SSDEEP:6:BdqXNriXIX+WgIJUhuBEMbuBEud2M0CCQP5K0CEjuBADNBQEQYT5maXXIX+WgIJ3:BK5ikqRQj8P401kq5tTXwLQCheMTtvvn
                                          MD5:3C1B1BE2E76484873195AF76C6557FB5
                                          SHA1:A9DBCD8820E589E503AC79AF75699D5EDF1234E7
                                          SHA-256:2B180346D6636A53EEE3A69F02C53BDF0BAE00FE3FD71E39E0D5285C9CA9AC22
                                          SHA-512:26CB336CB91F91D2A7E7F15A898D1A2B1ADA2D93D4E89EFE8FB5ECC059C618C30B2C5C739554976796B2291589AE581624FADCE43CE5ACDDC0B846731EC8AF88
                                          Malicious:false
                                          Preview:06:39:28.232.INFO.Signaling force websocket stop..06:39:35.762.ERROR.Socket unable to read..06:39:35.762.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:39:35.762.ERROR.WebSocket connection error getscreen.me/signal/agent..06:42:01.039.INFO.Signaling force websocket stop..06:42:34.695.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:42:44.303.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260610.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.977796386641487
                                          Encrypted:false
                                          SSDEEP:6:4xVQXIX+WgIJU257bMgfRCkud2M0CCQP5K0CVCgDNBQEQlYon2XIX+WgIJUUfRza:YKoJOQj8P4005oXn2KfxChBu2tvvn
                                          MD5:F670C58E85FEE313B54545691CF95B76
                                          SHA1:74315C122723933EDF2815153D8EB9DBDD63958F
                                          SHA-256:C2B67B4635BA457EF91297C2E2264FBC5D6A50857DA378DF0E94CAE455561B8A
                                          SHA-512:3F13541CC798F15EEE743FA620EA8FB47DD40213E62F7D322E64111D0D924AB6D06E5AB86633427F7C90C73981C680D161D4B9A2EB1392889E4CE1CF0C6C44DF
                                          Malicious:false
                                          Preview:09:58:58.848.INFO.Signaling force websocket stop..09:59:05.653.ERROR.Socket unable to read..09:59:05.673.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:59:05.673.ERROR.WebSocket connection error getscreen.me/signal/agent..10:01:18.356.INFO.Signaling force websocket stop..10:01:41.333.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:01:45.386.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260612.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2203
                                          Entropy (8bit):4.995367143206398
                                          Encrypted:false
                                          SSDEEP:48:pBDdS8+fMDkzftBf4DdadfBDM2aDvdUfsRD/T:s8yzft+a0zrDT
                                          MD5:9BB55E5E7635AA9DAD67E8531FCE0A4B
                                          SHA1:241D85226B55CE55E5EA7EB4D827070782C4B19A
                                          SHA-256:7A84C676DC8FDB57B15F37AE0D77AF88BE37A95129802FC2DCB02B6758A3DBA8
                                          SHA-512:0853DCC06BE8EE6060BD63E91D854B47319E3DA951CB4C9D4E312389CE4667665E1F6FF6EF7DA0BFAD636560C0752A692A40F074E4FBCC0EF7516EE7A8085C93
                                          Malicious:false
                                          Preview:13:17:18.498.INFO.Signaling force websocket stop..13:17:24.111.ERROR.Socket unable to read..13:17:24.141.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:17:24.141.ERROR.WebSocket connection error getscreen.me/signal/agent..13:19:49.304.INFO.Signaling force websocket stop..13:19:57.257.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:20:07.158.INFO.Socket connected to getscreen.me:443..13:22:21.885.INFO.Signaling force websocket stop..13:22:21.955.ERROR.Socket unable to read..13:22:21.995.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:22:23.542.ERROR.WebSocket connection error getscreen.me/signal/agent..13:24:40.387.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:25:44.405.INFO.Socket connected to getscreen.me:443..13:26:54.520.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260614.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2611
                                          Entropy (8bit):4.985641981256594
                                          Encrypted:false
                                          SSDEEP:48:WcvGDlwQjDzXta0tBD1SV6NCDexv5DsPiF63:v6wCdltzSwHx+iF0
                                          MD5:A08E053610F7712DF877F62D6A0D555C
                                          SHA1:50FE592E13C021B3E8F1AB70F34C3F353967A8F2
                                          SHA-256:8B21C3F5B1BB0A51CC6F440801546973A1F9827BB460442D88E794E9DD0CD3E5
                                          SHA-512:DEFA9280A4C2E537CB20571B1D4D719ECDD060F13FD2FEA82B60575BA1F534274C0F6CE685D56B37754E1E5ED6E829304C0322CD06DFA4CAF6478663D7FB7CCB
                                          Malicious:false
                                          Preview:16:50:50.431.INFO.Signaling force websocket stop..16:51:16.039.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:51:26.980.INFO.Socket connected to getscreen.me:443..16:53:40.191.INFO.Signaling force websocket stop..16:53:41.304.ERROR.Socket unable to read..16:53:41.304.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:53:41.304.ERROR.WebSocket connection error getscreen.me/signal/agent..16:55:25.513.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:55:49.270.INFO.Socket connected to getscreen.me:443..16:57:50.309.INFO.Signaling force websocket stop..16:57:50.370.ERROR.Socket unable to read..16:57:50.771.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:57:50.771.ERROR.WebSocket connection error getscreen.me/signal/agent..17:00:04.015.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260616.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.9727857814373
                                          Encrypted:false
                                          SSDEEP:6:yWs2XIX+WgIJUJkMsud2M0CCQP5K0C8sDNBQEQ4:fnQj8P40Zu5T
                                          MD5:7CD267D71A5742E21A193164A09F9E35
                                          SHA1:563553004CF6040D05D231DBC20011D6FFD13FC8
                                          SHA-256:ADFB915F9A94B9A410054595B741634A13208726C278050648E6D46083CABB94
                                          SHA-512:85D58B35B41C0795C675854E58C1C2A2A72FA41A7B31680970C4F5BDDFF358FCECC44F0846412DF8D10E4A4D8D8FED30F5316DB18FCDD0B8459063EE9C25EA30
                                          Malicious:false
                                          Preview:17:16:00.725.INFO.Signaling force websocket stop..20:32:35.896.ERROR.Socket unable to read..20:32:35.917.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:32:35.917.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260619.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):974
                                          Entropy (8bit):4.982849855728204
                                          Encrypted:false
                                          SSDEEP:12:EYbChetvvmaYZ7Zz6Qj8P40azb5b5iChh9mtvvQiYKrwQj8P4075T:EOGetvuaIt2DA1BbQGXmtvIisDAoT
                                          MD5:FD9AACF8BEBF9A9329565C697D68CED1
                                          SHA1:5AB8986D4656804116E93C9CEAF074A859AA2D61
                                          SHA-256:C47F8C1955DAA3A798639395A8E809CE30CB93C38170EB7FF4FC7E0D12F86B74
                                          SHA-512:8EA2B0E26A8E380159B3C4F8C43916152B5207A695B21A2154F53EF5FBB4927D7EC239A0E6ACE0D6ACAF0E67C697673476A498940D103ED089D1FCB04428D6E0
                                          Malicious:false
                                          Preview:23:48:01.301.INFO.Signaling force websocket stop..23:48:16.741.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:48:20.332.INFO.Socket connected to getscreen.me:443..23:51:33.671.INFO.Signaling force websocket stop..23:51:33.702.ERROR.Socket unable to read..23:51:33.764.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:51:33.764.ERROR.WebSocket connection error getscreen.me/signal/agent..23:53:37.870.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:53:46.361.INFO.Socket connected to getscreen.me:443..23:56:02.135.INFO.Signaling force websocket stop..23:56:02.496.ERROR.Socket unable to read..23:56:03.027.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:56:03.037.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260621.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):719
                                          Entropy (8bit):4.963450130484452
                                          Encrypted:false
                                          SSDEEP:12:O2KCsXChStvvxamvgBCQgBBQj8P40lgB65rChLs32tvvv5:OFCsXGStvwmIMjDAbArGAGtvH5
                                          MD5:47E8ED3730809D393D7819B33E90C728
                                          SHA1:CFDCABB7CFA5C835A2FC653B32C969924943D2D6
                                          SHA-256:2754C0C1E194DC7FBC5AE56A1048586F718FE2E5CCEFBAB70828E37B4EA84E98
                                          SHA-512:C5E3184862730E85D16C7673318D30A09729EF6D64F643B3956B99C9D635698DC9D8A6562EC57BE7215564122879210BB3D296F89A7B62280BF4553DF906AE98
                                          Malicious:false
                                          Preview:03:10:43.937.INFO.Signaling force websocket stop..03:11:29.461.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:11:37.985.INFO.Socket connected to getscreen.me:443..03:13:52.885.INFO.Signaling force websocket stop..03:13:53.206.ERROR.Socket unable to read..03:13:53.206.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:13:53.206.ERROR.WebSocket connection error getscreen.me/signal/agent..03:14:51.177.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:14:52.984.INFO.Socket connected to getscreen.me:443..03:17:02.640.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260623.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):403
                                          Entropy (8bit):4.92207225397607
                                          Encrypted:false
                                          SSDEEP:6:W6EMzVZkud2M0CCQP5K0CELVZgDNBQEQYTon5iXIXNLD4EQPohR2dzvRWl8Rvvn:W6brQj8P401xM5tWQCheoR2tvvn
                                          MD5:D6AE695D7C85068F35FCAA026DD03F0F
                                          SHA1:11A9F233C64649C041254675171BC45A7DBC78BA
                                          SHA-256:E6237243617CF3B18A4370E23E80FAB5C2ADDDA55749311F07D91C4B46E3F3C7
                                          SHA-512:BEBF4A48DAA96A04C983EC7DFB4D78E2955D6FF2CDEB109CCDDEEA12859DAA0B38D4DE62646A3A02404E0E5D51A1D78C93BD6C7ACDD2773DCA2EA59C33B9D6FB
                                          Malicious:false
                                          Preview:06:31:30.562.ERROR.Socket unable to read..06:31:37.477.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:31:37.477.ERROR.WebSocket connection error getscreen.me/signal/agent..06:32:24.523.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:32:26.556.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260625.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.930778906995889
                                          Encrypted:false
                                          SSDEEP:6:4jiXIX+WgIJU2NCUMgf1eud2M0CCQP5K0CpaDNBQEQ4:VoNCiN3Qj8P40Ow5T
                                          MD5:CDE1884C18CA8AEA4C0120AA9E641C96
                                          SHA1:4C7E09D37805BC79EF0DC3F198E63FB6CFE4FC75
                                          SHA-256:DA007258D24B2E1307CD5E8C44197E26A36911537828EEEAB694A700CDB007E1
                                          SHA-512:EAFF236D45E646F1A364B1807AEF953DEBF2B4A2C22B1501AF49C1E6ADD1BBA20146603B8485D2EBB7158CE8336825148DB9F1C9E996F8D5505DD059D2078D6A
                                          Malicious:false
                                          Preview:09:46:55.321.INFO.Signaling force websocket stop..09:46:59.434.ERROR.Socket unable to read..09:46:59.444.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:46:59.444.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260627.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.755868332477252
                                          Encrypted:false
                                          SSDEEP:6:A8rWs2XIX+WgIJUUaBc2XIXNLD4EQ/an2dzvRWl8Rvvn:A8rWXKec2Ch/2tvvn
                                          MD5:2BC7B53CBA79C5B823FFB1210D071D39
                                          SHA1:4EE260BE7D23C86FCE45B883F369D19069CD7161
                                          SHA-256:F506B0A594E61DD896167ADC81939C8097BBCA02C47B9F0B2ABB6E910A66D007
                                          SHA-512:6210C29988CC0BCD32BEDB67971A1017D4D086FFAD91FCB744730E29CF877D97DA483BEA6607B380927B448ACDCF97339B9F3723FD70F10B461174B50A9ADD48
                                          Malicious:false
                                          Preview:13:01:33.555.INFO.Signaling force websocket stop..13:02:17.416.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:02:21.914.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260629.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):4.949368065281002
                                          Encrypted:false
                                          SSDEEP:6:KJV4rWs2XIX+WgIJUUFRSyaHM8RniEud2M0CCQP5K0ClRniADNBQEQmdf9n2XIXO:VaXK+j7iRQj8P40Wiq5RqChAtvvn
                                          MD5:B5C6DD1A12AEEA87A6039A9D3C538537
                                          SHA1:D05A93EA18802BF9316DA81AB9839B67D610B98F
                                          SHA-256:A193FBCB1676F9EA50FE78E1851A9B168669559F15133617E2CBBF78C2E2E691
                                          SHA-512:E64A1F3DA44100693FDCACD20E9B70B47EBD05AA462B5748F271FF54CC5ACBECBDA30DBD1A7089F39EB6C9BABF70BDC802985619B09E8AD062A37FC22C53E97C
                                          Malicious:false
                                          Preview:16:17:00.375.INFO.Signaling force websocket stop..16:17:04.567.ERROR.Socket unable to read..16:17:04.607.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:17:04.607.ERROR.WebSocket connection error getscreen.me/signal/agent..16:18:14.557.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:19:19.079.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260701.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.970311391437731
                                          Encrypted:false
                                          SSDEEP:6:PBXIX+WgIJUUHGcsbMIAcyud2M0CCQP5K0CnAc2DNBQEQ4:pK4ccjQj8P40PcU5T
                                          MD5:10827076A7733AB2EDF685CE956E5670
                                          SHA1:859CDD045E33CDA5D1479DA5E02682EA4B76992A
                                          SHA-256:533C856BE018AC3E712D57972EDD6890CF47CFA4D95FDDAEF77855FA4939DB52
                                          SHA-512:B21575988E0D8F43B1B9B31C214ADAD7C00EBBF1C665EBC76F1B31B437AAD250E2685A1EC26C25C83B471146731CB225DA6618BA1226681FDD2123DB7A6DC0AD
                                          Malicious:false
                                          Preview:19:34:42.150.INFO.Signaling force websocket stop..19:34:45.829.ERROR.Socket unable to read..19:34:45.849.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:34:45.849.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260704.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1693
                                          Entropy (8bit):4.9992677141651285
                                          Encrypted:false
                                          SSDEEP:24:muGEtvO1DASbS2E/GGtvIwmgDAlPbbOG62tvl1w6DAotb6Gntvv:WkwDvbS9+qjmgD+Pbr6aXw6Dbtb7t3
                                          MD5:45D6FAEB8843CCE5F2FA0B77CF6AAD6D
                                          SHA1:AD7860AD3FD2C55B0BAF152A3BEAFB2E00B99208
                                          SHA-256:B9D273E8BB8A639DF6F64613BD3C712546E7B197ADD295BAE5D5A6F567E2F519
                                          SHA-512:EB2FE025DBA51D4004BEC3CBFE9A53D48BC77E3C2F2F772B48B47C99CDBB18204607819517FE8022F66DB0347BAB2D7ED800017D90ACB6FA50055019D952ACF1
                                          Malicious:false
                                          Preview:22:49:34.033.INFO.Signaling force websocket stop..22:51:07.753.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:51:14.448.INFO.Socket connected to getscreen.me:443..22:53:32.007.INFO.Signaling force websocket stop..22:53:32.198.ERROR.Socket unable to read..22:53:32.198.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:53:32.198.ERROR.WebSocket connection error getscreen.me/signal/agent..22:55:57.766.INFO.Signaling force websocket stop..22:56:05.811.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:57:13.447.INFO.Socket connected to getscreen.me:443..22:58:19.863.INFO.Signaling force websocket stop..22:58:20.695.ERROR.Socket unable to read..22:58:20.715.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:58:20.715.ERROR.WebSocket connection err

                                          C:\ProgramData\Getscreen.me\logs\20260706.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):770
                                          Entropy (8bit):4.94627082183761
                                          Encrypted:false
                                          SSDEEP:12:gArIhIoBQj8P40xQ95pzCha6tvv9CCuXrSq+SqsQj8P40xaqt5T:PADAPhGttvlGRDAyT
                                          MD5:1E4466868D69842AB939C115641E55E9
                                          SHA1:588604948645CF46C8625A3DE01ECF0B4943EA68
                                          SHA-256:052934EFE24473DEF507DD95F698D923E7101353D80409E3F82179D1BDB69C45
                                          SHA-512:DCA50A31F70C9CC7F4CD30D8A5BFAD3654E80E50EA9916DDA7D6877140E1F2300525D6B32FA5720DCA3814066D98CC7D12CD6BEBC9F34AA3ABA3974B59ED14DC
                                          Malicious:false
                                          Preview:02:22:45.952.INFO.Signaling force websocket stop..02:22:50.026.ERROR.Socket unable to read..02:22:50.030.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:22:50.034.ERROR.WebSocket connection error getscreen.me/signal/agent..02:25:11.181.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:25:11.623.INFO.Socket connected to getscreen.me:443..02:27:24.878.INFO.Signaling force websocket stop..02:27:25.890.ERROR.Socket unable to read..02:27:25.890.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:27:25.890.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260708.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8466
                                          Entropy (8bit):4.975609834381769
                                          Encrypted:false
                                          SSDEEP:192:7aTSnK5CMsdROgmASVY+k1DkOCKfu1BRe3IqoJkwv1CCHmi:L1P6h
                                          MD5:F706F023AF6F456C35A495E5C7CABBE1
                                          SHA1:6B2EB5FF798513E71E3C5489EFAC24B22C49B5BA
                                          SHA-256:E136D1D67484EFC51DEE84047D433262875C06588EBD72A70DA8FAB0B8F28C07
                                          SHA-512:44B6A14FCAAFD9F6F8829B49184DC57831DDA9A54CA225219C7B003618B63F59E2250E022667882FF745D51CC9349664D941A7351B3E16AED47925B7A38E0F37
                                          Malicious:false
                                          Preview:05:42:29.349.INFO.Signaling force websocket stop..05:42:32.195.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:42:36.242.INFO.Socket connected to getscreen.me:443..05:45:34.929.INFO.Signaling force websocket stop..05:45:35.150.ERROR.Socket unable to read..05:45:35.150.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:45:35.150.ERROR.WebSocket connection error getscreen.me/signal/agent..05:47:14.300.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:47:34.930.INFO.Socket connected to getscreen.me:443..05:49:38.891.INFO.Signaling force websocket stop..05:49:40.004.ERROR.Socket unable to read..05:49:40.365.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:49:40.366.ERROR.WebSocket connection error getscreen.me/signal/agent..05:51:31.141.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260710.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.686033716352762
                                          Encrypted:false
                                          SSDEEP:3:MfbkEs2XINF+WgIO0/Vyn:MT5s2XIX+WgIJUn
                                          MD5:066F57B14367684AF1F1645D6C5E0D90
                                          SHA1:CB14B2DE25F6F50E22CAAA8B49E2AB38327890CB
                                          SHA-256:E7F5DC8C2557D93BE804E73A275BDBAB9D3912FEE26B8029DC6BD5348D4E567E
                                          SHA-512:47F16FEA0E6BC882C364A8BF761F4DB165A9D9544A238A837313060B2F3F61122142C5897E01E923A043FDCD3EE77A24D9595B93B731F29CFF1EEA1BB4A85CC7
                                          Malicious:false
                                          Preview:10:10:30.575.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260712.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51
                                          Entropy (8bit):4.313911371086315
                                          Encrypted:false
                                          SSDEEP:3:PBU38XKZA12n:ZHMB
                                          MD5:AB596393C18F7E8604355ECA6D71C7BD
                                          SHA1:4E0BF2336E43E92B31064B4D7C66C71031BD1F8A
                                          SHA-256:FB93701C62D4106447AFAC5290321803DA27DB0854C13332A5ECA38AE7262081
                                          SHA-512:66408DCC89B6A28546BB164C392987693D1AAC0E519175BF1BA8CD8FC1B04847E2662B282DB29628BC12F15488E46199268D89BC3073CAFBCEF41D5D47A6A3DE
                                          Malicious:false
                                          Preview:13:25:05.045.ERROR.Socket unable to read..

                                          C:\ProgramData\Getscreen.me\logs\20260714.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.892968947769632
                                          Encrypted:false
                                          SSDEEP:3:Kf7hOiX+//KKX76VyITHiC1uPLRyOML0HiUy3AAUOg1MGXAELD8KruA:K/ud2M0CCQP5K0CUkADNBQEQ4
                                          MD5:840C7D094F782DC289BEE9536332B267
                                          SHA1:E2D045DF4A394ACA8F2DFED90263F117BA215FE7
                                          SHA-256:7C068658319AC3F313AE9DDFACEAF90F26CE2DE380E98D3550381AE6D12C3358
                                          SHA-512:0AA2E47B3A018313EC72CFD2F1C2E2AC2917EF0A82AA5045FFC0C140CF29E81DED1AF362139C3AF77848B522B0D086A6CAA1D981CD5BDF94C98E55ED61B12C9A
                                          Malicious:false
                                          Preview:16:39:37.126.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:40:01.869.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260716.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1178
                                          Entropy (8bit):4.992154649498397
                                          Encrypted:false
                                          SSDEEP:24:ErmGAtvNQQDAgB2G+n2tvIiRsWCDAgnbV+RlG+7tvv:ifw2QD1Bv+nagK4DpnbV+I+R3
                                          MD5:F54BE1A05C78A1C758062A248FFFF6A7
                                          SHA1:DA17D5A3DDF02FB37C2AE3AD93AC4CDAACFFEA8E
                                          SHA-256:E5BB1B2A48026AEE3E7BE0E43AD38086669C517AFC560F3178CD56EC91139959
                                          SHA-512:AD9A4F09D2FFDEA28E5DD24ACD4DDBCC51419723367B98D31259DF9C2D085715D67B6E39CD0CEFDF1CD6DC3F545DE00CBFAF5962D3E25B183DE05180C9E64C20
                                          Malicious:false
                                          Preview:19:55:38.533.INFO.Signaling force websocket stop..19:55:49.968.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:56:00.725.INFO.Socket connected to getscreen.me:443..19:58:14.531.INFO.Signaling force websocket stop..19:58:14.852.ERROR.Socket unable to read..19:58:14.872.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:58:14.872.ERROR.WebSocket connection error getscreen.me/signal/agent..19:59:45.036.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:00:47.296.INFO.Socket connected to getscreen.me:443..20:01:58.854.INFO.Signaling force websocket stop..20:01:59.225.ERROR.Socket unable to read..20:01:59.646.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:01:59.646.ERROR.WebSocket connection error getscreen.me/signal/agent..20:04:25.098.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260719.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.989725331547078
                                          Encrypted:false
                                          SSDEEP:6:HRXIX+WgIJUGNfQUkNMANfQUkNud2M0CCQP5K0C1fQUkJDNBQEQ4:HRYNfQjRNfQjgQj8P40OfQjZ5T
                                          MD5:B8ED55481178CA8EEB79E7933FD525DD
                                          SHA1:2755EA893A087CEAD22FDD9501EB486F910511C1
                                          SHA-256:93CF4A62B6900F67CA07FA775C6EFF89A568D4E56FF88F966DA5B887FFEFF309
                                          SHA-512:82FCA744FE97A84F755B05DD8A67A1BD0D89C8156F38D87D1E41BDC87488D6A736910714BF26D480885E5EED397B6BF55C9C81DF652D911143681F43647B0F54
                                          Malicious:false
                                          Preview:23:19:47.632.INFO.Signaling force websocket stop..23:19:51.569.ERROR.Socket unable to read..23:19:51.569.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:19:51.569.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260721.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):571
                                          Entropy (8bit):5.0007971094459895
                                          Encrypted:false
                                          SSDEEP:6:0T/jXIX+WgIJUeDHX2XIXNLD4EQLEKdzvRWl8Rvv9aXXIX+WgIJULcHMNud2M0C6:am32ChaNtvv92SQj8P40x95pKs25
                                          MD5:499FD5E69CB5CE80F78186DF0FB283C3
                                          SHA1:51D070C70EC2DEC7429705CE4D546A78C5108165
                                          SHA-256:DB9966C86AEEBFD6342ECF2540CBA6A8246ABC53FDD4083A1DCDF0E6BC49A644
                                          SHA-512:A3AEDF9879D5082AEE2111E71A657494462BDF6374EFD43B7C963C381FD22C14C9FEC38C94538BA1925E8C76DFE7B447A16B00472D70270324387E385CE965DA
                                          Malicious:false
                                          Preview:02:36:21.880.INFO.Signaling force websocket stop..02:36:25.986.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:36:31.710.INFO.Socket connected to getscreen.me:443..02:38:39.663.INFO.Signaling force websocket stop..02:38:39.933.ERROR.Socket unable to read..02:38:39.954.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:38:39.954.ERROR.WebSocket connection error getscreen.me/signal/agent..02:41:05.378.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260723.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):139
                                          Entropy (8bit):4.715357259118704
                                          Encrypted:false
                                          SSDEEP:3:0l7crWXXINF+WgIO0/VyVQKRHqs2XINFDhL1JDEELD8Kru5:0l73XXIX+WgIJU6KRHX2XIXNLD4EQh
                                          MD5:CF3E6C8869AD18756E8FFC519C49F587
                                          SHA1:9C00E3F5BF7E634566CB0F2E86F446DEF5B7B7ED
                                          SHA-256:0719C9A7AB39846737D857139BB551F801870E0BA346BCE013A7053EDD421029
                                          SHA-512:071CDA4D1474AB70BD8AC54C290D8E9AD84E9F463D83FBA40FBF44A1BAB9D7C952970B0F2005FB652CC5FA0A7EA1A010212D4D5735CB6D02E2327A33AC30EF5B
                                          Malicious:false
                                          Preview:05:55:44.061.INFO.Signaling force websocket stop..05:55:47.644.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                          C:\ProgramData\Getscreen.me\logs\20260725.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):860
                                          Entropy (8bit):4.974506182565878
                                          Encrypted:false
                                          SSDEEP:12:xo0ov12obouHmohQFitvvaRroZtZIQj8P40eR58kobChJOf4qXtvvn:xFh+oZ8tvKXDAV8kSGsXtvv
                                          MD5:23EC934D29F67BC48EA8C601F32E8C92
                                          SHA1:09FF818CC3636B4C098C52EFF161A241D1BCA424
                                          SHA-256:5092F1E834E40D0A7EEA2C014A1E406AC20B8D872787990C94F7FF933FA80133
                                          SHA-512:308E70EBBD498600432D36E40FB4BD0286BB6B3061F29E9460C5882D0BB8D167D58EBC2A6FF7B00D878A1BBCE47CB0AEFF35F08E08D9C1F1A77B439CBEB53A07
                                          Malicious:false
                                          Preview:09:12:00.551.INFO.Signaling force websocket stop..09:14:31.065.INFO.Signaling force websocket stop..09:16:44.984.INFO.Signaling force websocket stop..09:19:10.499.INFO.Signaling force websocket stop..09:21:35.721.INFO.Signaling force websocket stop..09:22:45.468.INFO.Socket connected to getscreen.me:443..09:24:00.762.INFO.Signaling force websocket stop..09:24:01.053.ERROR.Socket unable to read..09:24:01.053.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:24:01.053.ERROR.WebSocket connection error getscreen.me/signal/agent..09:26:25.953.INFO.Signaling force websocket stop..09:26:40.285.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:26:48.167.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260727.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):826
                                          Entropy (8bit):4.996659480120709
                                          Encrypted:false
                                          SSDEEP:12:kqIXK618Qj8P40RyU5exKX25iChJSn+tvvrA9mK6b+b6Qj8P4025T:RIX718DAeyAexgGiGJS+tvymlDAjT
                                          MD5:B45ACA9F82D5CF4C0A4163E204F83D92
                                          SHA1:200BE5C307C0705882F0A4904749A7A9047335CF
                                          SHA-256:FE2DA4DD6287F2DA9DDD6782E2AFB0186D3036378AB0895092A6226DCFCEDA94
                                          SHA-512:D26B008351D7365D109D1B1E1E61BC91F434ED09948F2A54FECBDFCF590DA2D8EF7735564361FFDCA8CEFA21079291288D016A406F2E170D90B7E96313F5CC84
                                          Malicious:false
                                          Preview:12:41:45.267.INFO.Signaling force websocket stop..12:41:49.892.ERROR.Socket unable to read..12:41:49.912.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:41:49.932.ERROR.WebSocket connection error getscreen.me/signal/agent..12:44:15.465.INFO.Signaling force websocket stop..12:44:29.981.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:44:30.659.INFO.Socket connected to getscreen.me:443..12:46:43.009.INFO.Signaling force websocket stop..12:46:43.120.ERROR.Socket unable to read..12:46:43.120.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:46:45.370.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260729.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.743582854895505
                                          Encrypted:false
                                          SSDEEP:6:KVSs2XIX+WgIJUU2AXIXNLD4EQZXdzvRWl8Rvvn:c2KxCh2tvvn
                                          MD5:FFE4D58A5DEBB09974EAA0EAE774BF4A
                                          SHA1:1398E96AC11DDD640A036404DB418CDE97B7E706
                                          SHA-256:C1E37E2A09A9AE11A308AF14AA3D8ABF1580E3F0D201DD1B486411AB4B2CE17C
                                          SHA-512:3FE75EDE21F42E7F72A904EDFBC1295AF4978549EF837C8D909FB05DC729F944AF66D7C589D2C1D3A83FE9AE64FE410F7A24E44F76855EEBEF968C197334F7E2
                                          Malicious:false
                                          Preview:16:02:02.684.INFO.Signaling force websocket stop..16:02:06.522.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:02:08.088.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260731.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.91749365630788
                                          Encrypted:false
                                          SSDEEP:6:O0zN2XIX+WgIJUUIHMpxUud2M0CCQP5K0CoxQDNBQEQ4:OsQKHBQj8P40N65T
                                          MD5:3D1A6E33C70AEBB1DAEDCF9E64D780BE
                                          SHA1:B61D00F06CD11D5DB8EC8EFCA9BF0606199CBA63
                                          SHA-256:3C6562CB29FE9918DBD171E8BFF13C18DE09B24D0DC75CDBF4B2A94044C6D7A3
                                          SHA-512:B405D367796295E8F5FEF5D185E6B93EAA49B5963B467C1EEE5FD4A24424B76D6BCF840516524D200AACF2A95ED01576A180534C46B88580F984D39579ACB8B9
                                          Malicious:false
                                          Preview:19:16:47.110.INFO.Signaling force websocket stop..19:16:50.481.ERROR.Socket unable to read..19:16:50.501.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:16:50.501.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260802.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.714376207738477
                                          Encrypted:false
                                          SSDEEP:6:pXIX+WgIJUPcas2XIXNLD4EQh8Qns2dzvRWl8Rvvn:pFHChwtvvn
                                          MD5:DCDFB0FED9E3E2CF09B95983AF7EAA7C
                                          SHA1:450D0F5758522E494CC8D39D8B531BDEC5E507BF
                                          SHA-256:EA2D5E3D1E9F515E92980585799C5EF20232F94DFCCC8E27C43E5F120B010E3A
                                          SHA-512:8715DF01A589E4DA22AF69435DD00FBA240892D85A3E5953578E401B3ECBBEF6DEC69B7E7681693A105DC26B4AE086EEE3CBC5ADCADDAE68BAB83CADE78217C0
                                          Malicious:false
                                          Preview:22:32:59.442.INFO.Signaling force websocket stop..22:33:02.797.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:33:05.297.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260805.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1229
                                          Entropy (8bit):4.983769277002819
                                          Encrypted:false
                                          SSDEEP:24:V2aezDAekVQG4tvW61gDArPkS2Gmitv8KDANT:VhGD/kVtYr1gDwPkSvmG9DwT
                                          MD5:A897796E321A94AD0154753B549EAA80
                                          SHA1:1EF6B0DF65AB23322C6658D5B1A9A2366C829EAA
                                          SHA-256:5A28C0470C2E577A72751E7398B40CE7D343DFD540B32CF1ECC62A803BA832BA
                                          SHA-512:7D717FA96FFDD539DFFF8C44DE12A0DA4A45ECAB16116FC9EF1873F3C11E191A879B77F23AFCB7835C16DF73493DAE03DB6E615A73B830F1FAB4C356EBF25730
                                          Malicious:false
                                          Preview:01:47:33.624.INFO.Signaling force websocket stop..01:47:36.565.ERROR.Socket unable to read..01:47:36.565.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:47:36.565.ERROR.WebSocket connection error getscreen.me/signal/agent..01:48:36.942.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:49:38.969.INFO.Socket connected to getscreen.me:443..01:50:48.574.INFO.Signaling force websocket stop..01:51:14.615.ERROR.Socket unable to read..01:51:14.615.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:51:14.615.ERROR.WebSocket connection error getscreen.me/signal/agent..01:52:47.496.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:52:52.397.INFO.Socket connected to getscreen.me:443..01:55:10.925.INFO.Signaling force websocket stop..01:55:11.145.ERROR.Socket

                                          C:\ProgramData\Getscreen.me\logs\20260807.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1852
                                          Entropy (8bit):4.991885311807904
                                          Encrypted:false
                                          SSDEEP:48:krjXbWDa8Rj4oDM2xNXoDUjv8GJ1PDxxb6u:krnF8dy2TxT8GJ1PDxVT
                                          MD5:CE01A3BBFB95C173F3542E2B1FD821A6
                                          SHA1:D6EE9609EE123356416C1861A6AC8CF97FBE8E20
                                          SHA-256:7859E1CF429871A4CB80BA1ED28BEA10EEDA30B6A436C1DEFAD69D9C85040E13
                                          SHA-512:0DF6470802F786456FE1C5E359EA315BCC7A42EBA024F5C6505F729935A1EAE569D0A5489657701060282CB7155D0743E9C803D9DA15CCBF3F8C93F3406F9F94
                                          Malicious:false
                                          Preview:05:11:44.017.INFO.Signaling force websocket stop..05:11:49.043.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:11:57.117.INFO.Socket connected to getscreen.me:443..05:14:14.223.INFO.Signaling force websocket stop..05:14:14.524.ERROR.Socket unable to read..05:14:14.564.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:14:14.564.ERROR.WebSocket connection error getscreen.me/signal/agent..05:15:24.417.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:15:24.643.INFO.Socket connected to getscreen.me:443..05:17:48.849.INFO.Signaling force websocket stop..05:17:50.152.ERROR.Socket unable to read..05:17:50.663.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:17:50.673.ERROR.WebSocket connection error getscreen.me/signal/agent..05:20:07.111.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260809.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.721748002067049
                                          Encrypted:false
                                          SSDEEP:3:IRfVMFr2XINF+WgIO0/Vyn:IR9M12XIX+WgIJUn
                                          MD5:FBB2AEE7FD893E6C48DAC7FA124B3846
                                          SHA1:B98E9EBA935E28AF0C711A2F6B1BC8F0ED682676
                                          SHA-256:A60D0F0B1F67C12E382FD88DCD00F5BB82B2ECF09823609318D36628C4815823
                                          SHA-512:F47FCA51A3DE468C6C99DACC1F8CC40FF36364C650529631697ED0D483A61BC366597AFC61F305167ABD71900B2B0E4F9AB75DD8B82CCA39F1CDA58092849451
                                          Malicious:false
                                          Preview:08:54:05.956.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260811.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):392
                                          Entropy (8bit):4.81223659540567
                                          Encrypted:false
                                          SSDEEP:6:O9m2XIX+WgIJUUs6X0XIX+WgIJUUs9Kr2XIX+WgIJUUsvZjmXIX+WgIJUUcmXIXp:gFKs6EKsEr2KsvwKcmKOlKUNn25
                                          MD5:71FABAC7900CF280ADF7C67AB4599438
                                          SHA1:55269B257115F123A18AA4901C1A32B5B56F637C
                                          SHA-256:F1FCDFC453AECAD05735ED7DF7A798A91F7D6D580B534CBB4C2B955F46D397B5
                                          SHA-512:AF9AE851BD0328A8D5877E104276E7240530CE7D980058D83CD26451CE696C9F90200DFCB6D8DFD46464BCEDC87780EE2DB98D3347CA5BBF7B38EF38F189EC4B
                                          Malicious:false
                                          Preview:12:09:49.852.INFO.Signaling force websocket stop..12:13:22.998.INFO.Signaling force websocket stop..12:15:48.484.INFO.Signaling force websocket stop..12:18:13.822.INFO.Signaling force websocket stop..12:20:39.328.INFO.Signaling force websocket stop..12:23:04.669.INFO.Signaling force websocket stop..12:25:29.876.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260813.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.686033716352762
                                          Encrypted:false
                                          SSDEEP:3:JKMgQWsXXINF+WgIO0/Vyn:TTXIX+WgIJUn
                                          MD5:9E202CFEF60304F7660BAEA57A9DEB04
                                          SHA1:E6DECCA9A2CFFCE348B9D1EDA59D613F3ADC04AC
                                          SHA-256:4ECF95DAA2459241C35E89C95BA50BF02903601CBAFB09B4B0B47DE3E51F39B0
                                          SHA-512:20F2614A30ECA7BC1C84A649D81A3F0AFC9CD6327167FAFF206D4D68E519944CF98018B4099629DFE956CDB4C48AA495DA6B899B420851A8B135C6FC4E62C405
                                          Malicious:false
                                          Preview:15:41:47.153.INFO.Signaling force websocket stop..

                                          C:\ProgramData\Getscreen.me\logs\20260815.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2013
                                          Entropy (8bit):4.987581868359927
                                          Encrypted:false
                                          SSDEEP:24:EU2DVitvvmIeRDA7CUGGtv6oyQ8DAXz6G+tvWZ3DADwGlQQtvWVuXtDAYRmGlJt3:EA34DTJqwFDm7SehDuNeAeVudDJ5x3
                                          MD5:6D8E99C762318A795A1A666E65F278B3
                                          SHA1:914BE4473A1C0A4867EAABBB855835C990B19D8C
                                          SHA-256:4B74C300A996C873C505761DE123BFEBC646CD207AFE45A491F7F831F3FF687F
                                          SHA-512:0A36E92B267836F3566B6C5B1B957838C19170E0BD8A2D0C33AB38CE8C3985F35AB5EDE287120B7FCAA4CDD10CBDC1522A2210FD7D38BE5186261264C97B9DD3
                                          Malicious:false
                                          Preview:18:58:26.279.INFO.Signaling force websocket stop..19:00:59.045.INFO.Signaling force websocket stop..19:02:37.569.INFO.Socket connected to getscreen.me:443..19:03:24.009.INFO.Signaling force websocket stop..19:03:24.044.ERROR.Socket unable to read..19:03:24.044.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:03:24.044.ERROR.WebSocket connection error getscreen.me/signal/agent..19:05:37.117.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:05:39.385.INFO.Socket connected to getscreen.me:443..19:08:02.750.INFO.Signaling force websocket stop..19:08:02.800.ERROR.Socket unable to read..19:08:03.391.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:08:03.391.ERROR.WebSocket connection error getscreen.me/signal/agent..19:08:42.497.INFO.Signaling start connection to

                                          C:\ProgramData\Getscreen.me\logs\20260817.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.905481638789108
                                          Encrypted:false
                                          SSDEEP:6:nRaXXIX+WgIJUIB3EMaB3Eud2M0CCQP5K0C+oB3ADNBQEQ4:RaXuURQj8P40sq5T
                                          MD5:199A97B7D19C32CC3E6F0E468F6C8D9A
                                          SHA1:DD59084D4C811AEC2165C2A6E7FBA66BAA66BBCB
                                          SHA-256:450CC8459D8822290D13B590519626CAF07967BAA6446D5AC303AF4FCB6242F1
                                          SHA-512:849083F61956FD7A74576C252622A50A26E1DEFF381A91E9ABCB8C2903EF4573B7C86064611400B411C3582C608625A86300A56854CD6FB2F6C78C9D6BB23F83
                                          Malicious:false
                                          Preview:22:32:40.339.INFO.Signaling force websocket stop..22:32:51.523.ERROR.Socket unable to read..22:32:51.523.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:32:51.523.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260820.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3840
                                          Entropy (8bit):4.981181781994851
                                          Encrypted:false
                                          SSDEEP:48:h5EuD2kovZTGEyHpgDYPkWnDD9yg07PN9DxZ21N2kyCDY16tNMDgd0Nq+CODF5a5:XAkovZTykWlipZ2akyZ161dgC45aRT
                                          MD5:731A43461A6ACF8066B91E0DC85042CC
                                          SHA1:BE06521A127D9EA5951AE3EA8ED5814A93537F32
                                          SHA-256:008DFCE1BD57BD2F953CFBFE0DB3D2A3E6198EDD275E22E86D17AD32D940E6DD
                                          SHA-512:96B206DDCDE75EBE11B06AF4D41DA177CBA0C0CC1AB17D295142384F8B0585A9C5D6F3F4B1D807C41F3C87FF9FE86ED2A49F91CC1D56DD98B3A45E98A3535BF6
                                          Malicious:false
                                          Preview:01:47:48.053.INFO.Signaling force websocket stop..01:48:29.490.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:48:29.942.INFO.Socket connected to getscreen.me:443..01:50:53.570.INFO.Signaling force websocket stop..01:50:53.620.ERROR.Socket unable to read..01:50:53.660.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:50:53.660.ERROR.WebSocket connection error getscreen.me/signal/agent..01:52:40.031.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:53:44.109.INFO.Socket connected to getscreen.me:443..01:54:53.556.INFO.Signaling force websocket stop..01:54:55.060.ERROR.Socket unable to read..01:54:55.411.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:54:55.411.ERROR.WebSocket connection error getscreen.me/signal/agent..01:56:56.298.INFO.Signalin

                                          C:\ProgramData\Getscreen.me\logs\20260822.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.775476175614507
                                          Encrypted:false
                                          SSDEEP:6:0zaXXIX+WgIJU68diX2XIXNLD4EQ5dzvRWl8Rvvn:hk8bChitvvn
                                          MD5:857BD4761DD701A24014A56E1E2FEB7B
                                          SHA1:72D437F59FF83E9EF2D7539E9C7A3682AA450414
                                          SHA-256:69DAE6BF175B8BF777482685CF33B99562702C89D8F95581B86BD2282DB9B24C
                                          SHA-512:FAA2975A954CCFDFBCD71761035DC4625EEB8379460CD56D79524C6581F95EF14773A71D587E141A9F617999B3CE2056C0512F500AAF78C3389315C39DFFD1FC
                                          Malicious:false
                                          Preview:05:40:02.208.INFO.Signaling force websocket stop..05:41:08.027.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:41:14.969.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\logs\20260824.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):311
                                          Entropy (8bit):4.969684696034269
                                          Encrypted:false
                                          SSDEEP:6:ITKAXIX+WgIJUrM0kud2M0CCQP5K0CKKgDNBQEQ4:IRTQj8P40Z5T
                                          MD5:BDBD7BF7C0E3B4335B9663ABC5A058B0
                                          SHA1:7D10F3C5BD96AC5B51C3C6C79013F27339AEF45E
                                          SHA-256:D8DBA20942DC68A11844D62552A20DF664A26FF2AAF1692E82C6B12E1FDB1A38
                                          SHA-512:2879976B7D71B4ED85A12563E26C0E7B4AD8450909FDE0F32E27B87511C1D6C0C71A4AA1AA7EB12A2EDC458FA14D759377074012BC6A8FBDA434364EEFB31312
                                          Malicious:false
                                          Preview:08:56:20.502.INFO.Signaling force websocket stop..08:56:24.473.ERROR.Socket unable to read..08:56:24.493.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:56:24.493.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260826.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):515
                                          Entropy (8bit):4.960678934455483
                                          Encrypted:false
                                          SSDEEP:6:OiR2XIX+WgIJUUs+iYjmXIXNLD4EQa2dzvRWl8RvvhsKjmXIX+WgIJUUsoMjoud0:92KsvYiCh/2tvv64mKspNQj8P40s5T
                                          MD5:550427E0843DD60E7A61965F24BC8343
                                          SHA1:A0DDE8F8887F112F418CAF665CFA7A6A64853F73
                                          SHA-256:1831EB5871F19D11E3466799870AA95F40A27F063FFC761881D516C678BFD71E
                                          SHA-512:7FA40419F1030C1AF09B444CB8F311403CB2BA51ABAEBABFDB28482775937018610F3C41B642BA91E16C530A929DAF0C6AD49D79316C692BB4E1161D1688BCB9
                                          Malicious:false
                                          Preview:12:11:01.996.INFO.Signaling force websocket stop..12:12:45.343.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:12:50.752.INFO.Socket connected to getscreen.me:443..12:15:16.200.INFO.Signaling force websocket stop..12:15:16.431.ERROR.Socket unable to read..12:15:16.431.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:15:16.431.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                          C:\ProgramData\Getscreen.me\logs\20260828.log

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):204
                                          Entropy (8bit):4.787193624269229
                                          Encrypted:false
                                          SSDEEP:6:aLccWXXIX+WgIJUUs2XIXNLD4EQP2dzvRWl8Rvvn:ifWXKXChm2tvvn
                                          MD5:F0E6D787520524381BAC7BAC0D8B3E6E
                                          SHA1:14EE19F66C0A88CDE70087AEB326BF4098EC08FE
                                          SHA-256:CF56D1B636F60A9EC34283C05273E03DDC727817CA13BEABBAF536F0A6F10ECE
                                          SHA-512:EA2E724D17F5C97FD9F124ACBCBA52027F988D065850B56621FB8108F62AD84A18AAA99C657B3B6951407D5BBE07BCD851476BEDD9F1A3A060CA5981F56A0CE3
                                          Malicious:false
                                          Preview:15:30:07.991.INFO.Signaling force websocket stop..15:31:07.487.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:31:08.606.INFO.Socket connected to getscreen.me:443..

                                          C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):16777512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:8CCA8765BA082ECC53E001B1D237A8EE
                                          SHA1:DE616FFC2282B6E4D6D2EC1524DCBE2CD8F270F7
                                          SHA-256:46D9D79B8BE089ABF16344F1E491613D6710B051EC184A69AC183C349BD71746
                                          SHA-512:9D884A535930529684E88DDB3AEA26964A5CA984CC07DE6EFE2BFDA6CA5F5D437C521E61ACED07E9379A8337BB1892F13CA67592D8E1E6673CCDBBD89E17DE40
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Getscreen.me\folder\settings.dat

                                          Download File
                                          Process:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):64
                                          Entropy (8bit):5.90625
                                          Encrypted:false
                                          SSDEEP:3:Bvx9K2IIPhyzIOMpFl8g:9K2buROFz
                                          MD5:F7854A8495715DB4F9B585FF23D2EA20
                                          SHA1:516F0ADD65F1D9E9B95E4ABD58321962A3F6B615
                                          SHA-256:6B6987BCFA09EC76D9D767298F31C4451EA0A107FE89743B261C8E3358A5AEC5
                                          SHA-512:8F206585AE2C55A9792C6EA7633E0FC6A6FBEEA717AEBD756A43B1CA809715E2ED8D98C90D31A21438B3DC6C1856653D133D7EB737202C5C3EDFB023EC1C29EA
                                          Malicious:false
                                          Preview:...J.+.q....:.O..@.G.o.-....W.....,.6.<.....2.8UO..u.C/.A{;

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                          Entropy (8bit):7.931175512125937
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.66%
                                          • UPX compressed Win32 Executable (30571/9) 0.30%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:getscreen-156413884-x86.exe
                                          File size:3'654'440 bytes
                                          MD5:2e9de68641b502474e5ba330fe5396bb
                                          SHA1:a7a07fcc8643fec59e4684aaa66c64c3232e693f
                                          SHA256:f942c4a0313d288bf7a48aa6438ddcec9fbcccd0e8c0107b61b233a0a823731a
                                          SHA512:b5f460ee55c415c5238d500c454f3a9aae5adfc9763573fa84c9694f4145ad69515fddd46a819aff5b5762e3dba39888b1ba675ebe2771009a7aca24ad4a7deb
                                          SSDEEP:98304:w2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5Nb:w2ez4o0OmyVnvKLH
                                          TLSH:B50633E1ED6939A1D33D5CB8111B56BD73FAA03658FE23C78A1D9B219E347028F52113
                                          File Content Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD...D)(AD..EE5(AD9WEE.(AD-(AD./ADfPFE,(AD..BE3(AD..DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(A

                                          File Icon

                                          Icon Hash:418c6963696c9643

                                          Static PE Info

                                          General

                                          Entrypoint:0x1b529e0
                                          Entrypoint Section:UPX1
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x66912FD6 [Fri Jul 12 13:29:58 2024 UTC]
                                          TLS Callbacks:0x1b52bd3
                                          CLR (.Net) Version:
                                          OS Version Major:6
                                          OS Version Minor:0
                                          File Version Major:6
                                          File Version Minor:0
                                          Subsystem Version Major:6
                                          Subsystem Version Minor:0
                                          Import Hash:26c6aff4250b45d1c4ee6d86013ea70c

                                          Authenticode Signature

                                          Signature Valid:true
                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                          Signature Validation Error:The operation completed successfully
                                          Error Number:0
                                          Not Before, Not After
                                          • 28/05/2024 14:50:28 28/06/2026 15:36:10
                                          Subject Chain
                                          • CN=POINT B LTD, O=POINT B LTD, L=Limassol, S=Limassol, C=CY, OID.1.3.6.1.4.1.311.60.2.1.3=CY, SERIALNUMBER=HE 430957, OID.2.5.4.15=Private Organization
                                          Version:3
                                          Thumbprint MD5:9B083870477F4699693EEECABF351BF8
                                          Thumbprint SHA-1:B3C999E29AED18DEA59733F3CAA94E788B1AC3A1
                                          Thumbprint SHA-256:3E73B7C28C18DC6A03B9816F200365F1DF1FF80A7BD0D55DB920F1B24BBD74E7
                                          Serial:7AE0E9C1CFE2DCE0E21C4327

                                          Entrypoint Preview

                                          Instruction
                                          pushad
                                          mov esi, 017DE000h
                                          lea edi, dword ptr [esi-013DD000h]
                                          push edi
                                          or ebp, FFFFFFFFh
                                          jmp 00007F6C9D14AD82h
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          mov al, byte ptr [esi]
                                          inc esi
                                          mov byte ptr [edi], al
                                          inc edi
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          jc 00007F6C9D14AD5Fh
                                          mov eax, 00000001h
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          adc eax, eax
                                          add ebx, ebx
                                          jnc 00007F6C9D14AD7Dh
                                          jne 00007F6C9D14AD9Ah
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          jc 00007F6C9D14AD91h
                                          dec eax
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          adc eax, eax
                                          jmp 00007F6C9D14AD46h
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          adc ecx, ecx
                                          jmp 00007F6C9D14ADC4h
                                          xor ecx, ecx
                                          sub eax, 03h
                                          jc 00007F6C9D14AD83h
                                          shl eax, 08h
                                          mov al, byte ptr [esi]
                                          inc esi
                                          xor eax, FFFFFFFFh
                                          je 00007F6C9D14ADE7h
                                          sar eax, 1
                                          mov ebp, eax
                                          jmp 00007F6C9D14AD7Dh
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          jc 00007F6C9D14AD3Eh
                                          inc ecx
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          jc 00007F6C9D14AD30h
                                          add ebx, ebx
                                          jne 00007F6C9D14AD79h
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          adc ecx, ecx
                                          add ebx, ebx
                                          jnc 00007F6C9D14AD61h
                                          jne 00007F6C9D14AD7Bh
                                          mov ebx, dword ptr [esi]
                                          sub esi, FFFFFFFCh
                                          adc ebx, ebx
                                          jnc 00007F6C9D14AD56h
                                          add ecx, 02h
                                          cmp ebp, FFFFFB00h
                                          adc ecx, 02h
                                          lea edx, dword ptr [eax+eax]

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x820d900x5500UPX0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1756a500x6c0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x17530000x3a50.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x3794000x2f28UPX0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x17571100x20.rsrc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x1752bf40x18UPX1
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1752c3c0xc0UPX1
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          UPX00x10000x13dd0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          UPX10x13de0000x3750000x374e00a216f7d1a8e4e14b94fdfbca52f7b652unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x17530000x50000x42005871e1397e577651929aa76b50980e16False0.4675662878787879data5.104875966236682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          AFX_DIALOG_LAYOUT0x168ca980x2ASCII text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168caa00x2Non-ISO extended-ASCII text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cb080x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x16d4db00x2ASCII text, with no line terminators5.0
                                          AFX_DIALOG_LAYOUT0x168caa80x2ISO-8859 text, with CR line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cb000x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cb100x2aDOS executable (COM, 0x8C-variant)RussianRussia1.2142857142857142
                                          AFX_DIALOG_LAYOUT0x168cb400x22dataRussianRussia1.2647058823529411
                                          AFX_DIALOG_LAYOUT0x168cb680x22dataRussianRussia1.2647058823529411
                                          AFX_DIALOG_LAYOUT0x168cb900x22dataRussianRussia1.2647058823529411
                                          AFX_DIALOG_LAYOUT0x168cbb80x22dataRussianRussia1.2647058823529411
                                          AFX_DIALOG_LAYOUT0x168cbe00x2adataRussianRussia1.2142857142857142
                                          AFX_DIALOG_LAYOUT0x168cc100x2ASCII text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc280x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc200x2dataRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc180x2ASCII textRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc300x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc380x2ASCII text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc400x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x16d4ff00x2ISO-8859 text, with no line terminatorsEnglishUnited States5.0
                                          AFX_DIALOG_LAYOUT0x168cc480x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc500x2dataRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc580x2dataRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc600x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc680x2dataRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc700x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cab00x42dataRussianRussia1.1666666666666667
                                          AFX_DIALOG_LAYOUT0x168caf80x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                          AFX_DIALOG_LAYOUT0x168cc780x2ISO-8859 text, with no line terminators, with overstrikingRussianRussia5.0
                                          INI0x16d3a180xadataRussianRussia1.8
                                          LANG0x16ace600x1b82dataRussianRussia0.8660891792104516
                                          LANG0x16ae9e80x26fbdataRussianRussia0.950796673013328
                                          LANG0x16b10e80x1e2bdataRussianRussia0.9835556131037162
                                          LANG0x16b2f180x1e5ddataRussianRussia0.9994853981731635
                                          LANG0x16b4d780x1ca1dataRussianRussia0.9953608950743621
                                          LANG0x16b6a200x21fddataRussianRussia0.983794966095851
                                          LANG0x16b8c200x1de4dataRussianRussia0.9225039205436487
                                          LANG0x16baa080x1a50dataRussianRussia0.962143705463183
                                          LANG0x16bc4580x1d25dataRussianRussia0.9987937273823885
                                          LANG0x16be1800x1e03dataRussianRussia0.9980476376415462
                                          LANG0x16e7c380x1ddcdataEnglishUnited States0.9955520669806384
                                          OPUS0x16bff880xa5e5dataRussianRussia0.9886505451034873
                                          OPUS0x16ca5700x94a4dataRussianRussia0.978082623777988
                                          RT_ICON0x168cc800x139dataRussianRussia1.035143769968051
                                          RT_ICON0x168cdc00x1efdataRussianRussia1.0222222222222221
                                          RT_ICON0x168cfb00x225dataRussianRussia1.0200364298724955
                                          RT_ICON0x168d1d80x26bOpenPGP Public KeyRussianRussia1.0177705977382876
                                          RT_ICON0x168d4480x326dataRussianRussia1.0136476426799008
                                          RT_ICON0x168d7700x402dataRussianRussia1.010721247563353
                                          RT_ICON0x17550f00x13bPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedRussianRussia1.034920634920635
                                          RT_ICON0x17552300x1c5PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedRussianRussia1.0242825607064017
                                          RT_ICON0x17553fc0x1eePNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedRussianRussia1.0222672064777327
                                          RT_ICON0x17555f00x253PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedRussianRussia1.0184873949579831
                                          RT_ICON0x17558480x2e7PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedRussianRussia1.0148048452220726
                                          RT_ICON0x1755b340x3adPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedRussianRussia1.0116896918172158
                                          RT_ICON0x168ea200xacdataRussianRussia1.063953488372093
                                          RT_ICON0x168eae80x159dataRussianRussia1.0318840579710145
                                          RT_ICON0x168ec480x1e6dataRussianRussia1.022633744855967
                                          RT_ICON0x168ee300x1f6dataRussianRussia1.0219123505976095
                                          RT_ICON0x168f0280x26ddataRussianRussia1.0177133655394526
                                          RT_ICON0x168f2980x31bdataRussianRussia1.0138364779874214
                                          RT_ICON0x168f5b80x3e7dataRussianRussia1.011011011011011
                                          RT_ICON0x168fa000xddDOS executable (COM)RussianRussia1.0497737556561086
                                          RT_ICON0x168faf80x10fdataRussianRussia1.040590405904059
                                          RT_ICON0x168fc200x25a8dataRussianRussia0.999896265560166
                                          RT_ICON0x16921e00x12ddataRussianRussia1.0365448504983388
                                          RT_ICON0x16923280x106dataRussianRussia1.0419847328244274
                                          RT_ICON0x16924480x109dataRussianRussia1.0415094339622641
                                          RT_ICON0x16925700x171dataRussianRussia1.029810298102981
                                          RT_ICON0x16927000x109ddataRussianRussia1.0025864095932282
                                          RT_ICON0x16937b80xdd9dataRussianRussia1.0031029619181946
                                          RT_ICON0x16945b00xc0edataRussianRussia1.0035644847699288
                                          RT_ICON0x16951d80xb91dataRussianRussia1.0037149611617697
                                          RT_ICON0x1695d880xdd9dataRussianRussia1.0031029619181946
                                          RT_ICON0x1696b800x11cdataRussianRussia1.0387323943661972
                                          RT_ICON0x1696cb80x116dataRussianRussia1.039568345323741
                                          RT_ICON0x1696de80x1c4dataRussianRussia1.0243362831858407
                                          RT_ICON0x1696fc80x1a1dataRussianRussia1.026378896882494
                                          RT_ICON0x16971880x182dataRussianRussia1.028497409326425
                                          RT_ICON0x16973280x222dataRussianRussia1.02014652014652
                                          RT_ICON0x16975680x11fOpenPGP Secret KeyRussianRussia1.038327526132404
                                          RT_ICON0x16976a00x103dataRussianRussia1.0424710424710424
                                          RT_ICON0x16977c00x1588dataRussianRussia1.0019956458635704
                                          RT_ICON0x1698d600x580dataRussianRussia1.0078125
                                          RT_ICON0x16992f80x988dataRussianRussia1.0045081967213114
                                          RT_ICON0x1699c980x25a8dataRussianRussia0.9986514522821577
                                          RT_ICON0x169c2580x10828dataRussianRussia0.9908316573997398
                                          RT_ICON0x16d3a280x163data1.0309859154929577
                                          RT_ICON0x16d3b900x20ddata1.020952380952381
                                          RT_ICON0x16d3da00x21bdata1.0148423005565863
                                          RT_ICON0x16d3fc00x282data1.017133956386293
                                          RT_ICON0x16d42480x33cdata1.0132850241545894
                                          RT_ICON0x16d45880x413data1.0105465004793863
                                          RT_ICON0x16d4a000x152data0.9792899408284024
                                          RT_ICON0x16d4ff80x10a8dataEnglishUnited States0.9798311444652908
                                          RT_ICON0x16d60b80x988dataEnglishUnited States1.0045081967213114
                                          RT_ICON0x16d6a580x988dataEnglishUnited States0.9721311475409836
                                          RT_ICON0x16d73f80x10828dataEnglishUnited States0.9158286998698687
                                          RT_MENU0x16d4b700xf8data1.0161290322580645
                                          RT_MENU0x16acd200xd2dataRussianRussia1.0523809523809524
                                          RT_MENU0x16acdf80x66dataRussianRussia1.088235294117647
                                          RT_MENU0x16d4c680x46data1.1571428571428573
                                          RT_DIALOG0x168a0f00x490dataRussianRussia1.009417808219178
                                          RT_DIALOG0x168a5800x78dataRussianRussia1.0916666666666666
                                          RT_DIALOG0x16d4cb00x100data0.9765625
                                          RT_DIALOG0x168a5f80x1f8dataRussianRussia1.0218253968253967
                                          RT_DIALOG0x168acb00x190dataRussianRussia1.0275
                                          RT_DIALOG0x168ae400x154dataRussianRussia1.0323529411764707
                                          RT_DIALOG0x168af980xf4dataRussianRussia1.0450819672131149
                                          RT_DIALOG0x168b0900x12cdataRussianRussia1.0366666666666666
                                          RT_DIALOG0x168b1c00x110dataRussianRussia1.0404411764705883
                                          RT_DIALOG0x168b2d00x128dataRussianRussia1.037162162162162
                                          RT_DIALOG0x168b3f80x154dataRussianRussia1.0323529411764707
                                          RT_DIALOG0x168b5500x7edataRussianRussia1.0873015873015872
                                          RT_DIALOG0x168b8080x148dataRussianRussia1.0335365853658536
                                          RT_DIALOG0x168b7380xd0dataRussianRussia1.0528846153846154
                                          RT_DIALOG0x168b5d00x164dataRussianRussia1.0308988764044944
                                          RT_DIALOG0x168b9500x14cdataRussianRussia1.033132530120482
                                          RT_DIALOG0x168baa00x1f0dataRussianRussia1.0221774193548387
                                          RT_DIALOG0x168bc900x284dataRussianRussia1.0170807453416149
                                          RT_DIALOG0x16d4db80x232dataEnglishUnited States1.019572953736655
                                          RT_DIALOG0x168bf180x182dataRussianRussia1.0129533678756477
                                          RT_DIALOG0x168c0a00x68dataRussianRussia1.1057692307692308
                                          RT_DIALOG0x168c1080x1f8DOS executable (COM, 0x8C-variant)RussianRussia1.0218253968253967
                                          RT_DIALOG0x168c3000x218dataRussianRussia1.0205223880597014
                                          RT_DIALOG0x168c5180x2badataRussianRussia1.015759312320917
                                          RT_DIALOG0x168c7d80x242dataRussianRussia1.019031141868512
                                          RT_DIALOG0x168a7f00x21cdataRussianRussia1.0203703703703704
                                          RT_DIALOG0x168aa100x29adataRussianRussia1.0165165165165164
                                          RT_DIALOG0x168ca200x72OpenPGP Secret KeyRussianRussia1.0964912280701755
                                          RT_STRING0x16e9a180x38dataRussianRussia1.1964285714285714
                                          RT_GROUP_ICON0x1755ee80x5adataRussianRussia0.8
                                          RT_GROUP_ICON0x168db780x5adataRussianRussia1.1222222222222222
                                          RT_GROUP_ICON0x16d49a00x5adata1.1222222222222222
                                          RT_GROUP_ICON0x16977a80x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x168ead00x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x168f9a00x5adataRussianRussia1.1222222222222222
                                          RT_GROUP_ICON0x1698d480x14Non-ISO extended-ASCII text, with CR line terminatorsRussianRussia1.45
                                          RT_GROUP_ICON0x168fae00x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x168fc080x14dataRussianRussia1.2
                                          RT_GROUP_ICON0x16921c80x14Non-ISO extended-ASCII text, with LF, NEL line terminatorsRussianRussia1.4
                                          RT_GROUP_ICON0x16d4b580x14Non-ISO extended-ASCII text, with no line terminators1.4
                                          RT_GROUP_ICON0x16923100x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x16924300x14locale data tableRussianRussia1.4
                                          RT_GROUP_ICON0x16925580x14International EBCDIC text, with NEL line terminatorsRussianRussia1.45
                                          RT_GROUP_ICON0x16926e80x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x16937a00x14Non-ISO extended-ASCII text, with no line terminators, with overstrikingRussianRussia1.45
                                          RT_GROUP_ICON0x16945980x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16951c00x14Non-ISO extended-ASCII text, with no line terminatorsRussianRussia1.4
                                          RT_GROUP_ICON0x1695d700x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x1696b680x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x1696ca00x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x1696dd00x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x1696fb00x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16971700x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16973100x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16975500x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16976880x14dataRussianRussia1.4
                                          RT_GROUP_ICON0x16992e00x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x1699c800x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16d60a00x14dataEnglishUnited States1.45
                                          RT_GROUP_ICON0x169c2400x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16aca800x14dataRussianRussia1.45
                                          RT_GROUP_ICON0x16d6a400x14dataEnglishUnited States1.4
                                          RT_GROUP_ICON0x16d73e00x14dataEnglishUnited States1.45
                                          RT_GROUP_ICON0x16e7c200x14dataEnglishUnited States1.45
                                          RT_VERSION0x1755f480x284dataRussianRussia0.468944099378882
                                          RT_MANIFEST0x17561d00x87fXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2115), with CRLF line terminatorsEnglishUnited States0.31264367816091954

                                          Imports

                                          DLLImport
                                          ADVAPI32.dllFreeSid
                                          COMCTL32.dll_TrackMouseEvent
                                          d3d11.dllD3D11CreateDevice
                                          dbghelp.dllStackWalk
                                          dxgi.dllCreateDXGIFactory1
                                          GDI32.dllLineTo
                                          gdiplus.dllGdipFree
                                          IPHLPAPI.DLLGetIfEntry2
                                          KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                          MPR.dllWNetGetConnectionW
                                          msdmo.dllMoInitMediaType
                                          NETAPI32.dllNetUserGetInfo
                                          ntdll.dllRtlGetVersion
                                          NTDSAPI.dllDsMakeSpnW
                                          ole32.dllOleCreate
                                          OLEAUT32.dllSysFreeString
                                          POWRPROF.dllPowerGetActiveScheme
                                          RPCRT4.dllUuidEqual
                                          SAS.dllSendSAS
                                          Secur32.dllFreeCredentialsHandle
                                          SHELL32.dll
                                          SHLWAPI.dllPathFileExistsA
                                          USER32.dllGetDC
                                          USERENV.dllCreateEnvironmentBlock
                                          UxTheme.dllIsThemeActive
                                          VERSION.dllVerQueryValueW
                                          WINHTTP.dllWinHttpOpen
                                          WINMM.dllwaveInOpen
                                          WINSPOOL.DRVGetPrinterW
                                          WS2_32.dllWSASetLastError
                                          WTSAPI32.dllWTSFreeMemory

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          RussianRussia
                                          EnglishUnited States

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Aug 13, 2024 08:52:04.552596092 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:04.552654982 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:04.552742958 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:04.553314924 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:04.553350925 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.220493078 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.221837997 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:05.221901894 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.223942041 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.224010944 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:05.225747108 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:05.225846052 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.225913048 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:05.225929022 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.269504070 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:05.553651094 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.553747892 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:05.553822994 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:06.314378977 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:06.314445019 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:06.314517975 CEST49732443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:06.314536095 CEST443497325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:17.325362921 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:17.325450897 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:17.325566053 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:17.326117992 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:17.326200008 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.005609035 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.024869919 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.024933100 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.026473999 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.026683092 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.076967955 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.077135086 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.077718973 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.077804089 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.128957987 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.412925005 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.412997007 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:18.413177013 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.517313957 CEST49733443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:18.517379045 CEST443497335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:36.564488888 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:36.564516068 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:36.564589024 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:36.564937115 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:36.564955950 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.209192991 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.209784031 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.209846020 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.210892916 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.210971117 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.211935997 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.212009907 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.212081909 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.212100983 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.254003048 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.536401987 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.536454916 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.536554098 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.539382935 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.539455891 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:37.539496899 CEST49742443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:37.539515972 CEST443497425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:43.559998989 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:43.560048103 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:43.560314894 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:43.560391903 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:43.560405970 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.248471022 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.248950958 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.249011993 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.250473976 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.250564098 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.251446962 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.251544952 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.251615047 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.251632929 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.300940037 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.594098091 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.594189882 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:44.594255924 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.596556902 CEST49743443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:44.596602917 CEST443497435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:54.383014917 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:54.383128881 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:54.383233070 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:54.383590937 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:54.383627892 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.619797945 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.620249987 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.620313883 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.621777058 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.621845007 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.622996092 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.623084068 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.623143911 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.623162031 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.676023006 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.953255892 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.953344107 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:52:55.953486919 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.956146002 CEST49744443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:52:55.956191063 CEST443497445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.065226078 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.065311909 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.065552950 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.068913937 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.069021940 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.715493917 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.716255903 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.716320038 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.717819929 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.717905045 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.718816996 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.718911886 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.718974113 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:09.719003916 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:09.769877911 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:10.181083918 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:10.181175947 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:10.181240082 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:10.190716982 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:10.190716982 CEST49746443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:10.190785885 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:10.190821886 CEST443497465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:11.813127995 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:11.813252926 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:11.813379049 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:11.813901901 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:11.813983917 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.466259003 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.467088938 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.467122078 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.468605042 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.468786955 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.469608068 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.469695091 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.469754934 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.469777107 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.519819021 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.805918932 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.806003094 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.806211948 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.808931112 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.808931112 CEST49747443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:12.809000015 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:12.809039116 CEST443497475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:16.420778990 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:16.420865059 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:16.421001911 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:16.421493053 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:16.421576023 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.166487932 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.167305946 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.167367935 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.168917894 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.169044018 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.170475006 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.171428919 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.171523094 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.171555042 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.223057032 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.500585079 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.500804901 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.500967979 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.510381937 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.510421991 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:17.510446072 CEST49748443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:17.510454893 CEST443497485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.212057114 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.212145090 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.212275982 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.212560892 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.212595940 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.858915091 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.859332085 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.859394073 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.860877991 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.860949039 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.862283945 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.862375975 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.862437963 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:21.862456083 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:21.910324097 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:22.206418991 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:22.206504107 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:22.206669092 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:22.210009098 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:22.210052013 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:22.210088015 CEST49749443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:22.210103035 CEST443497495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.071615934 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.071702003 CEST443497505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.071835995 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.072252035 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.072335958 CEST443497505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.077740908 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.102235079 CEST49751443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.102314949 CEST443497515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.102401018 CEST49751443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.102672100 CEST49751443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.102725029 CEST443497515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.110733986 CEST49751443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.124506950 CEST443497505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.152544022 CEST443497515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.168401003 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.168461084 CEST443497525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.168654919 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.168905973 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.168955088 CEST443497525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.176608086 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.211630106 CEST49753443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.211709976 CEST443497535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.211791992 CEST49753443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.212014914 CEST49753443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.212049007 CEST443497535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.220545053 CEST443497525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.221165895 CEST49753443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.262172937 CEST49754443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.262217045 CEST443497545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.262306929 CEST49754443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.262851000 CEST49754443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.262877941 CEST443497545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.268543005 CEST443497535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.293677092 CEST49754443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.335378885 CEST49755443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.335458040 CEST443497555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.335592031 CEST49755443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.335953951 CEST49755443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.336034060 CEST443497555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.336587906 CEST443497545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.346004963 CEST49755443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.367135048 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.367212057 CEST443497565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.368185043 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.368530989 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.368566036 CEST443497565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.375614882 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.388572931 CEST443497555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.398283005 CEST49757443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.398377895 CEST443497575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.398500919 CEST49757443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.398700953 CEST49757443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.398736000 CEST443497575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.400947094 CEST49757443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.416601896 CEST443497565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.429447889 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.429527044 CEST443497585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.429624081 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.429851055 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.429886103 CEST443497585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.436189890 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.448499918 CEST443497575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.460520983 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.460608959 CEST443497595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.460721970 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.461066961 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.461178064 CEST443497595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.467433929 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.476546049 CEST443497585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.492000103 CEST49760443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.492048979 CEST443497605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.492120981 CEST49760443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.492466927 CEST49760443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.492489100 CEST443497605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.496834993 CEST49760443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.512545109 CEST443497595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.523962975 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.523998022 CEST443497615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.524367094 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.524708033 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.524723053 CEST443497615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.531702995 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.544507980 CEST443497605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.555299997 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.555311918 CEST443497625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.555386066 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.555612087 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.555620909 CEST443497625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.560337067 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.576509953 CEST443497615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.585583925 CEST49763443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.585602045 CEST443497635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.585689068 CEST49763443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.586183071 CEST49763443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.586196899 CEST443497635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.594686031 CEST49763443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.604533911 CEST443497625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.618392944 CEST49764443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.618416071 CEST443497645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.618525028 CEST49764443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.618736982 CEST49764443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.618751049 CEST443497645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.623825073 CEST49764443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.640501022 CEST443497635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.647485018 CEST49765443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.647496939 CEST443497655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.647556067 CEST49765443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.647917032 CEST49765443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.647924900 CEST443497655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.655615091 CEST49765443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.664526939 CEST443497645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.679352045 CEST49766443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.679362059 CEST443497665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.679536104 CEST49766443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.679740906 CEST49766443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.679752111 CEST443497665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.684334040 CEST49766443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.700510025 CEST443497655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.709798098 CEST49767443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.709820032 CEST443497675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.709933996 CEST49767443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.710139990 CEST49767443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.710151911 CEST443497675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.715521097 CEST49767443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.722531080 CEST443497505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.722652912 CEST443497505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.722713947 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.722714901 CEST49750443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.724541903 CEST443497665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.742024899 CEST49768443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.742043018 CEST443497685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.742199898 CEST49768443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.742500067 CEST49768443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.742513895 CEST443497685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.745122910 CEST443497515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.745187998 CEST49751443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.749533892 CEST49768443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.760639906 CEST443497675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.773302078 CEST49769443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.773323059 CEST443497695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.773391962 CEST49769443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.773719072 CEST49769443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.773731947 CEST443497695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.780859947 CEST49769443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.792521000 CEST443497685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.806560040 CEST49770443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.806574106 CEST443497705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.806642056 CEST49770443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.806863070 CEST49770443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.806874990 CEST443497705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.816406965 CEST49770443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.827269077 CEST443497525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.827569008 CEST443497525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.827837944 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.828505993 CEST443497695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.828588963 CEST49752443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.860523939 CEST443497705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.867845058 CEST49771443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.867882013 CEST443497715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.867963076 CEST49771443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.868285894 CEST49771443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.868304968 CEST443497715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.874320030 CEST49771443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.881267071 CEST443497535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.881337881 CEST49753443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.902049065 CEST49772443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.902076006 CEST443497725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.902213097 CEST49772443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.902452946 CEST49772443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.902465105 CEST443497725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.913697958 CEST49772443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.916551113 CEST443497715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.922847033 CEST443497545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.922930002 CEST49754443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.945411921 CEST49773443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.945431948 CEST443497735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.945494890 CEST49773443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.945744991 CEST49773443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.945758104 CEST443497735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.951194048 CEST49773443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.956547022 CEST443497725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.976954937 CEST49774443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.976972103 CEST443497745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.977049112 CEST49774443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.977437973 CEST49774443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.977447033 CEST443497745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.981314898 CEST49774443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:26.996507883 CEST443497735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.996738911 CEST443497555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:26.996829987 CEST49755443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.007895947 CEST49775443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.007914066 CEST443497755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.007986069 CEST49775443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.008177996 CEST49775443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.008189917 CEST443497755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.015871048 CEST49775443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.018790960 CEST443497565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.018886089 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.018904924 CEST443497565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.018968105 CEST49756443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.028532028 CEST443497745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.039319992 CEST49776443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.039361000 CEST443497765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.039431095 CEST49776443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.039625883 CEST49776443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.039642096 CEST443497765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.048125029 CEST49776443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.059472084 CEST443497575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.059645891 CEST49757443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.060503960 CEST443497755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.071094036 CEST49777443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.071131945 CEST443497775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.071192980 CEST49777443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.071470022 CEST49777443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.071486950 CEST443497775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.076035976 CEST49777443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.092499018 CEST443497765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.103010893 CEST49778443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.103024960 CEST443497785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.103130102 CEST49778443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.103610039 CEST49778443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.103622913 CEST443497785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.110531092 CEST49778443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.116518021 CEST443497775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.136003971 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.136015892 CEST443497795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.136217117 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.136487961 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.136495113 CEST443497795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.136732101 CEST443497595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.136847019 CEST443497595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.136946917 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.136948109 CEST49759443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.143625975 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.144197941 CEST443497605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.144269943 CEST49760443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.156491995 CEST443497785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.181742907 CEST443497615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.182033062 CEST443497615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.182117939 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.182146072 CEST49761443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.184547901 CEST443497795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.186481953 CEST443497585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.186794996 CEST443497585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.186882019 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.189815998 CEST49758443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.199481010 CEST443497625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.199608088 CEST443497625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.199682951 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.202294111 CEST49762443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.215625048 CEST49780443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.215647936 CEST443497805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.215732098 CEST49780443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.215933084 CEST49780443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.215946913 CEST443497805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.224189043 CEST49780443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.247345924 CEST443497635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.247411966 CEST49763443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.260366917 CEST49781443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.260386944 CEST443497815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.260457993 CEST49781443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.260776043 CEST49781443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.260787964 CEST443497815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.268508911 CEST443497805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.276576996 CEST49781443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.288801908 CEST443497645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.288865089 CEST49764443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.298605919 CEST443497655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.298662901 CEST49765443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.305633068 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.305643082 CEST443497825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.305707932 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.306073904 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.306096077 CEST443497825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.318695068 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.324522972 CEST443497815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.350805998 CEST49783443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.350825071 CEST443497835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.350886106 CEST49783443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.351133108 CEST49783443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.351145983 CEST443497835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.356595993 CEST443497665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.356657982 CEST49766443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.360500097 CEST443497825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.362226963 CEST49783443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.373159885 CEST443497675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.373209953 CEST49767443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.381963968 CEST49784443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.381978989 CEST443497845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.382056952 CEST49784443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.382260084 CEST49784443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.382270098 CEST443497845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.392498016 CEST49784443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.400986910 CEST443497685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.401066065 CEST49768443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.408502102 CEST443497835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.414706945 CEST49785443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.414721966 CEST443497855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.414922953 CEST49785443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.415342093 CEST49785443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.415359974 CEST443497855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.422385931 CEST49785443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.440499067 CEST443497845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.445957899 CEST49786443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.445966959 CEST443497865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.446038008 CEST49786443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.446278095 CEST49786443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.446288109 CEST443497865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.449965000 CEST443497695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.450036049 CEST49769443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.453952074 CEST49786443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.468521118 CEST443497855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.478754044 CEST49787443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.478768110 CEST443497875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.478816986 CEST49787443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.479171038 CEST49787443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.479182005 CEST443497875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.487871885 CEST49787443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.500519991 CEST443497865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.524296045 CEST443497715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.524497986 CEST49771443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.528500080 CEST443497875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.556617022 CEST443497725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.556711912 CEST49772443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.586237907 CEST443497705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.586332083 CEST49770443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.586833954 CEST49788443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.586855888 CEST443497885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.586930990 CEST49788443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.587301970 CEST49788443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.587312937 CEST443497885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.591124058 CEST49788443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.612428904 CEST443497735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.612504959 CEST49773443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.617750883 CEST49789443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.617774010 CEST443497895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.617851019 CEST49789443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.618236065 CEST49789443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.618247032 CEST443497895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.627520084 CEST49789443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.632529974 CEST443497885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.632865906 CEST443497745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.632963896 CEST49774443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.647995949 CEST49790443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.648009062 CEST443497905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.648072958 CEST49790443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.648437023 CEST49790443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.648447990 CEST443497905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.651621103 CEST49790443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.668585062 CEST443497895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.678945065 CEST49791443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.678973913 CEST443497915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.679070950 CEST49791443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.679541111 CEST49791443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.679552078 CEST443497915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.681528091 CEST443497755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.681605101 CEST49775443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.687586069 CEST49791443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.692504883 CEST443497905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.697577953 CEST443497765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.697647095 CEST49776443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.712084055 CEST49792443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.712169886 CEST443497925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.712374926 CEST49792443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.712765932 CEST49792443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.712805033 CEST443497925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.721100092 CEST49792443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.728548050 CEST443497915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.732228041 CEST443497775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.732290983 CEST49777443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.741009951 CEST49793443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.741102934 CEST443497935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.741552114 CEST49793443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.741771936 CEST49793443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.741853952 CEST443497935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.750674009 CEST49793443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.758496046 CEST443497785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.758567095 CEST49778443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.764574051 CEST443497925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.774058104 CEST49794443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.774137020 CEST443497945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.774229050 CEST49794443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.774580956 CEST49794443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.774621964 CEST443497945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.779958010 CEST49794443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.792545080 CEST443497935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.804063082 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.804140091 CEST443497955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.804317951 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.804693937 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.804728031 CEST443497955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.812704086 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.820528984 CEST443497945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.822063923 CEST443497795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.822388887 CEST443497795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.822695971 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.822714090 CEST49779443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.837074041 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.837152958 CEST443497965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.837451935 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.837610006 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.837645054 CEST443497965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.846153021 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.856528997 CEST443497955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.865752935 CEST443497805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.865864038 CEST49780443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.867908001 CEST49797443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.867985010 CEST443497975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.868141890 CEST49797443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.868415117 CEST49797443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.868448019 CEST443497975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.878390074 CEST49797443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.888545036 CEST443497965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.914316893 CEST49798443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.914396048 CEST443497985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.914665937 CEST49798443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.914861917 CEST49798443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.914910078 CEST443497985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.920573950 CEST443497975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.929663897 CEST49798443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.957891941 CEST443497825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.958039045 CEST443497825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.958101034 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.958127975 CEST49782443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.962573051 CEST49799443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.962666035 CEST443497995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.962995052 CEST49799443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.963145018 CEST49799443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.963196039 CEST443497995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.965970039 CEST443497815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.966020107 CEST49781443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.970664978 CEST49799443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.972584963 CEST443497985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.992297888 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.992374897 CEST443498005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.992461920 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.992803097 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.992841005 CEST443498005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.998369932 CEST443497835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:27.998646975 CEST49783443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:27.999228954 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.012511969 CEST443497995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.024735928 CEST49801443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.024815083 CEST443498015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.024926901 CEST49801443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.025286913 CEST49801443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.025321007 CEST443498015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.033297062 CEST49801443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.040510893 CEST443498005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.050354958 CEST443497845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.050415039 CEST49784443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.055690050 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.055768013 CEST443498025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.055877924 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.056201935 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.056278944 CEST443498025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.071858883 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.080506086 CEST443498015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.090536118 CEST443497855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.090661049 CEST49785443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.102758884 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.102834940 CEST443498035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.103045940 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.103429079 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.103463888 CEST443498035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.116055965 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.116506100 CEST443498025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.123508930 CEST443497865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.123578072 CEST49786443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.145425081 CEST443497875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.145497084 CEST49787443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.148374081 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.148448944 CEST443498045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.148551941 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.149065971 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.149106026 CEST443498045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.160501957 CEST443498035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.166201115 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.196880102 CEST49805443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.196957111 CEST443498055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.197154999 CEST49805443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.197499990 CEST49805443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.197534084 CEST443498055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.204920053 CEST49805443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.208542109 CEST443498045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.225882053 CEST49806443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.225965977 CEST443498065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.226068020 CEST49806443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.226447105 CEST49806443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.226483107 CEST443498065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.233764887 CEST49806443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.240423918 CEST443497885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.240521908 CEST49788443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.248586893 CEST443498055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.258019924 CEST49807443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.258096933 CEST443498075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.258177042 CEST49807443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.258443117 CEST49807443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.258476973 CEST443498075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.264616013 CEST49807443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.276592016 CEST443498065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.280448914 CEST443497895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.280536890 CEST49789443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.288894892 CEST49808443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.288973093 CEST443498085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.289174080 CEST49808443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.289509058 CEST49808443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.289551020 CEST443498085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.294795990 CEST49808443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.303690910 CEST443497905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.303771973 CEST49790443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.312514067 CEST443498075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.320568085 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.320673943 CEST443498095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.320776939 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.321238995 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.321326017 CEST443498095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.326986074 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.330394983 CEST443497915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.330502033 CEST49791443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.336538076 CEST443498085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.351099014 CEST49810443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.351177931 CEST443498105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.351602077 CEST49810443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.351960897 CEST49810443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.352040052 CEST443498105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.365387917 CEST49810443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.372518063 CEST443498095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.386154890 CEST443497925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.386235952 CEST49792443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.396676064 CEST443497935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.396904945 CEST49793443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.398725986 CEST49811443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.398803949 CEST443498115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.398900986 CEST49811443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.399126053 CEST49811443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.399163008 CEST443498115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.409257889 CEST49811443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.412503958 CEST443498105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.429075956 CEST49812443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.429156065 CEST443498125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.429233074 CEST49812443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.429583073 CEST49812443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.429621935 CEST443498125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.435307980 CEST49812443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.443928957 CEST443497945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.444061995 CEST49794443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.456592083 CEST443498115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.461751938 CEST49813443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.461832047 CEST443498135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.461924076 CEST49813443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.462367058 CEST49813443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.462445021 CEST443498135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.467159033 CEST49813443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.471384048 CEST443497955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.471518040 CEST443497955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.471549988 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.471607924 CEST49795443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.480573893 CEST443498125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.492224932 CEST49814443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.492304087 CEST443498145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.492419958 CEST49814443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.492841005 CEST49814443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.492953062 CEST443498145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.496702909 CEST443497965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.496795893 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.496830940 CEST443497965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.496886969 CEST49796443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.500612974 CEST49814443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.508573055 CEST443498135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.520684958 CEST443497975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.520786047 CEST49797443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.523682117 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.523760080 CEST443498155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.523848057 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.524338007 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.524370909 CEST443498155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.528223038 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.548510075 CEST443498145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.556519985 CEST49816443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.556598902 CEST443498165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.556984901 CEST49816443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.557159901 CEST49816443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.557205915 CEST443498165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.563010931 CEST443497985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.563076019 CEST49798443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.565084934 CEST49816443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.572496891 CEST443498155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.587213039 CEST49817443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.587328911 CEST443498175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.587477922 CEST49817443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.587836981 CEST49817443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.587915897 CEST443498175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.594543934 CEST49817443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.612504005 CEST443498165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.619447947 CEST49818443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.619524956 CEST443498185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.619611025 CEST49818443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.620021105 CEST49818443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.620099068 CEST443498185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.627638102 CEST443497995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.627883911 CEST49799443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.628356934 CEST49818443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.640494108 CEST443498175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.644341946 CEST443498005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.644473076 CEST443498005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.644623041 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.644623041 CEST49800443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.664166927 CEST49819443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.664246082 CEST443498195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.664340019 CEST49819443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.664973974 CEST49819443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.665013075 CEST443498195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.668570995 CEST443498185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.677670956 CEST49819443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.702342987 CEST443498015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.702532053 CEST49801443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.706486940 CEST443498025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.706605911 CEST443498025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.706749916 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.707088947 CEST49802443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.711682081 CEST49820443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.711711884 CEST443498205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.711777925 CEST49820443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.712201118 CEST49820443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.712220907 CEST443498205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.720582962 CEST443498195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.726469040 CEST49820443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.747443914 CEST443498035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.747751951 CEST443498035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.747929096 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.747929096 CEST49803443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.759680986 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.759759903 CEST443498215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.760199070 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.760418892 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.760464907 CEST443498215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.772494078 CEST443498205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.779438972 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.804428101 CEST49822443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.804546118 CEST443498225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.804636955 CEST49822443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.804989100 CEST49822443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.805097103 CEST443498225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.810425043 CEST443498045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.810564995 CEST443498045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.810615063 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.810616016 CEST49804443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.814635038 CEST49822443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.820570946 CEST443498215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.838279009 CEST49823443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.838330984 CEST443498235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.838435888 CEST49823443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.838680983 CEST49823443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.838709116 CEST443498235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.852797031 CEST49823443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.853776932 CEST443498055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.853883028 CEST49805443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.856585979 CEST443498225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.872956991 CEST443498065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.873179913 CEST49806443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.882672071 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.882702112 CEST443498245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.882839918 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.883066893 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.883080959 CEST443498245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.896518946 CEST443498235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.921449900 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.923932076 CEST443498075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.924012899 CEST49807443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.933892965 CEST443498085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.933968067 CEST49808443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.945624113 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.945682049 CEST443498255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.946312904 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.946703911 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.946732044 CEST443498255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.957047939 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.964526892 CEST443498245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.992280006 CEST443498095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.992391109 CEST443498095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.992394924 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.992461920 CEST49809443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.992614985 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.992639065 CEST443498265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:28.992739916 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.992960930 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:28.992974997 CEST443498265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.001034021 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.004503965 CEST443498255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.013062000 CEST443498105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.013147116 CEST49810443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.022900105 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.022922039 CEST443498275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.023009062 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.023363113 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.023375988 CEST443498275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.029126883 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.048495054 CEST443498265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.055370092 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.055385113 CEST443498285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.055521965 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.055989981 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.056004047 CEST443498285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.066214085 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.067698002 CEST443498115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.067784071 CEST49811443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.076500893 CEST443498275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.108522892 CEST443498285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.118694067 CEST49829443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.118720055 CEST443498295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.118788958 CEST49829443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.119158030 CEST49829443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.119180918 CEST443498295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.128361940 CEST49829443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.128784895 CEST443498135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.128870964 CEST49813443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.150011063 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.150027990 CEST443498305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.150105953 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.150397062 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.150408030 CEST443498305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.159764051 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.167215109 CEST443498125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.167294979 CEST49812443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.167758942 CEST443498145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.167843103 CEST49814443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.168529987 CEST443498295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.180583954 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.180602074 CEST443498315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.180665970 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.180867910 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.180881023 CEST443498315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.185158014 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.200548887 CEST443498305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.207266092 CEST443498165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.207331896 CEST49816443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.211365938 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.211393118 CEST443498325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.211451054 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.211757898 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.211772919 CEST443498325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.218794107 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.232534885 CEST443498315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.236713886 CEST443498175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.236785889 CEST49817443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.251492977 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.251522064 CEST443498335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.251590014 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.252000093 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.252012968 CEST443498335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.262732029 CEST443498155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.262861967 CEST443498155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.262866020 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.262996912 CEST49815443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.263643026 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.264512062 CEST443498325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.269113064 CEST443498185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.269181013 CEST49818443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.289772987 CEST49834443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.289800882 CEST443498345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.289860010 CEST49834443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.290297031 CEST49834443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.290311098 CEST443498345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.295043945 CEST49834443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.308501959 CEST443498335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.310517073 CEST443498195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.310579062 CEST49819443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.321722984 CEST49835443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.321749926 CEST443498355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.321821928 CEST49835443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.322087049 CEST49835443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.322099924 CEST443498355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.331222057 CEST49835443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.340496063 CEST443498345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.352436066 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.352452040 CEST443498365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.352529049 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.352802038 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.352827072 CEST443498365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.362904072 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.363109112 CEST443498205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.363193989 CEST49820443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.376502991 CEST443498355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.386214972 CEST49837443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.386236906 CEST443498375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.386307955 CEST49837443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.386713982 CEST49837443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.386727095 CEST443498375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.396620035 CEST49837443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.408525944 CEST443498365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.424526930 CEST443498215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.424663067 CEST443498215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.424735069 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.424735069 CEST49821443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.432277918 CEST49838443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.432288885 CEST443498385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.432497025 CEST49838443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.432813883 CEST49838443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.432823896 CEST443498385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.444500923 CEST443498375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.447050095 CEST49838443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.477081060 CEST443498225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.477170944 CEST49822443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.478496075 CEST49839443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.478522062 CEST443498395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.478620052 CEST49839443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.478857040 CEST49839443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.478868961 CEST443498395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.487415075 CEST443498235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.487488031 CEST49823443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.492496967 CEST443498385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.493582010 CEST49839443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.523694992 CEST49840443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.523730040 CEST443498405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.523799896 CEST49840443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.524049997 CEST49840443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.524065018 CEST443498405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.531125069 CEST49840443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.536542892 CEST443498395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.543350935 CEST443498245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.543442011 CEST443498245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.543528080 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.543528080 CEST49824443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.554085970 CEST49841443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.554119110 CEST443498415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.554416895 CEST49841443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.554711103 CEST49841443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.554723978 CEST443498415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.569813967 CEST49841443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.576500893 CEST443498405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.603617907 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.603640079 CEST443498425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.603733063 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.604064941 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.604074001 CEST443498425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.609620094 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.612543106 CEST443498415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.619569063 CEST443498255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.619893074 CEST443498255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.620035887 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.620037079 CEST49825443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.634702921 CEST49843443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.634727001 CEST443498435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.634790897 CEST49843443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.635210991 CEST49843443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.635224104 CEST443498435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.639136076 CEST443498265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.639265060 CEST443498265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.641820908 CEST49843443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.641875029 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.641875029 CEST49826443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.656522989 CEST443498425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.663650990 CEST49844443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.663664103 CEST443498445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.663856983 CEST49844443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.667623997 CEST49844443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.667634010 CEST443498445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.670711994 CEST49844443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.688503027 CEST443498435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.699664116 CEST49845443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.699681997 CEST443498455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.703766108 CEST49845443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.704201937 CEST443498275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.704334021 CEST443498275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.704368114 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.704586983 CEST49827443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.706665039 CEST443498285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.706994057 CEST443498285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.707068920 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.707068920 CEST49828443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.712527037 CEST443498445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.731628895 CEST49846443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.731667042 CEST443498465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.731796980 CEST49846443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.758611917 CEST49847443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.758690119 CEST443498475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.758809090 CEST49847443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.761667013 CEST49847443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.761698961 CEST443498475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.765850067 CEST49847443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.766561985 CEST443498295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.766719103 CEST49829443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.789724112 CEST49848443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.789747000 CEST443498485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.794517994 CEST49848443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.803369045 CEST443498305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.803510904 CEST443498305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.803538084 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.804289103 CEST49830443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.808520079 CEST443498475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.819828033 CEST49849443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.819864988 CEST443498495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.821151018 CEST49849443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.821346045 CEST49849443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.821361065 CEST443498495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.830509901 CEST49849443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.840538979 CEST443498315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.840668917 CEST443498315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.840728998 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.840888023 CEST49831443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.862760067 CEST443498325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.863125086 CEST443498325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.863209963 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.863209963 CEST49832443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.866022110 CEST49850443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.866039991 CEST443498505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.871752024 CEST49850443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.871983051 CEST49850443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.871997118 CEST443498505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.876497030 CEST443498495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.876574993 CEST49850443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.902777910 CEST49851443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.902792931 CEST443498515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.902936935 CEST49851443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.903301954 CEST49851443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.903320074 CEST443498515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.905385017 CEST49851443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.911158085 CEST443498335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.911242962 CEST443498335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.911267996 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.911370039 CEST49833443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.924504042 CEST443498505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.939804077 CEST443498345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.939944983 CEST49834443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.947622061 CEST49852443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.947654009 CEST443498525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.950479031 CEST49852443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.952518940 CEST443498515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.975908041 CEST49853443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.975924015 CEST443498535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.976114988 CEST49853443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.978751898 CEST49853443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:29.978765011 CEST443498535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:29.986095905 CEST49853443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.009634018 CEST49854443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.009654045 CEST443498545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.009780884 CEST49854443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.010027885 CEST49854443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.010041952 CEST443498545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.012516022 CEST49854443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.021795988 CEST443498365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.021893024 CEST443498365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.021915913 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.022126913 CEST49836443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.028541088 CEST443498535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.038536072 CEST443498375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.038744926 CEST49855443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.038769960 CEST443498555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.038800001 CEST49837443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.038875103 CEST49855443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.039061069 CEST49855443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.039074898 CEST443498555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.045068979 CEST49855443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.054893017 CEST443498355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.054975033 CEST49835443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.060508013 CEST443498545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.069334030 CEST49856443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.069411993 CEST443498565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.069823980 CEST49856443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.070031881 CEST49856443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.070065975 CEST443498565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.075213909 CEST49856443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.092535973 CEST443498555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.100506067 CEST49857443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.100586891 CEST443498575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.101453066 CEST443498385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.101594925 CEST49857443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.101605892 CEST49838443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.101818085 CEST49857443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.101847887 CEST443498575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.108803034 CEST49857443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.120508909 CEST443498565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.131630898 CEST49858443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.131652117 CEST443498585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.131733894 CEST49858443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.131972075 CEST49858443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.131999016 CEST443498585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.137536049 CEST49858443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.138919115 CEST443498395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.139070988 CEST49839443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.156534910 CEST443498575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.163937092 CEST49859443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.163966894 CEST443498595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.164041042 CEST49859443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.164313078 CEST49859443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.164339066 CEST443498595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.167186022 CEST49859443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.180525064 CEST443498585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.186731100 CEST443498405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.186820984 CEST49840443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.198168993 CEST49860443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.198191881 CEST443498605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.198296070 CEST49860443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.198522091 CEST49860443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.198545933 CEST443498605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.201054096 CEST49860443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.208547115 CEST443498595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.208868980 CEST443498415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.208947897 CEST49841443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.226058006 CEST49861443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.226085901 CEST443498615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.226176023 CEST49861443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.226516962 CEST49861443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.226543903 CEST443498615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.233812094 CEST49861443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.248512983 CEST443498605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.257531881 CEST443498425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.257622957 CEST443498425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.257714033 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.257714987 CEST49842443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.262409925 CEST49862443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.262439013 CEST443498625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.262562037 CEST49862443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.262861013 CEST49862443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.262887955 CEST443498625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.270008087 CEST49862443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.276520967 CEST443498615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.304564953 CEST49863443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.304594040 CEST443498635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.304912090 CEST49863443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.305291891 CEST49863443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.305327892 CEST443498635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.311872005 CEST49863443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.312542915 CEST443498625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.318799019 CEST443498435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.318928957 CEST49843443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.335105896 CEST49864443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.335124969 CEST443498645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.335273981 CEST49864443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.335647106 CEST49864443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.335671902 CEST443498645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.341541052 CEST49864443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.345190048 CEST443498445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.345261097 CEST49844443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.356513977 CEST443498635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.366302967 CEST49865443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.366328001 CEST443498655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.366430998 CEST49865443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.366694927 CEST49865443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.366720915 CEST443498655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.371635914 CEST49865443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.388493061 CEST443498645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.397793055 CEST49866443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.397814989 CEST443498665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.397917032 CEST49866443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.398542881 CEST49866443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.398567915 CEST443498665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.408288002 CEST49866443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.416498899 CEST443498655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.428975105 CEST49867443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.428993940 CEST443498675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.430054903 CEST49867443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.430417061 CEST49867443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.430443048 CEST443498675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.440262079 CEST49867443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.440808058 CEST443498475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.440941095 CEST49847443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.448543072 CEST443498665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.460108042 CEST49868443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.460135937 CEST443498685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.460242987 CEST49868443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.460539103 CEST49868443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.460566998 CEST443498685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.467674971 CEST443498495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.467726946 CEST49868443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.467781067 CEST49849443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.480520964 CEST443498675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.491631985 CEST49869443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.491653919 CEST443498695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.491766930 CEST49869443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.492094994 CEST49869443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.492120028 CEST443498695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.492815971 CEST49869443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.512516975 CEST443498685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.522634983 CEST49870443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.522659063 CEST443498705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.523196936 CEST49870443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.527427912 CEST49870443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.527427912 CEST49870443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.527456999 CEST443498705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.540510893 CEST443498695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.545715094 CEST443498505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.545780897 CEST49850443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.554964066 CEST49871443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.554994106 CEST443498715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.555078983 CEST49871443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.557425976 CEST443498515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.557482004 CEST49851443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.564351082 CEST49871443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.564424038 CEST443498715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.564531088 CEST49871443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.572499037 CEST443498705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.585423946 CEST49872443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.585491896 CEST443498725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.585556984 CEST49872443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.585838079 CEST49872443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.585872889 CEST443498725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.592032909 CEST49872443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.628418922 CEST49873443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.628473043 CEST443498735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.628546000 CEST49873443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.628799915 CEST49873443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.628823042 CEST443498735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.632523060 CEST443498725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.638963938 CEST49873443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.642632961 CEST443498535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.642694950 CEST49853443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.663444042 CEST443498545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.663506031 CEST49854443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.664676905 CEST49874443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.664693117 CEST443498745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.664756060 CEST49874443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.665000916 CEST49874443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.665015936 CEST443498745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.672327042 CEST49874443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.680505037 CEST443498735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.687829018 CEST443498555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.687891960 CEST49855443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.696033955 CEST49875443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.696079016 CEST443498755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.696146011 CEST49875443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.696372032 CEST49875443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.696403027 CEST443498755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.704721928 CEST49875443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.716507912 CEST443498745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.716737032 CEST443498565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.716794014 CEST49856443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.726490021 CEST49876443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.726514101 CEST443498765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.726582050 CEST49876443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.726938009 CEST49876443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.726963997 CEST443498765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.734277010 CEST49876443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.752497911 CEST443498755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.754178047 CEST443498575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.754231930 CEST49857443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.758410931 CEST49877443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.758440971 CEST443498775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.758512974 CEST49877443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.758850098 CEST49877443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.758876085 CEST443498775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.766100883 CEST49877443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.779031992 CEST443498585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.779099941 CEST49858443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.780494928 CEST443498765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.789555073 CEST49878443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.789582968 CEST443498785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.789645910 CEST49878443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.789978027 CEST49878443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.790020943 CEST443498785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.796711922 CEST49878443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.808516979 CEST443498775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.820025921 CEST49879443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.820061922 CEST443498795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.820674896 CEST49879443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.821086884 CEST49879443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.821120024 CEST443498795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.824455023 CEST49879443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.827239990 CEST443498595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.827308893 CEST49859443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.844500065 CEST443498785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.851505041 CEST49880443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.851548910 CEST443498805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.851605892 CEST49880443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.851865053 CEST49880443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.851893902 CEST443498805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.858702898 CEST49880443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.864526033 CEST443498795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.870745897 CEST443498605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.870810986 CEST49860443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.882165909 CEST49881443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.882230043 CEST443498815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.882347107 CEST49881443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.882571936 CEST49881443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.882587910 CEST443498815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.889863968 CEST49881443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.900544882 CEST443498805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.913089991 CEST443498625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.913177967 CEST49862443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.914659977 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.914686918 CEST443498825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.914757013 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.914990902 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.915016890 CEST443498825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.922399998 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.932519913 CEST443498815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.952250957 CEST443498635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.952347040 CEST49863443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.958185911 CEST49883443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.958250999 CEST443498835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.958318949 CEST49883443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.958745003 CEST49883443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.958775997 CEST443498835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.968523026 CEST443498825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.971517086 CEST443498615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.971611023 CEST49861443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.974282026 CEST49883443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:30.987550020 CEST443498645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:30.987670898 CEST49864443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.007972002 CEST49884443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.007992983 CEST443498845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.008050919 CEST49884443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.008277893 CEST49884443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.008302927 CEST443498845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.015839100 CEST49884443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.020508051 CEST443498835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.032399893 CEST443498655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.032454967 CEST49865443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.038605928 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.038625956 CEST443498855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.038688898 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.038902044 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.038928986 CEST443498855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.043375969 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.060503960 CEST443498845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.071069956 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.071096897 CEST443498865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.071156025 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.071407080 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.071430922 CEST443498865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.083184958 CEST443498665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.083257914 CEST49866443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.084520102 CEST443498855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.085510015 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.117475986 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.117527008 CEST443498875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.117584944 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.117954016 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.117980957 CEST443498875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.130909920 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.132514954 CEST443498865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.141009092 CEST443498685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.141072035 CEST49868443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.148536921 CEST443498695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.148602009 CEST49869443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.164005041 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.164038897 CEST443498885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.164122105 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.164583921 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.164602995 CEST443498885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.173883915 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.176179886 CEST443498675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.176244974 CEST49867443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.176497936 CEST443498875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.195501089 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.195540905 CEST443498895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.195586920 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.195847988 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.195857048 CEST443498895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.197494030 CEST443498705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.197551012 CEST49870443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.203752041 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.216531992 CEST443498885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.226800919 CEST49890443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.226826906 CEST443498905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.226875067 CEST49890443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.227226019 CEST49890443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.227241993 CEST443498905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.235920906 CEST49890443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.248507977 CEST443498895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.258725882 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.258748055 CEST443498915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.258801937 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.259079933 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.259100914 CEST443498915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.263256073 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.280498981 CEST443498905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.280738115 CEST443498735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.280808926 CEST49873443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.288479090 CEST443498725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.288666964 CEST49872443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.298283100 CEST49892443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.298321962 CEST443498925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.298383951 CEST49892443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.298753977 CEST49892443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.298769951 CEST443498925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.304518938 CEST443498915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.309628963 CEST49892443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.314836025 CEST443498745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.314902067 CEST49874443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.336316109 CEST49893443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.336338043 CEST443498935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.336394072 CEST49893443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.336667061 CEST49893443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.336678982 CEST443498935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.346127033 CEST49893443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.352528095 CEST443498925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.367465973 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.367477894 CEST443498945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.367530107 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.367928028 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.367939949 CEST443498945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.371738911 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.374001026 CEST443498755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.374088049 CEST49875443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.388086081 CEST443498765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.388197899 CEST49876443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.388530970 CEST443498935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.398403883 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.398422956 CEST443498955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.398499966 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.398848057 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.398861885 CEST443498955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.405170918 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.408035994 CEST443498775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.408109903 CEST49877443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.412523031 CEST443498945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.428881884 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.428896904 CEST443498965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.428988934 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.429224014 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.429235935 CEST443498965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.436408997 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.444140911 CEST443498785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.444202900 CEST49878443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.452523947 CEST443498955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.461707115 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.461724043 CEST443498975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.461970091 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.462264061 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.462280035 CEST443498975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.470973969 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.480545044 CEST443498965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.491429090 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.491449118 CEST443498985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.491514921 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.491723061 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.491738081 CEST443498985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.496680021 CEST443498795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.496737957 CEST49879443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.501322985 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.511245966 CEST443498805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.511300087 CEST49880443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.512516022 CEST443498975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.524203062 CEST49899443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.524220943 CEST443498995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.524312019 CEST49899443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.524593115 CEST49899443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.524606943 CEST443498995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.537414074 CEST49899443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.540478945 CEST443498815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.540632963 CEST49881443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.548497915 CEST443498985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.564685106 CEST443498825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.564824104 CEST443498825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.564913034 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.564913034 CEST49882443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.569866896 CEST49900443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.569880962 CEST443499005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.570023060 CEST49900443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.570220947 CEST49900443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.570240974 CEST443499005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.575702906 CEST49900443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.584497929 CEST443498995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.601955891 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.601989031 CEST443499015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.602489948 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.602650881 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.602665901 CEST443499015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.609050989 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.612698078 CEST443498835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.612787962 CEST49883443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.620490074 CEST443499005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.634188890 CEST49902443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.634222031 CEST443499025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.634313107 CEST49902443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.637723923 CEST49902443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.637739897 CEST443499025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.639893055 CEST49902443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.652507067 CEST443499015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.656249046 CEST443498845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.656491995 CEST49884443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.673738003 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.673779011 CEST443499035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.673928976 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.674280882 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.674293041 CEST443499035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.683691978 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.684540033 CEST443499025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.699141979 CEST443498855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.699275970 CEST443498855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.699362993 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.699362993 CEST49885443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.711237907 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.711277962 CEST443499045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.711796045 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.712081909 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.712097883 CEST443499045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.718807936 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.728508949 CEST443499035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.734788895 CEST443498865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.734930992 CEST443498865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.738852978 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.738853931 CEST49886443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.742428064 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.742469072 CEST443499055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.742657900 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.742856979 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.742872000 CEST443499055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.748977900 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.764512062 CEST443499045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.768119097 CEST443498875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.768260002 CEST443498875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.768275023 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.768455982 CEST49887443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.772752047 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.772784948 CEST443499065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.773248911 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.773799896 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.773814917 CEST443499065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.781642914 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.792499065 CEST443499055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.804538012 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.804569960 CEST443499075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.804665089 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.804899931 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.804914951 CEST443499075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.806689978 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.820220947 CEST443498885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.820569992 CEST443498885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.825675964 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.825675964 CEST49888443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.828509092 CEST443499065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.836882114 CEST49908443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.836921930 CEST443499085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.837172985 CEST49908443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.837532043 CEST49908443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.837547064 CEST443499085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.839154005 CEST443498895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.839483023 CEST443498895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.839746952 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.839746952 CEST49889443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.845983982 CEST49908443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.852499962 CEST443499075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.867647886 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.867687941 CEST443499095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.868274927 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.868546009 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.868562937 CEST443499095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.875174999 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.880748034 CEST443498905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.880876064 CEST49890443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.892504930 CEST443499085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.911978960 CEST443498915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.912107944 CEST443498915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.912137985 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.912372112 CEST49891443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.913685083 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.913728952 CEST443499105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.913983107 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.914171934 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.914196968 CEST443499105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.916172028 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.916501999 CEST443499095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.945508957 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.945532084 CEST443499115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.945648909 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.945880890 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.945894003 CEST443499115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.952374935 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.956525087 CEST443499105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.964350939 CEST443498925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.964629889 CEST49892443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.976314068 CEST49912443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.976351976 CEST443499125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.976516008 CEST49912443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.977564096 CEST49912443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.977580070 CEST443499125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.992208004 CEST49912443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:31.996509075 CEST443499115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.998123884 CEST443498935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:31.998403072 CEST49893443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.023439884 CEST49913443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.023483992 CEST443499135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.023783922 CEST49913443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.025633097 CEST49913443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.025633097 CEST49913443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.025651932 CEST443499135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.028004885 CEST443498945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.028350115 CEST443498945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.030169010 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.030169010 CEST49894443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.032535076 CEST443499125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.045061111 CEST443498955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.045188904 CEST443498955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.045195103 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.045432091 CEST49895443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.055641890 CEST49914443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.055672884 CEST443499145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.055820942 CEST49914443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.056138992 CEST49914443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.056153059 CEST443499145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.063637972 CEST49914443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.072518110 CEST443499135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.085675955 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.085705996 CEST443499155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.085846901 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.086128950 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.086142063 CEST443499155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.093430996 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.104530096 CEST443499145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.117638111 CEST49916443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.117667913 CEST443499165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.117933989 CEST49916443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.118211031 CEST49916443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.118222952 CEST443499165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.125854969 CEST49916443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.140522957 CEST443499155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.150192976 CEST49917443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.150206089 CEST443499175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.150279045 CEST49917443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.150527954 CEST49917443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.150540113 CEST443499175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.153717995 CEST49917443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.168525934 CEST443499165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.179044008 CEST49918443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.179054022 CEST443499185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.179363966 CEST49918443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.180002928 CEST49918443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.180013895 CEST443499185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.190087080 CEST49918443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.200503111 CEST443499175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.210159063 CEST49919443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.210196972 CEST443499195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.210321903 CEST49919443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.213632107 CEST49919443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.213649035 CEST443499195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.217897892 CEST49919443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.236498117 CEST443499185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.241925001 CEST49920443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.241981983 CEST443499205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.245731115 CEST49920443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.260539055 CEST443499195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.273725986 CEST49921443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.273794889 CEST443499215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.273977041 CEST49921443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.274108887 CEST49921443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.274127960 CEST443499215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.281862974 CEST49921443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.305825949 CEST49922443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.305847883 CEST443499225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.305932999 CEST49922443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.306314945 CEST49922443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.306329012 CEST443499225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.309567928 CEST49922443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.311810970 CEST443498965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.311953068 CEST443498965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.312035084 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.312035084 CEST49896443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.317348957 CEST443499015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.317460060 CEST443499025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.317522049 CEST443499015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.317532063 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.317532063 CEST49902443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.317562103 CEST443498995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.317600965 CEST49901443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.317629099 CEST49899443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.320588112 CEST443498985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.320724010 CEST443498985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.320816040 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.320816040 CEST49898443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.320857048 CEST443498975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.320997953 CEST443498975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.321067095 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.321067095 CEST49897443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.321168900 CEST443499005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.321257114 CEST49900443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.328504086 CEST443499215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.331576109 CEST443499035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.331887007 CEST443499035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.331926107 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.333802938 CEST49903443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.336007118 CEST49923443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.336044073 CEST443499235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.336354017 CEST49923443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.337419987 CEST49923443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.337454081 CEST443499235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.348978996 CEST49923443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.356503963 CEST443499225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.364763021 CEST443499045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.365092039 CEST443499045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.365185976 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.365185976 CEST49904443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.382057905 CEST49924443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.382071018 CEST443499245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.382214069 CEST49924443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.386450052 CEST49924443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.386465073 CEST443499245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.392538071 CEST443499235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.395282030 CEST49924443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.429868937 CEST49925443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.429881096 CEST443499255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.429971933 CEST49925443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.430268049 CEST49925443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.430278063 CEST443499255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.435156107 CEST49925443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.440500021 CEST443499245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.443092108 CEST443499065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.443231106 CEST443499065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.443322897 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.443324089 CEST49906443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.460515022 CEST49926443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.460537910 CEST443499265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.460803032 CEST49926443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.461114883 CEST49926443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.461141109 CEST443499265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.464858055 CEST49926443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.472390890 CEST443499075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.472532034 CEST443499075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.472625971 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.472625971 CEST49907443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.480510950 CEST443499255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.490261078 CEST443499085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.490443945 CEST49908443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.495637894 CEST49927443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.495656967 CEST443499275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.495759010 CEST49927443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.496330023 CEST49927443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.496345043 CEST443499275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.499572039 CEST49927443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.508534908 CEST443499265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.519495964 CEST443499095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.519653082 CEST443499095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.519679070 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.519848108 CEST49909443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.521939993 CEST443499055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.522072077 CEST443499055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.522099018 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.522973061 CEST49928443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.522989988 CEST443499285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.523020983 CEST49905443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.527729988 CEST49928443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.527993917 CEST49928443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.528007984 CEST443499285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.528377056 CEST49928443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.544497013 CEST443499275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.555979013 CEST49929443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.556020021 CEST443499295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.556096077 CEST49929443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.556418896 CEST49929443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.556447029 CEST443499295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.563585043 CEST49929443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.567394018 CEST443499105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.567481041 CEST443499105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.567524910 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.567542076 CEST49910443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.572501898 CEST443499285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.585632086 CEST49930443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.585654974 CEST443499305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.585721970 CEST49930443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.586035967 CEST49930443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.586076021 CEST443499305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.593800068 CEST49930443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.608500957 CEST443499295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.617048025 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.617075920 CEST443499315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.617218971 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.617666006 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.617681980 CEST443499315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.620974064 CEST443499115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.621138096 CEST443499115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.621185064 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.621200085 CEST49911443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.624995947 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.637774944 CEST443499125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.637826920 CEST49912443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.640536070 CEST443499305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.649717093 CEST49932443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.649751902 CEST443499325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.649842978 CEST49932443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.650144100 CEST49932443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.650170088 CEST443499325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.658555031 CEST49932443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.672527075 CEST443499315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.680814028 CEST443499135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.680883884 CEST49913443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.688277006 CEST49933443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.688292027 CEST443499335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.688340902 CEST49933443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.688792944 CEST49933443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.688810110 CEST443499335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.699223995 CEST49933443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.704495907 CEST443499325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.710767984 CEST443499145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.710829020 CEST49914443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.727580070 CEST49934443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.727607965 CEST443499345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.727675915 CEST49934443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.728127003 CEST49934443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.728151083 CEST443499345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.738382101 CEST49934443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.744497061 CEST443499335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.776832104 CEST49935443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.776868105 CEST443499355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.776992083 CEST49935443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.777414083 CEST49935443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.777440071 CEST443499355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.784501076 CEST443499345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.787852049 CEST49935443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.820468903 CEST49936443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.820518970 CEST443499365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.821865082 CEST49936443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.822390079 CEST49936443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.822408915 CEST443499365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.830365896 CEST49936443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.832509995 CEST443499355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.852233887 CEST49937443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.852315903 CEST443499375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.852397919 CEST49937443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.852691889 CEST49937443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.852726936 CEST443499375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.865792990 CEST49937443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.876494884 CEST443499365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.898078918 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.898107052 CEST443499385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.898180008 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.898411036 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.898437023 CEST443499385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.903822899 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.908519983 CEST443499375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.930269003 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.930303097 CEST443499395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.930368900 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.930602074 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.930620909 CEST443499395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.936079979 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.948539019 CEST443499385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.952800989 CEST443499175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.952894926 CEST49917443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.953094959 CEST443499195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.953156948 CEST49919443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.955197096 CEST443499225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.955257893 CEST49922443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.960303068 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.960360050 CEST443499405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.960436106 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.960665941 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.960700035 CEST443499405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.963224888 CEST443499165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.963290930 CEST49916443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.966751099 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.973838091 CEST443499185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.973912954 CEST49918443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.974941969 CEST443499155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.975066900 CEST443499155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.975126982 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.976218939 CEST49915443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.980515003 CEST443499395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.993850946 CEST49941443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.993875980 CEST443499415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.994215965 CEST49941443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.995342970 CEST49941443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:32.995362043 CEST443499415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.997589111 CEST443499215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:32.997663975 CEST49921443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.001630068 CEST443499235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.001686096 CEST49923443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.008512020 CEST443499405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.027746916 CEST49941443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.055473089 CEST443499245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.055592060 CEST49924443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.055803061 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.055830002 CEST443499425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.055881977 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.056194067 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.056212902 CEST443499425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.063460112 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.072493076 CEST443499415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.085969925 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.086014032 CEST443499435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.086276054 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.086549044 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.086579084 CEST443499435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.087066889 CEST443499255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.087131977 CEST49925443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.093733072 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.108509064 CEST443499425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.115652084 CEST443499265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.115750074 CEST49926443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.117626905 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.117655039 CEST443499445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.117721081 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.118033886 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.118058920 CEST443499445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.125430107 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.136523008 CEST443499435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.148508072 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.148531914 CEST443499275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.148540020 CEST443499455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.148597956 CEST49927443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.148612976 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.148983955 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.149003983 CEST443499455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.156712055 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.172542095 CEST443499445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.179858923 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.179888010 CEST443499465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.179970980 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.180288076 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.180305958 CEST443499465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.190541029 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.202845097 CEST443499285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.202912092 CEST49928443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.204509020 CEST443499455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.209727049 CEST443499295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.209788084 CEST49929443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.211971998 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.212004900 CEST443499475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.212090015 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.212353945 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.212377071 CEST443499475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.219654083 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.236495018 CEST443499465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.246448994 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.246479988 CEST443499485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.246551991 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.246881008 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.246898890 CEST443499485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.251117945 CEST443499305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.251236916 CEST49930443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.260530949 CEST443499475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.261173964 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.273221970 CEST443499315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.273317099 CEST443499315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.273370028 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.273370981 CEST49931443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.290649891 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.290671110 CEST443499495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.290733099 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.290998936 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.291024923 CEST443499495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.298506021 CEST443499325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.298568010 CEST49932443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.308495045 CEST443499485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.310209036 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.340657949 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.340684891 CEST443499505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.340743065 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.341104031 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.341130972 CEST443499505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.356499910 CEST443499495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.368295908 CEST443499335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.368371010 CEST49933443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.380647898 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.404769897 CEST443499345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.404830933 CEST49934443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.416332960 CEST49951443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.416364908 CEST443499515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.416511059 CEST49951443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.416740894 CEST49951443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.416760921 CEST443499515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.428513050 CEST443499505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.438160896 CEST443499355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.438266993 CEST49935443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.458015919 CEST49951443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.471982956 CEST443499365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.472040892 CEST49936443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.495320082 CEST49952443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.495420933 CEST443499525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.495486975 CEST49952443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.495778084 CEST49952443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.495814085 CEST443499525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.504508972 CEST443499515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.509469986 CEST443499375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.509568930 CEST49937443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.541060925 CEST49952443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.555641890 CEST443499385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.555757046 CEST443499385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.555851936 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.555851936 CEST49938443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.570208073 CEST49953443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.570250988 CEST443499535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.570327044 CEST49953443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.570594072 CEST49953443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.570609093 CEST443499535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.572772980 CEST443499395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.572865009 CEST443499395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.572959900 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.572959900 CEST49939443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.576710939 CEST49953443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.584542990 CEST443499525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.601686954 CEST49954443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.601701021 CEST443499545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.601803064 CEST49954443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.602744102 CEST49954443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.602757931 CEST443499545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.606611967 CEST443499405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.606929064 CEST443499405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.607012033 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.607012033 CEST49940443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.618482113 CEST49954443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.620526075 CEST443499535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.648714066 CEST49955443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.648767948 CEST443499555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.648991108 CEST49955443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.649369955 CEST49955443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.649399042 CEST443499555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.659135103 CEST49955443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.660712004 CEST443499415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.660795927 CEST49941443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.664505959 CEST443499545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.679126978 CEST49956443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.679163933 CEST443499565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.682934046 CEST49956443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.704507113 CEST443499555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.713917971 CEST49957443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.713973999 CEST443499575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.718244076 CEST49957443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.722243071 CEST49957443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.722243071 CEST49957443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.722291946 CEST443499575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.726125002 CEST443499425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.726464033 CEST443499425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.726557016 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.726557016 CEST49942443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.740521908 CEST443499435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.740837097 CEST443499435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.743715048 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.743715048 CEST49943443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.764522076 CEST443499575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.765587091 CEST443499445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.765746117 CEST443499445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.765827894 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.765827894 CEST49944443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.820641994 CEST443499455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.820971966 CEST443499455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.825035095 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.825035095 CEST49945443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.832695007 CEST443499465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.832845926 CEST443499465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.835526943 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.835526943 CEST49946443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.835906982 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.835953951 CEST443499585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.836123943 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.838042021 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.838068962 CEST443499585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.842196941 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.866302013 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.866379976 CEST443499595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.867105961 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.869684935 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.869702101 CEST443499595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.872090101 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.873656034 CEST443499475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.873989105 CEST443499475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.874068022 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.874068975 CEST49947443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.888545990 CEST443499585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.897655964 CEST49960443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.897680998 CEST443499605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.898854971 CEST49960443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.900500059 CEST49960443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.900500059 CEST49960443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.900507927 CEST443499605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.916543007 CEST443499595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.919338942 CEST443499485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.919666052 CEST443499485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.922593117 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.922593117 CEST49948443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.930072069 CEST49961443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.930136919 CEST443499615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.935731888 CEST49961443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.944540977 CEST443499605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.958586931 CEST443499495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.958934069 CEST443499495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.961998940 CEST49962443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.962032080 CEST443499625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.962038040 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.962038040 CEST49949443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.962133884 CEST49962443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.966634989 CEST49962443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.966634989 CEST49962443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.966671944 CEST443499625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.997081041 CEST49963443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:33.997107029 CEST443499635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:33.997313023 CEST49963443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.005156040 CEST443499505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.005458117 CEST443499505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.005539894 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.005539894 CEST49950443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.008510113 CEST443499625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.023530960 CEST49964443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.023565054 CEST443499645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.023731947 CEST49964443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.027642965 CEST49964443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.027677059 CEST443499645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.030800104 CEST49964443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.055465937 CEST49965443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.055481911 CEST443499655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.059735060 CEST49965443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.060426950 CEST49965443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.060426950 CEST49965443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.060441017 CEST443499655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.072540045 CEST443499645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.085464001 CEST49966443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.085473061 CEST443499665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.086586952 CEST49966443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.086957932 CEST49966443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.086966991 CEST443499665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.091787100 CEST443499515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.091825962 CEST49966443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.091866016 CEST49951443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.100548029 CEST443499655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.119653940 CEST49967443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.119697094 CEST443499675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.120227098 CEST49967443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.132505894 CEST443499665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.148195028 CEST443499525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.148250103 CEST49968443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.148271084 CEST443499685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.148300886 CEST49952443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.148402929 CEST49968443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.148644924 CEST49968443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.148654938 CEST443499685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.154216051 CEST49968443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.179745913 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.179780960 CEST443499695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.179949045 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.180495977 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.180514097 CEST443499695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.187172890 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.196521044 CEST443499685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.210319996 CEST49970443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.210333109 CEST443499705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.210762978 CEST49970443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.210762978 CEST49970443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.210786104 CEST443499705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.215351105 CEST443499535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.215421915 CEST49953443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.215464115 CEST49970443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.228528023 CEST443499695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.241081953 CEST49971443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.241101027 CEST443499715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.241247892 CEST49971443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.241492033 CEST49971443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.241503000 CEST443499715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.251027107 CEST49971443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.260497093 CEST443499705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.269121885 CEST443499545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.269203901 CEST49954443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.272509098 CEST49972443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.272530079 CEST443499725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.272866011 CEST49972443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.272866964 CEST49972443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.272886992 CEST443499725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.278284073 CEST49972443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.292526007 CEST443499715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.304496050 CEST49973443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.304512978 CEST443499735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.304608107 CEST49973443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.305032015 CEST49973443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.305039883 CEST443499735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.310360909 CEST49973443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.311093092 CEST443499555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.311217070 CEST49955443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.320514917 CEST443499725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.339632034 CEST49974443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.339641094 CEST443499745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.339762926 CEST49974443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.356537104 CEST443499735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.366786957 CEST49975443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.366800070 CEST443499755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.366966009 CEST49975443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.367506027 CEST49975443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.367518902 CEST443499755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.369091034 CEST443499575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.369178057 CEST49957443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.373999119 CEST49975443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.398705959 CEST49976443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.398725986 CEST443499765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.398889065 CEST49976443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.399297953 CEST49976443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.399310112 CEST443499765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.404966116 CEST49976443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.416541100 CEST443499755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.429573059 CEST49977443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.429591894 CEST443499775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.431684017 CEST49977443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.432485104 CEST49977443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.432492971 CEST443499775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.437223911 CEST49977443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.448509932 CEST443499765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.460282087 CEST49978443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.460289001 CEST443499785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.460391045 CEST49978443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.460726023 CEST49978443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.460731983 CEST443499785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.465998888 CEST49978443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.484498024 CEST443499775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.488058090 CEST443499585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.488399029 CEST443499585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.488703966 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.488703966 CEST49958443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.491810083 CEST49979443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.491832018 CEST443499795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.491980076 CEST49979443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.492232084 CEST49979443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.492252111 CEST443499795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.499428988 CEST49979443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.512496948 CEST443499785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.523633003 CEST49980443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.523649931 CEST443499805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.523771048 CEST49980443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.524091959 CEST49980443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.524101019 CEST443499805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.534152985 CEST49980443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.539197922 CEST443499595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.539508104 CEST443499595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.539623976 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.539624929 CEST49959443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.544496059 CEST443499795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.556760073 CEST49981443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.556790113 CEST443499815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.556936979 CEST49981443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.557226896 CEST49981443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.557240009 CEST443499815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.564659119 CEST443499605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.564735889 CEST49960443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.571705103 CEST49981443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.580518007 CEST443499805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.600773096 CEST49982443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.600789070 CEST443499825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.600852013 CEST49982443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.601064920 CEST49982443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.601077080 CEST443499825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.608495951 CEST49982443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.616497040 CEST443499815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.633455992 CEST49983443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.633472919 CEST443499835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.633531094 CEST49983443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.633810997 CEST49983443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.633821011 CEST443499835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.637010098 CEST443499625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.637068033 CEST49962443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.640966892 CEST49983443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.652523994 CEST443499825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.663933992 CEST49984443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.664036036 CEST443499845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.664109945 CEST49984443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.664377928 CEST49984443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.664413929 CEST443499845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.666970015 CEST49984443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.684534073 CEST443499835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.696559906 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.696640015 CEST443499855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.696711063 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.696962118 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.696995974 CEST443499855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.703879118 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.707710981 CEST443499645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.707779884 CEST49964443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.712522030 CEST443499845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.725613117 CEST443499655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.725678921 CEST49965443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.734669924 CEST49986443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.734693050 CEST443499865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.734760046 CEST49986443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.735061884 CEST49986443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.735085964 CEST443499865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.743258953 CEST49986443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.744518042 CEST443499855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.755958080 CEST443499665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.756021023 CEST49966443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.774048090 CEST49987443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.774069071 CEST443499875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.774135113 CEST49987443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.774512053 CEST49987443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.774524927 CEST443499875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.777115107 CEST49987443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.784543991 CEST443499865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.805108070 CEST49988443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.805140972 CEST443499885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.805208921 CEST49988443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.805502892 CEST49988443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.805527925 CEST443499885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.813384056 CEST49988443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.815864086 CEST443499685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.815946102 CEST49968443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.824501991 CEST443499875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.835206985 CEST49989443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.835231066 CEST443499895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.835314989 CEST49989443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.835571051 CEST49989443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.835587025 CEST443499895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.839355946 CEST443499695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.839694023 CEST443499695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.839745045 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.839764118 CEST49969443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.842283010 CEST49989443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.860510111 CEST443499885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.866679907 CEST49990443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.866760969 CEST443499905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.866844893 CEST49990443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.867079020 CEST49990443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.867115974 CEST443499905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.872586012 CEST49990443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.876965046 CEST443499705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.877046108 CEST49970443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.888545990 CEST443499895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.897891998 CEST49991443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.897913933 CEST443499915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.897988081 CEST49991443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.898257971 CEST49991443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.898281097 CEST443499915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.904841900 CEST49991443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.905183077 CEST443499715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.905251980 CEST49971443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.913608074 CEST443499725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.913691044 CEST49972443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.916534901 CEST443499905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.928661108 CEST49992443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.928678036 CEST443499925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.928767920 CEST49992443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.929018021 CEST49992443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.929042101 CEST443499925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.935165882 CEST49992443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.948508024 CEST443499915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.961044073 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.961119890 CEST443499935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.961201906 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.961436987 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.961476088 CEST443499935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.965451956 CEST443499735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.965528965 CEST49973443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.967044115 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.980541945 CEST443499925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.991293907 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.991333008 CEST443499945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.991405964 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.991642952 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:34.991671085 CEST443499945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:34.994324923 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.012542009 CEST443499935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.022439957 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.022480965 CEST443499955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.022557020 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.022751093 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.022773027 CEST443499955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.027573109 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.031131983 CEST443499755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.031200886 CEST49975443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.040523052 CEST443499945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.053874016 CEST49996443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.053939104 CEST443499965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.054017067 CEST49996443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.054677963 CEST49996443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.054713011 CEST443499965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.055057049 CEST443499765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.055113077 CEST49976443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.062660933 CEST49996443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.072500944 CEST443499955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.095590115 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.095608950 CEST443499975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.095685005 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.096045971 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.096071959 CEST443499975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.104553938 CEST443499965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.107418060 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.107564926 CEST443499775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.107624054 CEST49977443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.124763966 CEST443499785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.124804974 CEST49978443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.133306026 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.133322954 CEST443499985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.133397102 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.133909941 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.133932114 CEST443499985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.145262957 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.148513079 CEST443499975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.179392099 CEST49999443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.179476023 CEST443499995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.179546118 CEST49999443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.180049896 CEST49999443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.180133104 CEST443499995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.185398102 CEST443499805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.185668945 CEST49980443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.188055992 CEST49999443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.190654993 CEST443499795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.190721989 CEST49979443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.192503929 CEST443499985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.212460041 CEST50000443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.212507963 CEST443500005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.212762117 CEST50000443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.213082075 CEST50000443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.213105917 CEST443500005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.217984915 CEST50000443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.228538990 CEST443499995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.230550051 CEST443499815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.230631113 CEST49981443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.239092112 CEST443499825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.239135027 CEST49982443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.243279934 CEST50001443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.243319035 CEST443500015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.243374109 CEST50001443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.243896008 CEST50001443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.243916035 CEST443500015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.260510921 CEST443500005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.260711908 CEST50001443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.289515018 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.289527893 CEST443500025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.289599895 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.289975882 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.289993048 CEST443500025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.298074961 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.303615093 CEST443499835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.303679943 CEST49983443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.308505058 CEST443500015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.319608927 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.319647074 CEST443500035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.319746017 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.320035934 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.320054054 CEST443500035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.324186087 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.340540886 CEST443500025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.351479053 CEST443499845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.351550102 CEST49984443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.352499008 CEST50004443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.352509022 CEST443500045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.352569103 CEST50004443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.352926970 CEST50004443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.352941990 CEST443500045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.361320019 CEST50004443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.364536047 CEST443500035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.372817993 CEST443499855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.372900009 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.372925043 CEST443499855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.372987032 CEST49985443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.384651899 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.384669065 CEST443500055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.384720087 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.384952068 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.384967089 CEST443500055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.393712044 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.401242971 CEST443499865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.401305914 CEST49986443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.404542923 CEST443500045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.422319889 CEST50006443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.422339916 CEST443500065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.422426939 CEST50006443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.422729969 CEST50006443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.422755957 CEST443500065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.427474976 CEST50006443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.435905933 CEST443499875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.436027050 CEST49987443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.436501980 CEST443500055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.460850000 CEST50007443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.460865021 CEST443500075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.460957050 CEST50007443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.461250067 CEST50007443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.461261034 CEST443500075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.467772007 CEST50007443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.472090006 CEST443499885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.472151995 CEST49988443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.472502947 CEST443500065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.491760969 CEST443499895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.491843939 CEST49989443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.492033005 CEST50008443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.492042065 CEST443500085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.492099047 CEST50008443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.492458105 CEST50008443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.492470980 CEST443500085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.499932051 CEST50008443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.512526035 CEST443500075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.517467022 CEST443499905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.517524958 CEST49990443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.523058891 CEST50009443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.523071051 CEST443500095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.523130894 CEST50009443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.523453951 CEST50009443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.523468018 CEST443500095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.532665014 CEST50009443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.540512085 CEST443500085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.554507017 CEST50010443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.554527044 CEST443500105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.555711031 CEST50010443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.555954933 CEST50010443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.555969000 CEST443500105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.560040951 CEST443499915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.560143948 CEST49991443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.562316895 CEST50010443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.576498032 CEST443500095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.586385965 CEST443499925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.586534023 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.586549997 CEST443500115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.586582899 CEST49992443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.586639881 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.587637901 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.587651014 CEST443500115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.591636896 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.608505964 CEST443500105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.619642019 CEST50012443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.619652987 CEST443500125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.619833946 CEST50012443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.622509956 CEST50012443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.622509956 CEST50012443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.622526884 CEST443500125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.623498917 CEST443499935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.623615026 CEST443499935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.623682022 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.623682976 CEST49993443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.632503986 CEST443500115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.651360035 CEST50013443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.651369095 CEST443500135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.651437044 CEST50013443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.660943985 CEST443499945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.661252022 CEST443499945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.663686037 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.663686991 CEST49994443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.668515921 CEST443500125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.669838905 CEST443499955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.669980049 CEST443499955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.670051098 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.670051098 CEST49995443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.678361893 CEST50014443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.678383112 CEST443500145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.679732084 CEST50014443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.679896116 CEST50014443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.679913044 CEST443500145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.684092045 CEST50014443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.709939957 CEST443499965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.709984064 CEST50015443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.709994078 CEST443500155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.710077047 CEST50015443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.710077047 CEST49996443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.710351944 CEST50015443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.710365057 CEST443500155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.716119051 CEST50015443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.724525928 CEST443500145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.743643999 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.743686914 CEST443500165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.743869066 CEST443499975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.744018078 CEST443499975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.744030952 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.744040012 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.744122982 CEST49997443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.746609926 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.746611118 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.746629953 CEST443500165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.756542921 CEST443500155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.779643059 CEST50017443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.779685020 CEST443500175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.783965111 CEST50017443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.783965111 CEST50017443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.783993959 CEST443500175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.788338900 CEST443499985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.788710117 CEST443499985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.788784981 CEST50017443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.788800001 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.788800001 CEST49998443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.792496920 CEST443500165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.819648981 CEST50018443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.819674015 CEST443500185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.819875956 CEST50018443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.824592113 CEST50018443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.824621916 CEST443500185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.827826023 CEST50018443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.828447104 CEST443499995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.828516006 CEST49999443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.832545042 CEST443500175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.850524902 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.850573063 CEST443500195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.851748943 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.851874113 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.851901054 CEST443500195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.857140064 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.868525028 CEST443500185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.879581928 CEST443500005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.879693031 CEST50000443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.883639097 CEST50020443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.883647919 CEST443500205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.883709908 CEST50020443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.883961916 CEST50020443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.883970976 CEST443500205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.888063908 CEST50020443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.900537014 CEST443500195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.912837029 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.912861109 CEST443500215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.915703058 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.915935993 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.915960073 CEST443500215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.919265032 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.928606033 CEST443500205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.928674936 CEST443500015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.928843021 CEST50001443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.942224979 CEST443500025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.942553043 CEST443500025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.942656994 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.942656994 CEST50002443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.945020914 CEST50022443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.945055962 CEST443500225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.945341110 CEST50022443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.945722103 CEST50022443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.945744991 CEST443500225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.952112913 CEST50022443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.960542917 CEST443500215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.975893021 CEST50023443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.975903034 CEST443500235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.976142883 CEST50023443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.976341009 CEST50023443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.976350069 CEST443500235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.979641914 CEST50023443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.982837915 CEST443500035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.983171940 CEST443500035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:35.983256102 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.983257055 CEST50003443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:35.996535063 CEST443500225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.006958961 CEST50024443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.006978989 CEST443500245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.007693052 CEST50024443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.007968903 CEST50024443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.007989883 CEST443500245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.015642881 CEST50024443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.021972895 CEST443500045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.022192001 CEST50004443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.024543047 CEST443500235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.037988901 CEST50025443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.038017035 CEST443500255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.039767981 CEST50025443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.040076971 CEST50025443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.040100098 CEST443500255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.043622971 CEST50025443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.047991037 CEST443500055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.048130035 CEST443500055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.048130989 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.048280001 CEST50005443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.056574106 CEST443500245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.069731951 CEST50026443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.069751024 CEST443500265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.071681023 CEST50026443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.071957111 CEST50026443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.071980000 CEST443500265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.079648018 CEST50026443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.084520102 CEST443500255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.101983070 CEST443500065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.102036953 CEST50027443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.102072001 CEST50006443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.102116108 CEST443500275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.102216005 CEST50027443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.102471113 CEST50027443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.102504015 CEST443500275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.111089945 CEST50027443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.124526978 CEST443500265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.147928953 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.147955894 CEST443500285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.148045063 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.148367882 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.148390055 CEST443500285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.152542114 CEST443500275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.155648947 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.179153919 CEST50029443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.179178953 CEST443500295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.179260969 CEST50029443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.179599047 CEST50029443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.179609060 CEST443500295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.185107946 CEST50029443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.200494051 CEST443500285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.211585999 CEST50030443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.211610079 CEST443500305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.212013960 CEST50030443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.212249041 CEST50030443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.212270975 CEST443500305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.219677925 CEST50030443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.232512951 CEST443500295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.242094040 CEST50031443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.242122889 CEST443500315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.242295027 CEST50031443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.242610931 CEST50031443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.242634058 CEST443500315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.247186899 CEST50031443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.260540009 CEST443500305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.272573948 CEST50032443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.272593975 CEST443500325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.272744894 CEST50032443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.272952080 CEST50032443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.272958994 CEST443500325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.279750109 CEST50032443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.288522005 CEST443500315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.303643942 CEST50033443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.303673029 CEST443500335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.304104090 CEST50033443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.304889917 CEST50033443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.304899931 CEST443500335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.305593967 CEST50033443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.320538044 CEST443500325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.335290909 CEST50034443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.335314035 CEST443500345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.335570097 CEST50034443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.335968018 CEST50034443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.335978031 CEST443500345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.341193914 CEST50034443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.352489948 CEST443500335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.367191076 CEST50035443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.367207050 CEST443500355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.367342949 CEST50035443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.367528915 CEST50035443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.367539883 CEST443500355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.372870922 CEST50035443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.388525963 CEST443500345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.399669886 CEST50036443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.399682999 CEST443500365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.400029898 CEST50036443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.400182009 CEST50036443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.400191069 CEST443500365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.403634071 CEST50036443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.420506954 CEST443500355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.444528103 CEST443500365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.477416039 CEST50037443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.477449894 CEST443500375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.477624893 CEST50037443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.483000040 CEST443500145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.483104944 CEST50014443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.483203888 CEST443500095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.483306885 CEST50009443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.483814001 CEST443500115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.483963966 CEST443500115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.487673998 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.487673998 CEST50011443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488164902 CEST443500125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488192081 CEST443500075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488195896 CEST443500085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488256931 CEST50008443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488257885 CEST50012443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488293886 CEST50007443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488455057 CEST443500155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488518953 CEST50015443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488533020 CEST443500165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488636971 CEST443500175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488765955 CEST443500165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488780975 CEST443500105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488831043 CEST50017443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488848925 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488848925 CEST50016443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.488930941 CEST443500185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.488959074 CEST50010443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.489010096 CEST50018443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.504731894 CEST443500195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.504821062 CEST443500195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.504832983 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.505058050 CEST50019443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.507632971 CEST50038443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.507654905 CEST443500385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.507740974 CEST50038443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.508256912 CEST50038443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.508265972 CEST443500385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.514657021 CEST50038443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.532896042 CEST443500205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.533020020 CEST50020443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.556530952 CEST443500385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.571863890 CEST50039443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.571886063 CEST443500395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.572047949 CEST50039443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.572493076 CEST50039443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.572499990 CEST443500395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.596307993 CEST443500215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.596410036 CEST443500215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.596477032 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.596477032 CEST50021443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.599709034 CEST50039443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.610546112 CEST443500225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.610749006 CEST50022443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.633343935 CEST50040443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.633361101 CEST443500405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.633465052 CEST50040443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.633708000 CEST50040443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.633718014 CEST443500405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.640531063 CEST443500395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.646708965 CEST443500235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.646771908 CEST50023443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.649331093 CEST50040443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.655982018 CEST443500245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.656163931 CEST50024443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.680203915 CEST50041443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.680224895 CEST443500415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.680270910 CEST50041443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.680574894 CEST50041443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.680587053 CEST443500415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.689609051 CEST50041443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.696505070 CEST443500405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.698939085 CEST443500255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.699013948 CEST50025443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.712528944 CEST50042443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.712538004 CEST443500425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.712609053 CEST50042443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.712816000 CEST50042443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.712825060 CEST443500425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.721385956 CEST50042443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.727793932 CEST443500265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.727854967 CEST50026443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.736505985 CEST443500415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.742923021 CEST50043443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.742939949 CEST443500435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.742985010 CEST50043443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.743237972 CEST50043443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.743248940 CEST443500435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.747769117 CEST50043443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.764571905 CEST443500425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.769993067 CEST443500275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.770041943 CEST50027443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.777822018 CEST50044443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.777833939 CEST443500445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.777884007 CEST50044443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.778481007 CEST50044443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.778491974 CEST443500445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.788536072 CEST443500435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.797749996 CEST50044443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.825278997 CEST50045443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.825309992 CEST443500455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.825366020 CEST50045443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.825715065 CEST50045443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.825723886 CEST443500455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.840008974 CEST50045443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.840590000 CEST443500445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.868896008 CEST50046443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.868908882 CEST443500465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.869088888 CEST50046443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.869348049 CEST50046443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.869357109 CEST443500465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.877101898 CEST50046443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.880527973 CEST443500455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.898979902 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.898994923 CEST443500475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.899051905 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.899497986 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.899507999 CEST443500475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.917365074 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.920523882 CEST443500465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.945331097 CEST50048443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.945362091 CEST443500485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.945425034 CEST50048443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.945691109 CEST50048443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.945704937 CEST443500485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.954993963 CEST50048443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.964502096 CEST443500475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.976083040 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.976164103 CEST443500495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.976237059 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.976526022 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.976562023 CEST443500495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:36.985126019 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:36.996551037 CEST443500485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.007694006 CEST50050443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.007704020 CEST443500505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.007802963 CEST50050443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.008073092 CEST50050443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.008085966 CEST443500505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.014561892 CEST50050443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.032532930 CEST443500495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.038683891 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.038696051 CEST443500515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.038758993 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.038990021 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.039000034 CEST443500515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.044971943 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.056528091 CEST443500505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.069560051 CEST50052443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.069587946 CEST443500525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.069673061 CEST50052443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.069906950 CEST50052443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.069931984 CEST443500525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.071402073 CEST50052443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.092546940 CEST443500515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.104423046 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.104449034 CEST443500535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.104531050 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.104757071 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.104779959 CEST443500535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.112575054 CEST443500525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.118027925 CEST443500325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.118082047 CEST50032443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.121083975 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.122245073 CEST443500365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.122289896 CEST50036443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.125236034 CEST443500355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.125293970 CEST50035443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.125823975 CEST443500345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.125833988 CEST443500295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.125876904 CEST50034443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.125895977 CEST50029443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.135324001 CEST443500315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.135409117 CEST50031443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.136822939 CEST443500305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.136895895 CEST50030443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.137758970 CEST443500335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.137876987 CEST50033443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.146130085 CEST443500285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.146454096 CEST443500285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.146518946 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.146575928 CEST50028443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.154963017 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.154989004 CEST443500545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.155122042 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.155642986 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.155669928 CEST443500545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.160705090 CEST443500385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.160798073 CEST50038443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.168515921 CEST443500535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.186609030 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.213205099 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.213242054 CEST443500555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.213356018 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.213651896 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.213670969 CEST443500555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.229636908 CEST443500395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.229737997 CEST50039443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.232501030 CEST443500545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.232743025 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.258964062 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.259042025 CEST443500565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.259120941 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.259433031 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.259466887 CEST443500565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.276530027 CEST443500555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.277781963 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.305073023 CEST50057443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.305151939 CEST443500575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.305228949 CEST50057443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.305454016 CEST50057443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.305490971 CEST443500575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.309487104 CEST50057443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.316998959 CEST443500405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.317054987 CEST50040443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.324495077 CEST443500565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.335055113 CEST443500415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.335129976 CEST50041443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.336563110 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.336590052 CEST443500585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.336663008 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.336879969 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.336894989 CEST443500585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.345458984 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.356518030 CEST443500575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.367546082 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.367623091 CEST443500595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.367691994 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.367964029 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.368020058 CEST443500595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.377343893 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.392538071 CEST443500585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.395993948 CEST443500425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.396058083 CEST50042443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.398235083 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.398329973 CEST443500605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.398392916 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.398660898 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.398699045 CEST443500605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.408154964 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.413464069 CEST443500435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.413522959 CEST50043443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.424581051 CEST443500595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.428985119 CEST50061443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.429023027 CEST443500615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.429280996 CEST50061443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.429332972 CEST50061443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.429347038 CEST443500615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.435935020 CEST50061443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.440303087 CEST443500445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.440355062 CEST50044443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.452573061 CEST443500605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.460558891 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.460638046 CEST443500625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.460731030 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.460999966 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.461034060 CEST443500625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.467124939 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.476543903 CEST443500615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.490797043 CEST443500455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.490880966 CEST50045443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.502509117 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.502584934 CEST443500635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.502674103 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.503077984 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.503113985 CEST443500635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.512545109 CEST443500625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.516388893 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.540148020 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.540188074 CEST443500645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.540281057 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.540597916 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.540612936 CEST443500645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.540631056 CEST443500465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.540724039 CEST50046443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.547956944 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.556821108 CEST443500475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.557152987 CEST443500475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.557221889 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.557221889 CEST50047443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.560512066 CEST443500635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.571655035 CEST50065443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.571693897 CEST443500655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.571945906 CEST50065443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.572177887 CEST50065443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.572196007 CEST443500655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.576368093 CEST50065443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.592546940 CEST443500645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.601110935 CEST443500485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.601193905 CEST50048443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.601809025 CEST50066443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.601833105 CEST443500665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.602390051 CEST50066443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.602653027 CEST50066443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.602668047 CEST443500665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.608589888 CEST50066443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.616542101 CEST443500655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.632117987 CEST50067443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.632129908 CEST443500675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.632356882 CEST50067443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.632786036 CEST50067443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.632798910 CEST443500675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.635643959 CEST50067443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.637161970 CEST443500495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.637265921 CEST443500495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.637351036 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.637351036 CEST50049443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.656529903 CEST443500665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.660130024 CEST443500505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.660228014 CEST50050443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.663352966 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.663378954 CEST443500685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.663686037 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.663913012 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.663928032 CEST443500685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.668946028 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.680526018 CEST443500675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.695646048 CEST50069443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.695660114 CEST443500695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.695791960 CEST50069443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.696012974 CEST50069443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.696027040 CEST443500695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.699646950 CEST50069443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.706265926 CEST443500515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.706574917 CEST443500515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.706659079 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.706659079 CEST50051443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.712539911 CEST443500685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.725701094 CEST50070443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.725709915 CEST443500705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.725970030 CEST443500525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.726058006 CEST50070443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.726058960 CEST50052443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.726288080 CEST50070443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.726301908 CEST443500705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.731194019 CEST50070443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.744515896 CEST443500695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.749038935 CEST443500535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.749125957 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.749133110 CEST443500535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.749905109 CEST50053443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.757333040 CEST50071443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.757349968 CEST443500715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.759814024 CEST50071443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.759932995 CEST50071443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.759948015 CEST443500715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.763767958 CEST50071443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.776514053 CEST443500705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.791650057 CEST50072443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.791666985 CEST443500725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.791747093 CEST50072443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.792120934 CEST50072443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.792135954 CEST443500725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.795645952 CEST50072443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.808547974 CEST443500715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.823646069 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.823654890 CEST443500735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.824533939 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.825961113 CEST443500545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.826334953 CEST443500545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.826546907 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.826548100 CEST50054443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.828527927 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.828541994 CEST443500735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.838886023 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.840518951 CEST443500725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.867662907 CEST50074443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.867695093 CEST443500745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.871767998 CEST50074443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.872068882 CEST50074443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.872087002 CEST443500745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.872751951 CEST50074443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.884496927 CEST443500735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.889152050 CEST443500555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.889472008 CEST443500555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.889554024 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.889554024 CEST50055443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.897361994 CEST50075443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.897377014 CEST443500755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.897440910 CEST50075443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.897644997 CEST50075443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.897660017 CEST443500755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.903728962 CEST50075443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.920506954 CEST443500745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.928694963 CEST50076443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.928703070 CEST443500765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.928838968 CEST50076443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.929007053 CEST50076443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.929018974 CEST443500765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.934334040 CEST50076443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.940376043 CEST443500565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.940781116 CEST443500565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.943799019 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.943799019 CEST50056443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.948502064 CEST443500755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.959980011 CEST50077443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.960000992 CEST443500775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.963733912 CEST50077443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.971595049 CEST443500575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.971751928 CEST50057443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.980540991 CEST443500765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.991648912 CEST50078443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.991657972 CEST443500785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.995881081 CEST50078443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.995881081 CEST50078443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.996001959 CEST443500785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.996129036 CEST50078443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.997792959 CEST443500585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.998132944 CEST443500585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:37.998320103 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:37.998321056 CEST50058443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.022089005 CEST50079443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.022098064 CEST443500795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.023802996 CEST443500595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.023853064 CEST50079443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.024118900 CEST443500595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.024158001 CEST50079443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.024172068 CEST443500795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.024195910 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.024195910 CEST50059443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.026746988 CEST50079443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.055654049 CEST50080443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.055728912 CEST443500805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.055902958 CEST50080443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.056088924 CEST50080443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.056117058 CEST443500805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.058784962 CEST50080443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.072527885 CEST443500795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.080748081 CEST443500605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.080885887 CEST443500605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.081337929 CEST443500615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.081425905 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.081427097 CEST50060443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.081518888 CEST50061443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.085423946 CEST50081443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.085505962 CEST443500815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.087762117 CEST50081443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.087924957 CEST50081443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.087955952 CEST443500815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.090368032 CEST50081443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.100517035 CEST443500805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.116580009 CEST50082443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.116601944 CEST443500825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.116936922 CEST50082443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.117158890 CEST50082443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.117181063 CEST443500825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.123668909 CEST50082443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.132528067 CEST443500815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.147898912 CEST50083443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.147927046 CEST443500835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.148008108 CEST50083443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.151684999 CEST50083443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.151710033 CEST443500835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.155461073 CEST50083443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.164879084 CEST443500635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.165225983 CEST443500635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.165318966 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.165319920 CEST50063443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.168515921 CEST443500825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.179661989 CEST50084443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.179723978 CEST443500845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.179831982 CEST50084443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.180738926 CEST50084443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.180740118 CEST50084443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.180773020 CEST443500845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.200524092 CEST443500835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.203823090 CEST443500645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.204133987 CEST443500645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.204210043 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.204210043 CEST50064443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.211648941 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.211677074 CEST443500855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.211775064 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.212342024 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.212366104 CEST443500855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.213864088 CEST443500655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.213989973 CEST50065443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.217571974 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.217677116 CEST443500625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.217781067 CEST443500625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.217912912 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.217912912 CEST50062443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.228523970 CEST443500845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.240988970 CEST50086443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.241010904 CEST443500865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.243691921 CEST50086443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.244012117 CEST50086443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.244035959 CEST443500865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.247647047 CEST50086443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.260546923 CEST443500855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.275767088 CEST50087443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.275846958 CEST443500875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.275985003 CEST50087443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.277013063 CEST50087443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.277013063 CEST50087443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.277050972 CEST443500875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.288522005 CEST443500865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.303647041 CEST50088443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.303668976 CEST443500885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.304040909 CEST50088443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.304040909 CEST50088443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.304096937 CEST443500885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.307665110 CEST443500675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.307955027 CEST50067443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.308753014 CEST50088443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.318000078 CEST443500685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.318089008 CEST443500685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.318110943 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.318666935 CEST50068443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.324510098 CEST443500875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.335678101 CEST50089443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.335704088 CEST443500895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.335920095 CEST50089443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.339653015 CEST50089443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.339678049 CEST443500895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.339956045 CEST50089443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.356498957 CEST443500885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.365297079 CEST443500695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.365427971 CEST50069443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.367646933 CEST50090443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.367682934 CEST443500905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.367854118 CEST50090443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.370466948 CEST443500665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.370512009 CEST50090443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.370534897 CEST443500905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.370549917 CEST50066443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.371646881 CEST50090443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.376405001 CEST443500705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.376621962 CEST50070443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.384500027 CEST443500895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.397520065 CEST50091443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.397599936 CEST443500915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.399704933 CEST50091443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.399879932 CEST50091443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.399945021 CEST443500915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.400207996 CEST50091443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.411653996 CEST443500715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.411780119 CEST50071443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.412518978 CEST443500905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.429014921 CEST50092443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.429033041 CEST443500925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.431708097 CEST50092443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.431945086 CEST50092443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.431967020 CEST443500925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.435511112 CEST50092443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.460012913 CEST50093443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.460092068 CEST443500935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.460180044 CEST50093443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.460608959 CEST50093443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.460645914 CEST443500935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.465728045 CEST443500725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.465804100 CEST50072443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.467648029 CEST50093443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.480499029 CEST443500925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.490813017 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.490871906 CEST443500945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.491005898 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.491512060 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.491544008 CEST443500945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.491894960 CEST443500735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.491988897 CEST443500735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.492305994 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.492305994 CEST50073443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.496309996 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.508544922 CEST443500935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.529771090 CEST50095443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.529812098 CEST443500955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.530208111 CEST50095443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.530561924 CEST50095443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.530587912 CEST443500955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.536025047 CEST443500745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.536263943 CEST50074443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.539652109 CEST50095443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.540538073 CEST443500945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.568253994 CEST443500755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.568317890 CEST50075443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.571177959 CEST50096443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.571206093 CEST443500965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.571281910 CEST50096443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.571506977 CEST50096443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.571517944 CEST443500965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.574316978 CEST443500765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.574385881 CEST50076443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.579730034 CEST50096443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.584487915 CEST443500955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.602292061 CEST50097443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.602310896 CEST443500975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.602415085 CEST50097443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.602715969 CEST50097443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.602732897 CEST443500975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.615431070 CEST50097443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.624494076 CEST443500965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.648359060 CEST50098443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.648371935 CEST443500985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.648468018 CEST50098443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.648727894 CEST50098443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.648742914 CEST443500985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.660500050 CEST443500975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.662926912 CEST50098443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.694762945 CEST50099443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.694785118 CEST443500995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.694827080 CEST50099443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.695025921 CEST50099443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.695034027 CEST443500995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.704540014 CEST443500985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.709194899 CEST50099443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.720519066 CEST443500805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.720575094 CEST50080443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.741801977 CEST50100443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.741815090 CEST443501005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.741863966 CEST50100443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.742091894 CEST50100443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.742100954 CEST443501005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.748425007 CEST50100443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.752526999 CEST443500995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.762377977 CEST443500825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.762461901 CEST50082443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.763247967 CEST443500815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.763304949 CEST50081443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.768832922 CEST443500795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.768902063 CEST50079443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.774347067 CEST50101443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.774370909 CEST443501015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.774430037 CEST50101443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.774686098 CEST50101443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.774698019 CEST443501015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.783179045 CEST50101443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.792490959 CEST443501005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.803601027 CEST50102443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.803611994 CEST443501025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.803663015 CEST50102443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.803924084 CEST50102443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.803934097 CEST443501025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.811867952 CEST50102443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.824542046 CEST443501015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.836802006 CEST50103443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.836817026 CEST443501035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.836864948 CEST50103443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.838491917 CEST443500835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.838561058 CEST50083443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.848819971 CEST50103443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.848829985 CEST443501035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.848866940 CEST50103443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.852530956 CEST443501025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.868650913 CEST443500855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.868793964 CEST443500855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.868869066 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.868869066 CEST50085443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.883018017 CEST50104443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.883033991 CEST443501045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.883104086 CEST50104443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.883353949 CEST50104443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.883363008 CEST443501045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.889564991 CEST50104443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.892513990 CEST443501035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.912875891 CEST50105443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.912895918 CEST443501055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.912952900 CEST50105443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.913175106 CEST50105443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.913184881 CEST443501055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.918241024 CEST50105443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.936499119 CEST443501045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.937819004 CEST443500875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.938000917 CEST50087443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.944746971 CEST50106443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.944756031 CEST443501065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.944844961 CEST50106443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.945080996 CEST50106443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.945091009 CEST443501065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.946084023 CEST443500845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.946152925 CEST50084443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.947129011 CEST50106443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.964493990 CEST443501055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.975378990 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.975389004 CEST443501075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.975478888 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.975728035 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.975737095 CEST443501075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.978616953 CEST443500885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.978682041 CEST50088443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.980487108 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:38.992491961 CEST443501065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.993505001 CEST443500865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:38.993558884 CEST50086443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.007083893 CEST50108443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.007093906 CEST443501085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.007153034 CEST50108443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.007390976 CEST50108443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.007400990 CEST443501085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.014040947 CEST50108443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.017384052 CEST443500905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.017435074 CEST50090443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.028486967 CEST443501075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.037743092 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.037751913 CEST443501095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.037838936 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.038048983 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.038058043 CEST443501095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.043100119 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.060508013 CEST443501085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.069814920 CEST50110443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.069824934 CEST443501105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.069921017 CEST50110443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.070158005 CEST50110443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.070168018 CEST443501105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.076761007 CEST50110443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.084577084 CEST443501095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.093161106 CEST443500895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.093420982 CEST50089443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.101257086 CEST50111443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.101284981 CEST443501115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.101342916 CEST50111443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.101584911 CEST50111443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.101596117 CEST443501115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.106992006 CEST50111443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.124531031 CEST443501105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.125662088 CEST443500935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.125735044 CEST50093443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.133033991 CEST50112443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.133115053 CEST443501125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.133193016 CEST50112443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.133531094 CEST50112443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.133563995 CEST443501125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.146872044 CEST50112443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.152524948 CEST443501115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.175909996 CEST443500925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.175995111 CEST50092443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.192500114 CEST443501125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.193850040 CEST443500945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.194185972 CEST443500945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.194262981 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.194262981 CEST50094443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.203315020 CEST443500955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.203383923 CEST50095443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.210505009 CEST50113443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.210536957 CEST443501135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.210592985 CEST50113443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.211550951 CEST50113443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.211570978 CEST443501135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.224544048 CEST50113443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.258821011 CEST50114443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.258852959 CEST443501145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.259005070 CEST50114443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.259356976 CEST50114443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.259376049 CEST443501145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.271585941 CEST50114443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.272494078 CEST443501135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.280320883 CEST443500975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.280384064 CEST50097443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.296647072 CEST443500985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.296688080 CEST50098443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.305421114 CEST50115443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.305474997 CEST443500965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.305499077 CEST443501155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.305545092 CEST50096443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.305572987 CEST50115443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.305896044 CEST50115443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.305931091 CEST443501155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.316504002 CEST443501145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.321773052 CEST50115443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.352402925 CEST50116443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.352432966 CEST443501165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.352514029 CEST50116443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.352730989 CEST50116443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.352749109 CEST443501165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.359107971 CEST443500995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.359150887 CEST50099443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.368511915 CEST443501155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.369976044 CEST50116443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.398304939 CEST50117443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.398380995 CEST443501175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.398453951 CEST50117443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.398705959 CEST50117443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.398740053 CEST443501175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.406692982 CEST50117443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.416528940 CEST443501165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.419267893 CEST443501005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.419522047 CEST50100443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.429061890 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.429085970 CEST443501185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.429213047 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.429459095 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.429486036 CEST443501185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.437344074 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.448537111 CEST443501175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.448992014 CEST443501015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.449073076 CEST50101443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.460655928 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.460690975 CEST443501195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.460735083 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.461009979 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.461028099 CEST443501195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.468039989 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.476977110 CEST443501025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.477097034 CEST50102443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.484548092 CEST443501185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.492326021 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.492356062 CEST443501205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.492399931 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.492669106 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.492686987 CEST443501205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.499763012 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.501218081 CEST443501035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.501295090 CEST50103443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.512514114 CEST443501195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.524463892 CEST50121443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.524560928 CEST443501215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.524631023 CEST50121443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.524868011 CEST50121443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.524903059 CEST443501215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.536736012 CEST443501045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.536823988 CEST50104443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.542449951 CEST50121443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.544513941 CEST443501205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.571649075 CEST50122443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.571686029 CEST443501225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.572263956 CEST50122443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.572544098 CEST50122443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.572573900 CEST443501225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.574256897 CEST50122443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.578603983 CEST443501055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.578712940 CEST50105443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.584574938 CEST443501215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.593595982 CEST443501065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.593791962 CEST50106443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.603645086 CEST50123443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.603676081 CEST443501235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.603945971 CEST50123443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.616605043 CEST443501225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.631433964 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.631511927 CEST443501245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.631783962 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.631937981 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.631968975 CEST443501245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.637078047 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.663655043 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.663686991 CEST443501255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.663784027 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.664053917 CEST443501085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.664087057 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.664108992 CEST443501255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.664158106 CEST50108443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.671648026 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.683444023 CEST443501095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.683546066 CEST443501095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.683634043 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.683634043 CEST50109443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.684498072 CEST443501245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.694587946 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.694617033 CEST443501265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.695710897 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.696125031 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.696141958 CEST443501265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.700073957 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.712574005 CEST443501255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.720017910 CEST443501075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.720336914 CEST443501075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.720360041 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.720930099 CEST50107443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.727664948 CEST50127443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.727746964 CEST443501275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.727962971 CEST50127443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.730714083 CEST50127443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.730714083 CEST50127443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.730793953 CEST443501275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.732712030 CEST443501105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.732858896 CEST50110443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.744497061 CEST443501265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.749696970 CEST443501115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.749819040 CEST50111443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.759674072 CEST50128443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.759753942 CEST443501285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.759970903 CEST50128443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.760214090 CEST50128443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.760247946 CEST443501285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.763653994 CEST50128443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.772546053 CEST443501275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.785748005 CEST443501125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.785870075 CEST50112443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.788609982 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.788688898 CEST443501295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.788784981 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.789081097 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.789118052 CEST443501295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.794899940 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.804585934 CEST443501285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.819680929 CEST50130443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.819761038 CEST443501305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.821165085 CEST50130443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.821959972 CEST50130443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.821995020 CEST443501305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.823295116 CEST50130443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.836541891 CEST443501295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.851324081 CEST50131443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.851402998 CEST443501315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.851684093 CEST50131443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.851854086 CEST50131443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.851906061 CEST443501315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.857366085 CEST50131443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.868570089 CEST443501305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.884813070 CEST443501135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.885015011 CEST50113443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.886898994 CEST50132443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.886939049 CEST443501325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.887049913 CEST50132443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.887285948 CEST50132443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.887305975 CEST443501325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.893066883 CEST50132443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.904535055 CEST443501315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.913449049 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.913531065 CEST443501335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.913636923 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.914413929 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.914452076 CEST443501335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.919672012 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.925296068 CEST443501145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.925384045 CEST50114443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.940501928 CEST443501325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.944793940 CEST50134443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.944828033 CEST443501345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.945036888 CEST50134443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.947652102 CEST50134443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.947679043 CEST443501345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.950906038 CEST50134443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.964525938 CEST443501335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.967637062 CEST443501155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.967711926 CEST50115443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.975687981 CEST50135443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.975727081 CEST443501355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.979707003 CEST50135443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.980099916 CEST50135443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.980133057 CEST443501355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:39.981385946 CEST50135443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:39.992547035 CEST443501345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.007447004 CEST50136443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.007477999 CEST443501365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.007901907 CEST50136443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.007901907 CEST50136443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.007936001 CEST443501365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.013685942 CEST50136443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.024549007 CEST443501355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.030960083 CEST443501165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.031064034 CEST50116443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.039650917 CEST50137443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.039690971 CEST443501375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.039830923 CEST50137443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.040107012 CEST50137443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.040127039 CEST443501375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.043648005 CEST50137443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.051414013 CEST443501175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.051568031 CEST50117443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.056523085 CEST443501365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.071666002 CEST50138443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.071693897 CEST443501385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.071837902 CEST50138443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.072096109 CEST50138443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.072129011 CEST443501385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.076421022 CEST50138443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.084513903 CEST443501375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.088052988 CEST443501185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.088215113 CEST443501185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.088291883 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.088291883 CEST50118443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.100924969 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.100996971 CEST443501395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.101615906 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.102530956 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.102571011 CEST443501395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.107877970 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.116549969 CEST443501385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.132320881 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.132374048 CEST443501405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.135699034 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.136080980 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.136113882 CEST443501405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.139831066 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.142965078 CEST443501195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.143323898 CEST443501195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.143404961 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.143405914 CEST50119443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.143671036 CEST443501205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.144001961 CEST443501205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.144591093 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.144591093 CEST50120443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.148540974 CEST443501395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.163291931 CEST50141443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.163358927 CEST443501415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.163631916 CEST50141443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.164347887 CEST50141443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.164381981 CEST443501415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.169728994 CEST50141443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.180546045 CEST443501405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.195662975 CEST50142443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.195727110 CEST443501425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.195899010 CEST50142443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.196091890 CEST50142443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.196125984 CEST443501425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.201976061 CEST50142443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.207133055 CEST443501215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.207252026 CEST50121443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.212512970 CEST443501415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.224690914 CEST443501225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.224832058 CEST50122443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.232429981 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.232523918 CEST443501435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.232743025 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.235656023 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.235692024 CEST443501435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.239295006 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.244546890 CEST443501425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.272794962 CEST50144443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.272876978 CEST443501445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.273762941 CEST443501245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.273902893 CEST443501245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.273916960 CEST50144443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.273920059 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.274060011 CEST50124443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.274265051 CEST50144443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.274293900 CEST443501445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.278497934 CEST50144443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.280538082 CEST443501435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.304903984 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.304980993 CEST443501455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.305984020 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.306140900 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.306180954 CEST443501455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.311649084 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.316574097 CEST443501255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.316714048 CEST443501255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.316786051 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.316786051 CEST50125443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.324496984 CEST443501445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.335666895 CEST50146443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.335743904 CEST443501465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.335841894 CEST50146443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.336253881 CEST50146443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.336289883 CEST443501465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.341201067 CEST50146443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.352525949 CEST443501455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.363002062 CEST443501265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.363168001 CEST443501265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.363351107 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.363351107 CEST50126443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.367650986 CEST50147443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.367687941 CEST443501475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.367846012 CEST50147443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.368146896 CEST50147443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.368165016 CEST443501475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.369359016 CEST50147443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.388547897 CEST443501465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.398076057 CEST50148443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.398102999 CEST443501485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.398555994 CEST50148443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.398745060 CEST50148443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.398772001 CEST443501485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.407655001 CEST50148443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.408142090 CEST443501275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.408325911 CEST50127443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.416546106 CEST443501475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.422313929 CEST443501285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.422399998 CEST50128443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.429140091 CEST50149443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.429205894 CEST443501495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.429382086 CEST50149443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.429754972 CEST50149443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.429804087 CEST443501495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.435653925 CEST50149443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.444947004 CEST443501295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.445091963 CEST443501295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.445173025 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.445173025 CEST50129443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.448532104 CEST443501485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.460701942 CEST50150443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.460751057 CEST443501505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.463706970 CEST50150443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.463949919 CEST50150443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.463982105 CEST443501505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.467655897 CEST50150443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.476190090 CEST443501305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.476274014 CEST50130443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.476520061 CEST443501495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.491666079 CEST50151443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.491744041 CEST443501515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.491832972 CEST50151443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.495659113 CEST50151443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.495695114 CEST443501515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.499656916 CEST50151443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.508542061 CEST443501505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.523658037 CEST50152443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.523689032 CEST443501525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.523811102 CEST50152443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.524056911 CEST50152443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.524082899 CEST443501525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.527390957 CEST50152443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.544540882 CEST443501515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.546612024 CEST443501325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.546669006 CEST50132443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.554603100 CEST50153443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.554639101 CEST443501535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.554708958 CEST50153443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.555090904 CEST50153443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.555116892 CEST443501535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.563258886 CEST50153443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.567949057 CEST443501335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.568053007 CEST443501335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.568116903 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.568116903 CEST50133443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.572506905 CEST443501525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.594660997 CEST50154443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.594697952 CEST443501545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.594763994 CEST50154443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.595084906 CEST50154443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.595108986 CEST443501545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.600392103 CEST50154443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.601874113 CEST443501345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.601939917 CEST50134443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.608506918 CEST443501535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.624053955 CEST443501315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.624141932 CEST50131443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.633274078 CEST50155443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.633356094 CEST443501555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.633464098 CEST50155443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.633713007 CEST50155443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.633749008 CEST443501555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.640537977 CEST443501545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.642116070 CEST50155443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.658190966 CEST443501355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.658262014 CEST50135443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.664695024 CEST50156443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.664722919 CEST443501565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.664999008 CEST50156443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.665313005 CEST50156443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.665337086 CEST443501565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.671571016 CEST50156443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.684529066 CEST443501555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.690001011 CEST443501365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.690067053 CEST50136443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.694874048 CEST50157443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.694904089 CEST443501575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.694974899 CEST50157443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.695192099 CEST50157443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.695216894 CEST443501575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.701297998 CEST443501375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.701363087 CEST50137443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.702599049 CEST50157443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.712527037 CEST443501565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.727245092 CEST50158443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.727273941 CEST443501585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.727334976 CEST50158443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.727803946 CEST50158443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.727827072 CEST443501585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.740701914 CEST443501385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.740772009 CEST50138443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.743216991 CEST50158443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.744524002 CEST443501575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.773348093 CEST50159443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.773402929 CEST443501595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.773484945 CEST50159443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.773827076 CEST50159443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.773854971 CEST443501595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.777276993 CEST443501395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.777352095 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.777384043 CEST443501395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.777425051 CEST50139443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.788542986 CEST443501585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.790700912 CEST50159443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.811055899 CEST443501405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.811203957 CEST443501405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.811240911 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.811312914 CEST50140443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.820446968 CEST50160443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.820487976 CEST443501605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.820625067 CEST50160443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.820848942 CEST50160443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.820871115 CEST443501605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.827452898 CEST50160443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.836533070 CEST443501595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.837356091 CEST443501415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.837544918 CEST50141443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.851516962 CEST50161443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.851537943 CEST443501615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.851587057 CEST50161443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.851835966 CEST50161443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.851845980 CEST443501615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.859170914 CEST50161443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.871203899 CEST443501425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.871269941 CEST50142443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.872495890 CEST443501605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.882077932 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.882096052 CEST443501625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.882205963 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.882476091 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.882486105 CEST443501625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.889523983 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.894799948 CEST443501435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.894947052 CEST443501435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.894990921 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.894992113 CEST50143443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.904496908 CEST443501615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.920298100 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.920330048 CEST443501635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.920408010 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.920644999 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.920658112 CEST443501635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.926635981 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.927342892 CEST443501445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.927424908 CEST50144443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.932506084 CEST443501625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.956253052 CEST443501455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.956374884 CEST443501455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.956394911 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.956432104 CEST50145443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.960261106 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.960283995 CEST443501645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.960330963 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.960606098 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.960618019 CEST443501645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.968528986 CEST443501635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.969466925 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.992944956 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.992970943 CEST443501655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.993036032 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.993283987 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:40.993299961 CEST443501655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.994174957 CEST443501465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:40.994230032 CEST50146443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.002055883 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.012540102 CEST443501645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.015141964 CEST443501475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.015207052 CEST50147443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.024039984 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.024063110 CEST443501665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.024113894 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.024374008 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.024388075 CEST443501665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.033608913 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.048499107 CEST443501655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.054665089 CEST50167443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.054685116 CEST443501675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.054743052 CEST50167443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.055037022 CEST50167443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.055057049 CEST443501675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.064527988 CEST50167443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.078521967 CEST443501485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.078608990 CEST50148443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.080523014 CEST443501665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.083703995 CEST443501495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.083761930 CEST50149443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.086106062 CEST50168443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.086117029 CEST443501685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.086189985 CEST50168443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.086566925 CEST50168443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.086575985 CEST443501685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.096729994 CEST50168443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.108311892 CEST443501505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.108360052 CEST50150443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.112539053 CEST443501675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.116616964 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.116651058 CEST443501695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.116708040 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.116947889 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.116962910 CEST443501695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.123997927 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.144506931 CEST443501685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.149414062 CEST443501515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.149467945 CEST50151443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.158391953 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.158421993 CEST443501705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.158474922 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.158845901 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.158857107 CEST443501705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.168545008 CEST443501695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.173850060 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.195866108 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.195879936 CEST443501715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.195919991 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.196239948 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.196247101 CEST443501715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.201117039 CEST443501525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.201179028 CEST50152443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.204622984 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.214656115 CEST443501535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.214704037 CEST50153443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.220503092 CEST443501705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.230443001 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.230465889 CEST443501725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.230511904 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.230751038 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.230765104 CEST443501725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.244049072 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.252533913 CEST443501715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.266427040 CEST443501545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.266619921 CEST50154443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.278517008 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.278532982 CEST443501735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.278587103 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.279052973 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.279063940 CEST443501735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.288526058 CEST443501725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.290661097 CEST443501555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.290765047 CEST50155443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.317719936 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.340432882 CEST443501565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.340500116 CEST50156443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.360532999 CEST443501735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.362929106 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.362957954 CEST443501745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.363009930 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.363301039 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.363318920 CEST443501745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.374368906 CEST443501575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.374432087 CEST50157443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.378040075 CEST443501585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.378099918 CEST50158443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.384834051 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.428545952 CEST443501745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.434678078 CEST443501595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.434741020 CEST50159443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.440362930 CEST50175443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.440393925 CEST443501755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.440488100 CEST50175443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.440881968 CEST50175443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.440897942 CEST443501755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.466521978 CEST50175443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.493097067 CEST443501605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.493202925 CEST50160443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.495258093 CEST50176443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.495301008 CEST443501765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.495373964 CEST50176443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.498380899 CEST50176443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.498399973 CEST443501765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.512495995 CEST443501755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.513031006 CEST50176443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.518469095 CEST443501615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.518567085 CEST50161443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.545185089 CEST443501625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.545538902 CEST443501625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.545631886 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.545631886 CEST50162443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.560509920 CEST443501765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.603147984 CEST443501635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.603485107 CEST443501635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.603703022 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.603703976 CEST50163443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.618757010 CEST443501645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.619112015 CEST443501645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.619807959 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.619807959 CEST50164443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.659091949 CEST443501655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.659246922 CEST443501655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.659276962 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.661953926 CEST50165443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.685424089 CEST50177443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.685463905 CEST443501775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.685750961 CEST50177443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.691788912 CEST50177443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.691867113 CEST443501775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.696270943 CEST443501665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.696398020 CEST443501665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.696948051 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.696948051 CEST50166443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.707257032 CEST443501675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.707422018 CEST50167443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.757461071 CEST443501685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.757656097 CEST50168443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.758218050 CEST443501695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.758354902 CEST443501695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.758430958 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.758431911 CEST50169443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.784306049 CEST50177443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.814989090 CEST443501705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.815129042 CEST443501705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.815210104 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.815210104 CEST50170443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.824542046 CEST443501775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.841496944 CEST50178443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.841574907 CEST443501785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.841694117 CEST50178443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.842032909 CEST50178443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.842067957 CEST443501785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.851979017 CEST443501715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.852112055 CEST443501715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.852268934 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.852349043 CEST50171443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.852374077 CEST50178443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.896497011 CEST443501785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.901946068 CEST50179443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.902026892 CEST443501795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.902290106 CEST50179443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.902452946 CEST50179443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.902493000 CEST443501795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.933257103 CEST443501735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.933334112 CEST443501735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.933804035 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.933804035 CEST50173443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.947005987 CEST50179443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.988526106 CEST443501795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.991799116 CEST443501725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.992191076 CEST443501725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:41.994293928 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:41.994293928 CEST50172443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.016119957 CEST443501745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.016447067 CEST443501745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.019825935 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.019825935 CEST50174443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.057378054 CEST50180443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.057459116 CEST443501805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.057827950 CEST50180443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.057934999 CEST50180443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.057962894 CEST443501805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.071650028 CEST50180443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.100267887 CEST443501755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.100390911 CEST50175443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.107500076 CEST50181443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.107578993 CEST443501815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.107775927 CEST50181443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.107872009 CEST50181443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.107904911 CEST443501815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.112540960 CEST443501805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.116246939 CEST50181443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.148245096 CEST50182443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.148266077 CEST443501825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.148498058 CEST50182443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.148724079 CEST50182443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.148751020 CEST443501825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.156102896 CEST50182443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.156517982 CEST443501815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.173283100 CEST443501765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.173393011 CEST50176443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.179971933 CEST50183443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.180001020 CEST443501835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.180188894 CEST50183443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.180385113 CEST50183443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.180402994 CEST443501835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.192599058 CEST50183443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.196506023 CEST443501825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.225924015 CEST50184443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.225949049 CEST443501845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.226162910 CEST50184443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.226392984 CEST50184443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.226418018 CEST443501845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.231650114 CEST50184443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.236521006 CEST443501835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.257018089 CEST50185443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.257044077 CEST443501855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.257138014 CEST50185443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.257374048 CEST50185443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.257392883 CEST443501855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.264142036 CEST50185443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.272547960 CEST443501845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.288122892 CEST50186443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.288141012 CEST443501865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.288269043 CEST50186443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.288471937 CEST50186443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.288500071 CEST443501865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.293576956 CEST50186443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.304543018 CEST443501855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.325457096 CEST50187443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.325480938 CEST443501875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.325733900 CEST50187443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.326803923 CEST50187443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.326831102 CEST443501875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.335855007 CEST50187443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.340503931 CEST443501865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.366909981 CEST50188443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.366969109 CEST443501885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.367082119 CEST50188443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.367402077 CEST50188443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.367434978 CEST443501885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.367873907 CEST443501775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.367938042 CEST50177443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.373670101 CEST50188443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.376573086 CEST443501875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.397785902 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.397835970 CEST443501895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.398003101 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.398104906 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.398135900 CEST443501895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.405966997 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.420505047 CEST443501885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.429863930 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.429889917 CEST443501905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.430005074 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.430252075 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.430279970 CEST443501905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.433850050 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.448535919 CEST443501895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.461961031 CEST50191443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.462042093 CEST443501915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.462132931 CEST50191443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.462348938 CEST50191443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.462385893 CEST443501915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.465708971 CEST50191443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.480534077 CEST443501905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.491168022 CEST50192443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.491261959 CEST443501925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.491375923 CEST50192443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.491570950 CEST50192443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.491607904 CEST443501925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.509464025 CEST443501785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.509622097 CEST50178443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.512499094 CEST443501915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.533766031 CEST50192443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.559307098 CEST50193443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.559331894 CEST443501935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.559384108 CEST50193443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.559747934 CEST50193443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.559762955 CEST443501935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.562022924 CEST443501795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.562252045 CEST50179443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.575488091 CEST50193443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.580509901 CEST443501925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.620472908 CEST50194443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.620501041 CEST443501945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.620515108 CEST443501935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.620573997 CEST50194443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.620913029 CEST50194443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.620925903 CEST443501945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.637033939 CEST50194443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.680497885 CEST443501945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.681587934 CEST50195443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.681607008 CEST443501955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.681670904 CEST50195443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.688193083 CEST50195443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.688221931 CEST443501955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.703856945 CEST50195443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.714509964 CEST443501805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.714586973 CEST50180443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.727339029 CEST50196443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.727360010 CEST443501965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.727420092 CEST50196443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.727683067 CEST50196443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.727696896 CEST443501965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.737900972 CEST50196443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.744519949 CEST443501955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.758349895 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.758400917 CEST443501975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.758471966 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.758713007 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.758739948 CEST443501975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.763417959 CEST443501815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.763600111 CEST50181443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.767775059 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.780500889 CEST443501965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.789046049 CEST50198443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.789076090 CEST443501985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.789149046 CEST50198443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.789391041 CEST50198443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.789418936 CEST443501985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.796267033 CEST50198443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.808542013 CEST443501975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.819621086 CEST50199443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.819647074 CEST443501995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.819708109 CEST50199443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.821923018 CEST50199443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.821937084 CEST443501995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.829210043 CEST50199443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.834120035 CEST443501825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.834316015 CEST50182443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.836541891 CEST443501985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.851708889 CEST50200443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.851723909 CEST443502005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.851819992 CEST50200443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.852133036 CEST50200443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.852145910 CEST443502005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.875524044 CEST50200443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.876499891 CEST443501995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.898371935 CEST50201443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.898402929 CEST443502015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.898494005 CEST50201443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.898722887 CEST50201443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.898749113 CEST443502015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.905227900 CEST443501845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.905328989 CEST50184443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.912393093 CEST50201443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.916523933 CEST443502005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.932579994 CEST443501855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.932776928 CEST50185443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.933785915 CEST443501835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.933852911 CEST50183443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.945835114 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.945853949 CEST443502025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.945929050 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.946209908 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.946237087 CEST443502025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.954833984 CEST443501865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.954938889 CEST50186443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.956499100 CEST443502015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.964345932 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.983411074 CEST443501875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.983489990 CEST50187443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.997107983 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.997129917 CEST443502035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:42.997263908 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.997627974 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:42.997642040 CEST443502035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.004544973 CEST443502025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.019593000 CEST443501885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.019774914 CEST50188443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.026443005 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.053828001 CEST443501895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.054151058 CEST443501895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.054219961 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.054219961 CEST50189443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.055135965 CEST50204443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.055165052 CEST443502045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.055588007 CEST50204443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.055859089 CEST50204443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.055885077 CEST443502045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.063828945 CEST50204443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.068512917 CEST443502035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.085442066 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.085462093 CEST443502055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.085514069 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.085813999 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.085827112 CEST443502055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.093720913 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.104533911 CEST443502045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.109286070 CEST443501905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.109379053 CEST443501905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.109477043 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.109477997 CEST50190443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.117532015 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.117557049 CEST443502065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.117614985 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.117839098 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.117846966 CEST443502065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.125972986 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.140502930 CEST443502055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.146280050 CEST443501915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.146495104 CEST50191443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.148639917 CEST50207443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.148716927 CEST443502075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.148781061 CEST50207443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.148999929 CEST50207443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.149034977 CEST443502075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.151348114 CEST443501925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.151420116 CEST50192443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.153734922 CEST50207443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.172496080 CEST443502065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.179570913 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.179599047 CEST443502085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.179656982 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.179888010 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.179905891 CEST443502085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.188035965 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.196542025 CEST443502075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.210860014 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.210892916 CEST443502095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.211107969 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.211333036 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.211348057 CEST443502095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.214610100 CEST443501935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.214669943 CEST50193443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.229206085 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.232517958 CEST443502085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.258644104 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.258680105 CEST443502105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.258753061 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.259141922 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.259159088 CEST443502105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.263696909 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.272497892 CEST443502095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.276329994 CEST443501945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.276602030 CEST50194443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.300676107 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.300694942 CEST443502115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.300762892 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.306118011 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.306130886 CEST443502115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.308497906 CEST443502105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.325521946 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.372514009 CEST443502115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.386521101 CEST443501965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.386583090 CEST50196443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.389758110 CEST50212443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.389796972 CEST443502125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.390012980 CEST50212443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.390619993 CEST443501955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.390714884 CEST50195443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.390770912 CEST50212443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.390788078 CEST443502125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.404009104 CEST50212443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.416229010 CEST443501975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.416333914 CEST443501975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.416412115 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.416412115 CEST50197443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.430099964 CEST50213443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.430119991 CEST443502135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.430175066 CEST50213443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.430497885 CEST50213443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.430510044 CEST443502135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.438843012 CEST50213443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.444523096 CEST443502125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.450639963 CEST443501985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.450706005 CEST50198443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.461384058 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.461394072 CEST443502145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.461486101 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.461787939 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.461797953 CEST443502145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.469557047 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.473151922 CEST443501995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.473459959 CEST50199443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.484497070 CEST443502135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.492477894 CEST50215443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.492527008 CEST443502155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.492574930 CEST50215443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.492899895 CEST50215443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.492916107 CEST443502155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.501117945 CEST50215443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.512525082 CEST443502145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.514127016 CEST443502005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.514326096 CEST50200443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.523550034 CEST50216443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.523576021 CEST443502165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.523646116 CEST50216443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.523963928 CEST50216443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.523979902 CEST443502165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.532330036 CEST50216443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.544543982 CEST443502155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.555305958 CEST50217443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.555315971 CEST443502175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.555502892 CEST443502015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.555716038 CEST50201443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.555788994 CEST50217443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.555982113 CEST50217443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.555994034 CEST443502175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.563666105 CEST50217443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.576522112 CEST443502165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.585441113 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.585449934 CEST443502185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.585536003 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.586183071 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.586189032 CEST443502185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.588335991 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.604525089 CEST443502175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.616543055 CEST50219443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.616569042 CEST443502195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.616717100 CEST50219443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.617089987 CEST50219443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.617106915 CEST443502195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.622243881 CEST50219443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.628537893 CEST443502185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.647799015 CEST50220443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.647813082 CEST443502205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.647887945 CEST50220443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.648226023 CEST50220443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.648236990 CEST443502205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.654696941 CEST50220443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.668493032 CEST443502195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.683799028 CEST443502025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.684084892 CEST443502025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.687870026 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.687870026 CEST50202443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.689830065 CEST50221443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.689888000 CEST443502215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.689970016 CEST50221443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.690587997 CEST50221443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.690608025 CEST443502215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.696583033 CEST443502205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.697371960 CEST50221443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.712377071 CEST443502045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.712563038 CEST50204443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.726717949 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.726748943 CEST443502225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.726852894 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.727454901 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.727468967 CEST443502225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.744090080 CEST443502055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.744405985 CEST443502055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.744421005 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.744467974 CEST50205443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.744538069 CEST443502215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.744899988 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.757025957 CEST443502035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.757153034 CEST443502035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.757225990 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.757225990 CEST50203443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.770787001 CEST443502065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.770898104 CEST443502065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.770989895 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.771420002 CEST50206443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.773530006 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.773561001 CEST443502235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.773806095 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.774076939 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.774091959 CEST443502235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.782749891 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.788535118 CEST443502225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.804248095 CEST50224443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.804322004 CEST443502245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.804605007 CEST50224443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.804881096 CEST50224443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.804909945 CEST443502245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.809710026 CEST50224443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.818487883 CEST443502075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.818603039 CEST50207443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.828522921 CEST443502235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.833165884 CEST443502085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.833461046 CEST443502085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.833544016 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.833544016 CEST50208443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.838110924 CEST50225443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.838177919 CEST443502255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.838408947 CEST50225443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.838733912 CEST50225443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.838767052 CEST443502255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.847523928 CEST50225443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.852550030 CEST443502245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.888535976 CEST443502255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.914216995 CEST443502105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.914518118 CEST443502105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.914597988 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.914597988 CEST50210443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.960536957 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.960570097 CEST443502265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.960712910 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.963659048 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.963685989 CEST443502265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.971657038 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.978331089 CEST443502095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.978461981 CEST443502095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.978545904 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.978545904 CEST50209443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.991610050 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.991652966 CEST443502275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.991925001 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.992213964 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:43.992234945 CEST443502275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:43.999660015 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.005670071 CEST443502115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.005969048 CEST443502115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.006061077 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.006061077 CEST50211443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.012520075 CEST443502265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.044529915 CEST443502275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.045926094 CEST50228443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.045975924 CEST443502285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.046204090 CEST50228443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.046550035 CEST50228443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.046576977 CEST443502285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.052023888 CEST50228443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.052567005 CEST443502125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.052649021 CEST50212443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.087658882 CEST50229443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.087697983 CEST443502295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.087824106 CEST50229443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.090672016 CEST443502135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.090883017 CEST50213443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.092539072 CEST443502285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.117959976 CEST443502145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.118088961 CEST443502145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.118102074 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.118217945 CEST50214443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.143460989 CEST443502155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.143554926 CEST50215443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.170491934 CEST50229443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.170578957 CEST443502295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.170716047 CEST50229443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.195661068 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.195694923 CEST443502305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.195796967 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.196126938 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.196151018 CEST443502305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.203665972 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.217453003 CEST443502175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.217559099 CEST50217443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.228833914 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.228872061 CEST443502315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.228991032 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.229168892 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.229192019 CEST443502315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.235913038 CEST443502185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.236056089 CEST443502185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.236087084 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.236193895 CEST50218443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.244522095 CEST443502305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.257781982 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.263920069 CEST443502165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.264008045 CEST50216443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.278054953 CEST443502195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.278131962 CEST50219443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.291670084 CEST50232443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.291692972 CEST443502325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.291821957 CEST50232443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.292148113 CEST50232443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.292170048 CEST443502325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.297281981 CEST50232443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.304508924 CEST443502315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.307787895 CEST443502205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.307883024 CEST50220443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.319611073 CEST50233443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.319650888 CEST443502335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.319875002 CEST50233443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.320265055 CEST50233443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.320306063 CEST443502335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.327454090 CEST50233443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.340538025 CEST443502325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.351671934 CEST50234443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.351696014 CEST443502345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.351833105 CEST50234443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.355663061 CEST50234443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.355686903 CEST443502345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.360646963 CEST443502215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.360927105 CEST50221443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.360974073 CEST50234443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.368520975 CEST443502335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.381032944 CEST443502225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.381345987 CEST443502225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.383852959 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.383852959 CEST50222443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.404546976 CEST443502345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.434407949 CEST443502235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.434535027 CEST443502235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.434572935 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.439659119 CEST50223443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.485766888 CEST50235443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.485833883 CEST443502355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.485969067 CEST50235443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.487188101 CEST50235443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.487211943 CEST443502355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.491396904 CEST443502245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.491508961 CEST50224443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.494371891 CEST443502255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.494471073 CEST50225443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.581526041 CEST50235443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.628525019 CEST443502355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.658404112 CEST443502275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.658740997 CEST443502275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.658832073 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.658832073 CEST50227443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.674470901 CEST50236443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.674510956 CEST443502365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.674580097 CEST50236443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.696580887 CEST50236443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.696607113 CEST443502365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.703190088 CEST443502285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.703257084 CEST50228443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.705820084 CEST443502265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.706134081 CEST443502265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.706199884 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.707662106 CEST50226443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.772604942 CEST50236443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.820498943 CEST443502365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.855961084 CEST443502305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.856268883 CEST443502305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.856353998 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.856354952 CEST50230443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.900516033 CEST443502315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.900825024 CEST443502315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.900912046 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.900913000 CEST50231443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:44.950372934 CEST443502325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:44.950447083 CEST50232443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.002283096 CEST443502345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.002351046 CEST50234443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.012850046 CEST443502335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.012917995 CEST50233443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.027565956 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.027621984 CEST443502375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.027683020 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.028085947 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.028110981 CEST443502375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.113981009 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.141120911 CEST443502355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.141344070 CEST50235443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.149457932 CEST50238443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.149492025 CEST443502385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.149559975 CEST50238443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.149833918 CEST50238443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.149856091 CEST443502385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.160494089 CEST443502375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.165131092 CEST50238443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.196499109 CEST50239443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.196543932 CEST443502395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.196614027 CEST50239443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.196908951 CEST50239443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.196950912 CEST443502395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.205276966 CEST50239443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.212512016 CEST443502385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.227982044 CEST50240443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.228075027 CEST443502405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.228148937 CEST50240443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.228539944 CEST50240443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.228578091 CEST443502405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.236552000 CEST50240443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.252536058 CEST443502395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.258461952 CEST50241443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.258532047 CEST443502415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.258662939 CEST50241443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.259073019 CEST50241443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.259109974 CEST443502415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.276201010 CEST50241443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.280524969 CEST443502405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.303809881 CEST50242443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.303833961 CEST443502425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.303914070 CEST50242443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.304138899 CEST50242443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.304163933 CEST443502425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.310858965 CEST50242443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.320497990 CEST443502415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.335381985 CEST50243443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.335408926 CEST443502435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.335472107 CEST50243443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.335741997 CEST50243443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.335767031 CEST443502435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.344067097 CEST50243443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.352541924 CEST443502425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.369366884 CEST50244443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.369390965 CEST443502445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.369462967 CEST50244443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.369725943 CEST50244443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.369750023 CEST443502445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.371572971 CEST443502365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.371639967 CEST50236443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.373620033 CEST50244443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.388500929 CEST443502435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.401078939 CEST50245443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.401102066 CEST443502455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.401179075 CEST50245443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.401416063 CEST50245443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.401454926 CEST443502455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.420542002 CEST443502445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.422908068 CEST50245443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.445502043 CEST50246443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.445528030 CEST443502465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.445595980 CEST50246443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.446487904 CEST50246443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.446511984 CEST443502465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.452789068 CEST50246443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.468489885 CEST443502455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.476145983 CEST50247443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.476176023 CEST443502475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.476243973 CEST50247443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.476465940 CEST50247443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.476505995 CEST443502475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.479401112 CEST50247443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.496519089 CEST443502465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.507260084 CEST50248443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.507282019 CEST443502485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.507378101 CEST50248443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.507586002 CEST50248443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.507601023 CEST443502485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.515259981 CEST50248443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.524527073 CEST443502475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.538367033 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.538386106 CEST443502495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.538446903 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.538736105 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.538760900 CEST443502495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.545941114 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.556548119 CEST443502485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.569631100 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.569648027 CEST443502505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.569833994 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.571671963 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.571696043 CEST443502505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.576525927 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.592539072 CEST443502495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.603676081 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.603754044 CEST443502515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.603991032 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.604255915 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.604290962 CEST443502515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.606971979 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.620524883 CEST443502505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.632008076 CEST50252443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.632025003 CEST443502525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.632416964 CEST50252443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.632694006 CEST50252443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.632719994 CEST443502525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.638484955 CEST50252443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.652489901 CEST443502515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.663296938 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.663374901 CEST443502535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.663512945 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.663711071 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.663739920 CEST443502535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.671662092 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.680521011 CEST443502525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.684820890 CEST443502375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.685137033 CEST443502375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.685180902 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.685453892 CEST50237443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.694581985 CEST50254443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.694660902 CEST443502545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.694864035 CEST50254443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.695085049 CEST50254443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.695118904 CEST443502545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.697877884 CEST50254443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.712528944 CEST443502535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.725944996 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.725965977 CEST443502555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.726268053 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.726598978 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.726623058 CEST443502555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.738861084 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.740545988 CEST443502545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.775665045 CEST50256443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.775716066 CEST443502565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.775810957 CEST50256443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.776316881 CEST50256443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.776350021 CEST443502565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.779902935 CEST50256443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.784509897 CEST443502555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.803949118 CEST50257443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.803987026 CEST443502575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.804389954 CEST50257443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.804672003 CEST50257443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.804691076 CEST443502575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.807241917 CEST50257443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.813945055 CEST443502385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.814038038 CEST50238443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.824493885 CEST443502565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.836319923 CEST50258443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.836329937 CEST443502585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.836425066 CEST50258443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.836659908 CEST50258443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.836673021 CEST443502585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.843430042 CEST50258443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.848542929 CEST443502575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.850065947 CEST443502395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.850153923 CEST50239443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.866190910 CEST50259443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.866261005 CEST443502595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.866415977 CEST50259443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.867665052 CEST50259443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.867701054 CEST443502595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.871670961 CEST50259443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.878700018 CEST443502405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.878804922 CEST50240443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.884546041 CEST443502585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.897083044 CEST50260443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.897095919 CEST443502605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.899768114 CEST50260443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.899965048 CEST50260443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.899981022 CEST443502605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.903655052 CEST50260443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.912544012 CEST443502595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.928457975 CEST50261443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.928535938 CEST443502615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.931725025 CEST50261443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.932270050 CEST50261443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.932306051 CEST443502615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.935659885 CEST50261443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.948498964 CEST443502605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.951493025 CEST443502415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.951627970 CEST50241443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.959995031 CEST50262443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.960026026 CEST443502625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.960268974 CEST50262443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.960946083 CEST50262443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.960973978 CEST443502625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.962331057 CEST443502425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.962580919 CEST50242443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.967667103 CEST50262443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.976551056 CEST443502615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.991211891 CEST50263443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.991220951 CEST443502635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.991309881 CEST50263443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.991622925 CEST50263443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:45.991638899 CEST443502635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:45.999671936 CEST50263443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.008538961 CEST443502625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.013804913 CEST443502435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.013885021 CEST50243443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.022171021 CEST50264443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.022180080 CEST443502645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.022270918 CEST50264443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.022521019 CEST50264443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.022533894 CEST443502645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.024360895 CEST50264443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.028208017 CEST443502445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.028352022 CEST50244443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.040527105 CEST443502635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.054047108 CEST50265443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.054126024 CEST443502655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.054234982 CEST50265443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.054492950 CEST50265443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.054527044 CEST443502655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.063672066 CEST50265443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.064542055 CEST443502645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.091279984 CEST50266443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.091309071 CEST443502665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.091700077 CEST50266443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.091989040 CEST50266443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.092014074 CEST443502665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.097867012 CEST50266443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.108527899 CEST443502655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.112026930 CEST443502465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.112165928 CEST50246443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.132343054 CEST50267443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.132354975 CEST443502675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.134641886 CEST50267443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.144496918 CEST443502665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.149694920 CEST443502455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.149861097 CEST50245443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.160144091 CEST443502485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.160406113 CEST50248443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.163783073 CEST50268443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.163862944 CEST443502685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.164028883 CEST50268443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.164231062 CEST50268443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.164268017 CEST443502685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.169301987 CEST443502475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.169440031 CEST50247443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.171683073 CEST50268443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.190406084 CEST443502495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.190536976 CEST443502495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.190634966 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.190634966 CEST50249443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.194454908 CEST50269443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.194463968 CEST443502695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.194566011 CEST50269443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.194982052 CEST50269443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.194997072 CEST443502695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.202804089 CEST50269443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.216531038 CEST443502685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.225617886 CEST50270443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.225625992 CEST443502705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.225764990 CEST50270443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.226058960 CEST50270443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.226075888 CEST443502705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.229685068 CEST443502505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.230004072 CEST443502505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.230097055 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.230097055 CEST50250443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.234117985 CEST50270443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.248495102 CEST443502695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.251955986 CEST443502515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.252099037 CEST443502515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.255740881 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.255740881 CEST50251443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.256798983 CEST50271443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.256875992 CEST443502715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.257049084 CEST50271443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.257344007 CEST50271443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.257379055 CEST443502715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.262947083 CEST50271443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.280493975 CEST443502705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.291718006 CEST50272443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.291752100 CEST443502725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.291910887 CEST50272443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.292503119 CEST50272443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.292515039 CEST443502725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.296536922 CEST50272443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.304496050 CEST443502715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.313045979 CEST443502525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.313196898 CEST50252443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.319597006 CEST50273443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.319628954 CEST443502735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.319786072 CEST50273443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.319960117 CEST50273443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.319982052 CEST443502735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.323860884 CEST443502535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.323990107 CEST443502535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.324070930 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.324070930 CEST50253443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.327666044 CEST50273443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.344495058 CEST443502725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.351689100 CEST50274443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.351700068 CEST443502745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.351815939 CEST50274443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.352149963 CEST50274443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.352159977 CEST443502745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.355707884 CEST50274443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.369523048 CEST443502545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.369623899 CEST50254443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.372523069 CEST443502735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.380446911 CEST443502555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.380814075 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.380816936 CEST443502555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.380968094 CEST50255443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.383704901 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.383732080 CEST443502755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.384205103 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.384432077 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.384448051 CEST443502755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.389082909 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.400494099 CEST443502745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.431669950 CEST50276443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.431679964 CEST443502765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.431833029 CEST50276443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.432220936 CEST50276443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.432239056 CEST443502765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.436496019 CEST443502755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.439615965 CEST50276443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.445218086 CEST443502565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.445396900 CEST50256443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.461447001 CEST443502575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.461497068 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.461525917 CEST443502775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.461558104 CEST50257443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.461636066 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.462003946 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.462016106 CEST443502775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.463664055 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.484534025 CEST443502765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.491624117 CEST50278443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.491647005 CEST443502785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.491754055 CEST50278443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.492266893 CEST50278443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.492280960 CEST443502785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.497564077 CEST443502585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.497689962 CEST50258443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.498018026 CEST50278443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.508498907 CEST443502775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.523660898 CEST50279443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.523684025 CEST443502795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.523777008 CEST50279443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.527661085 CEST50279443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.527672052 CEST443502795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.531673908 CEST50279443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.543584108 CEST443502595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.543740988 CEST50259443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.544497967 CEST443502785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.554003000 CEST50280443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.554025888 CEST443502805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.554089069 CEST50280443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.555660009 CEST50280443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.555665970 CEST443502805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.561813116 CEST50280443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.576493025 CEST443502795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.587049961 CEST50281443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.587074995 CEST443502815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.587162971 CEST50281443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.587559938 CEST50281443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.587574005 CEST443502815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.596460104 CEST50281443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.598974943 CEST443502615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.599049091 CEST50261443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.600673914 CEST443502605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.600745916 CEST50260443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.608503103 CEST443502805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.617223024 CEST50282443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.617245913 CEST443502825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.617290974 CEST50282443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.617585897 CEST50282443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.617597103 CEST443502825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.619350910 CEST443502625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.619421959 CEST50262443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.627289057 CEST50282443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.640539885 CEST443502815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.649373055 CEST50283443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.649399042 CEST443502835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.649465084 CEST50283443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.649797916 CEST50283443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.649810076 CEST443502835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.653278112 CEST443502635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.653338909 CEST50263443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.658549070 CEST50283443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.672499895 CEST443502825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.679894924 CEST50284443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.679914951 CEST443502845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.679979086 CEST50284443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.680401087 CEST50284443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.680413008 CEST443502845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.684005022 CEST50284443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.691143036 CEST443502645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.691200972 CEST50264443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.700535059 CEST443502835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.710736990 CEST50285443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.710762024 CEST443502855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.710825920 CEST50285443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.711082935 CEST50285443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.711097956 CEST443502855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.717941999 CEST443502655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.718009949 CEST50265443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.720141888 CEST50285443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.728506088 CEST443502845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.744221926 CEST50286443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.744239092 CEST443502865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.744297028 CEST50286443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.744597912 CEST50286443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.744611025 CEST443502865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.749490976 CEST443502665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.749567986 CEST50266443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.757116079 CEST50286443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.760504961 CEST443502855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.796536922 CEST50287443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.796567917 CEST443502875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.796897888 CEST50287443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.797584057 CEST50287443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.797593117 CEST443502875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.804542065 CEST443502865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.805524111 CEST50287443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.813347101 CEST443502685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.813432932 CEST50268443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.838120937 CEST50288443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.838203907 CEST443502885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.838274956 CEST50288443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.838856936 CEST50288443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.838891983 CEST443502885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.852495909 CEST443502875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.853928089 CEST50288443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.855977058 CEST443502695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.856087923 CEST50269443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.883781910 CEST50289443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.883821964 CEST443502895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.883879900 CEST50289443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.884143114 CEST50289443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.884162903 CEST443502895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.898854971 CEST50289443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.900505066 CEST443502885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.901134014 CEST443502715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.901243925 CEST50271443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.901472092 CEST443502705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.901526928 CEST50270443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.929104090 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.929141998 CEST443502905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.929200888 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.929549932 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.929595947 CEST443502905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.939513922 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.940530062 CEST443502895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.960233927 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.960280895 CEST443502915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.960366964 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.960625887 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.960655928 CEST443502915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.963665962 CEST443502725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.963717937 CEST50272443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.965316057 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.968099117 CEST443502735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.968149900 CEST50273443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.984512091 CEST443502905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.992275000 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.992301941 CEST443502925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.992980957 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.993206024 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:46.993220091 CEST443502925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:46.998218060 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.008521080 CEST443502915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.018002987 CEST443502745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.018068075 CEST50274443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.022344112 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.022372961 CEST443502935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.022445917 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.022944927 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.022969007 CEST443502935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.026743889 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.044540882 CEST443502925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.054344893 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.054392099 CEST443502945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.054454088 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.054835081 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.054857969 CEST443502945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.056581020 CEST443502755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.056910038 CEST443502755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.056967020 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.057710886 CEST50275443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.064466953 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.072542906 CEST443502935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.086143970 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.086185932 CEST443502955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.086261988 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.086518049 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.086544037 CEST443502955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.091921091 CEST443502765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.091995001 CEST50276443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.094888926 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.104523897 CEST443502945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.111012936 CEST443502775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.111148119 CEST443502775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.111196041 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.111217022 CEST50277443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.120066881 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.120094061 CEST443502965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.120153904 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.120426893 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.120445967 CEST443502965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.140527010 CEST443502955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.141807079 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.153618097 CEST443502785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.153712034 CEST50278443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.164625883 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.164690971 CEST443502975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.164773941 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.165046930 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.165076017 CEST443502975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.173753023 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.188530922 CEST443502965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.195137978 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.195183039 CEST443502985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.195691109 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.195907116 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.195920944 CEST443502985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.203260899 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.216542006 CEST443502975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.226002932 CEST50299443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.226032972 CEST443502995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.226099014 CEST50299443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.226414919 CEST50299443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.226438999 CEST443502995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.227519035 CEST443502795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.227564096 CEST50279443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.230767012 CEST443502805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.230829954 CEST50280443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.232709885 CEST50299443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.244530916 CEST443502985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.254066944 CEST443502815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.254148006 CEST50281443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.259314060 CEST50300443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.259339094 CEST443503005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.259404898 CEST50300443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.259742975 CEST50300443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.259749889 CEST443503005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.268506050 CEST50300443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.276524067 CEST443502995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.279278994 CEST443502825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.279351950 CEST50282443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.292361021 CEST50301443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.292392969 CEST443503015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.292449951 CEST50301443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.292701960 CEST50301443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.292725086 CEST443503015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.312668085 CEST50301443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.316497087 CEST443503005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.335531950 CEST443502835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.335628033 CEST50283443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.336560011 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.336584091 CEST443503025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.336649895 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.336956978 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.336987019 CEST443503025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.346468925 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.360498905 CEST443503015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.366071939 CEST443502845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.366153955 CEST50284443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.367146015 CEST50303443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.367161989 CEST443503035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.367221117 CEST50303443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.367430925 CEST50303443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.367444038 CEST443503035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.369137049 CEST443502855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.369189978 CEST50285443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.376383066 CEST50303443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.392534971 CEST443503025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.397612095 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.397660971 CEST443503045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.397744894 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.397945881 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.397969007 CEST443503045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.403929949 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.416522980 CEST443503035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.417993069 CEST443502865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.418061018 CEST50286443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.444525957 CEST443503045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.457978964 CEST443502875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.458116055 CEST50287443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.467087984 CEST50305443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.467170954 CEST443503055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.467415094 CEST50305443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.467838049 CEST50305443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.467869997 CEST443503055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.475106001 CEST50305443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.508089066 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.508126974 CEST443503065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.508255005 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.508680105 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.508697987 CEST443503065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.516516924 CEST443503055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.523179054 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.527117014 CEST443502885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.527194977 CEST50288443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.548928022 CEST443502895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.548995018 CEST50289443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.568509102 CEST443503065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.590497971 CEST443502905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.590831041 CEST443502905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.590919971 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.590919971 CEST50290443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.617909908 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.617960930 CEST443503075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.618161917 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.618426085 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.618460894 CEST443503075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.625721931 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.630480051 CEST443502915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.630789995 CEST443502915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.630865097 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.630865097 CEST50291443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.649986982 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.650068998 CEST443503085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.650544882 CEST443502925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.650598049 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.650661945 CEST443502925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.650686026 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.651010036 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.651088953 CEST443503085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.651194096 CEST50292443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.655867100 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.668539047 CEST443503075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.674735069 CEST443502935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.674856901 CEST443502935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.678103924 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.678103924 CEST50293443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.678713083 CEST50309443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.678824902 CEST443503095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.678961039 CEST50309443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.679541111 CEST50309443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.679620028 CEST443503095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.685698032 CEST50309443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.696572065 CEST443503085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.710804939 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.710884094 CEST443503105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.711163044 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.711308956 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.711342096 CEST443503105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.711752892 CEST443502945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.712050915 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.712057114 CEST443502945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.712285042 CEST50294443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.718671083 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.728579044 CEST443503095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.741879940 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.741960049 CEST443503115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.742208958 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.742316961 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.742355108 CEST443503115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.747989893 CEST443502955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.748311043 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.748320103 CEST443502955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.748326063 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.748603106 CEST50295443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.760584116 CEST443503105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.774276972 CEST50312443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.774358034 CEST443503125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.774458885 CEST50312443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.774893045 CEST50312443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.775002003 CEST443503125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.780633926 CEST50312443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.788533926 CEST443503115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.797240973 CEST443502965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.797548056 CEST443502965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.797589064 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.797672987 CEST50296443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.808965921 CEST50313443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.809046984 CEST443503135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.809159994 CEST50313443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.809376001 CEST50313443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.809398890 CEST443503135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.813246012 CEST50313443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.822477102 CEST443502975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.822624922 CEST443502975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.823596001 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.823596954 CEST50297443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.824594021 CEST443503125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.845999002 CEST443502985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.846098900 CEST443502985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.846168995 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.846168995 CEST50298443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.850946903 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.851025105 CEST443503145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.851165056 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.851881981 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.851960897 CEST443503145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.856446028 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.856545925 CEST443503135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.884289980 CEST443502995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.884327888 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.884355068 CEST443503155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.884445906 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.884453058 CEST50299443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.885164976 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.885181904 CEST443503155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.887341976 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.900604963 CEST443503145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.913829088 CEST50316443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.913908005 CEST443503165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.914386034 CEST50316443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.914724112 CEST50316443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.914793968 CEST443503165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.918087959 CEST50316443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.928276062 CEST443503005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.928584099 CEST443503155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.928584099 CEST50300443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.945909977 CEST50317443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.945991039 CEST443503175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.946088076 CEST50317443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.946790934 CEST50317443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.946821928 CEST443503175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.949815989 CEST50317443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.953737974 CEST443503015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.953975916 CEST50301443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.960572958 CEST443503165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.975708008 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.975788116 CEST443503185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.975929976 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.976825953 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.976864100 CEST443503185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.982096910 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:47.992562056 CEST443503175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:47.999994993 CEST443503025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.000318050 CEST443503025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.000395060 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.000395060 CEST50302443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.007255077 CEST50319443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.007334948 CEST443503195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.007477999 CEST50319443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.007673979 CEST50319443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.007714987 CEST443503195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.012346029 CEST50319443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.017610073 CEST443503035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.017867088 CEST50303443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.024601936 CEST443503185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.038863897 CEST50320443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.038943052 CEST443503205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.039174080 CEST50320443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.041855097 CEST50320443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.041893005 CEST443503205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.044629097 CEST50320443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.052530050 CEST443503195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.070164919 CEST50321443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.070208073 CEST443503215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.074109077 CEST50321443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.074445963 CEST50321443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.074481964 CEST443503215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.077661991 CEST50321443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.079797029 CEST443503045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.080140114 CEST443503045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.080342054 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.080342054 CEST50304443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.092528105 CEST443503205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.100738049 CEST50322443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.100776911 CEST443503225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.101910114 CEST50322443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.102499962 CEST50322443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.102525949 CEST443503225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.108279943 CEST50322443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.120596886 CEST443503215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.132894039 CEST443503055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.133043051 CEST50305443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.133084059 CEST50323443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.133162975 CEST443503235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.133630037 CEST50323443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.134557009 CEST50323443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.134593964 CEST443503235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.136583090 CEST50323443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.148550987 CEST443503225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.159049988 CEST443503065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.159339905 CEST443503065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.160600901 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.160600901 CEST50306443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.165699005 CEST50324443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.165735960 CEST443503245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.169905901 CEST50324443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.180572987 CEST443503235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.197964907 CEST50325443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.198045969 CEST443503255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.198196888 CEST50325443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.198648930 CEST50325443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.198726892 CEST443503255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.199460030 CEST50325443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.225368977 CEST50326443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.225447893 CEST443503265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.225857973 CEST50326443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.225965023 CEST50326443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.226007938 CEST443503265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.231132984 CEST50326443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.240577936 CEST443503255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.256814003 CEST50327443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.256851912 CEST443503275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.257973909 CEST50327443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.258074999 CEST50327443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.258091927 CEST443503275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.262996912 CEST50327443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.272541046 CEST443503075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.272571087 CEST443503265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.272838116 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.272871017 CEST443503075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.273030996 CEST50307443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.289733887 CEST50328443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.289769888 CEST443503285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.289887905 CEST50328443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.290107965 CEST50328443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.290126085 CEST443503285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.294298887 CEST50328443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.304583073 CEST443503275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.319801092 CEST50329443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.319880009 CEST443503295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.320214987 CEST50329443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.320214987 CEST50329443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.320296049 CEST443503295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.330262899 CEST50329443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.332616091 CEST443503085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.332968950 CEST443503085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.333117962 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.333118916 CEST50308443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.336546898 CEST443503285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.338738918 CEST443503095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.338968992 CEST50309443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.350841045 CEST50330443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.350917101 CEST443503305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.351397991 CEST50330443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.351720095 CEST50330443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.351748943 CEST443503305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.355321884 CEST50330443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.371568918 CEST443503105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.371905088 CEST443503105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.372001886 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.372001886 CEST50310443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.372504950 CEST443503295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.381695986 CEST50331443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.381742954 CEST443503315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.381870985 CEST50331443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.382134914 CEST50331443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.382153034 CEST443503315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.388447046 CEST50331443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.396116972 CEST443503115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.396229029 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.396251917 CEST443503115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.396472931 CEST50311443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.400504112 CEST443503305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.414055109 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.414133072 CEST443503325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.414335966 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.414489031 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.414510965 CEST443503325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.419548035 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.432509899 CEST443503315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.445074081 CEST50333443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.445080042 CEST443503125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.445112944 CEST443503335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.445293903 CEST50312443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.445566893 CEST50333443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.445566893 CEST50333443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.445622921 CEST443503335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.452390909 CEST50333443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.464504957 CEST443503325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.475990057 CEST50334443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.476027012 CEST443503345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.476535082 CEST50334443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.476803064 CEST50334443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.476814985 CEST443503345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.483524084 CEST50334443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.489470005 CEST443503135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.489619017 CEST50313443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.492583990 CEST443503335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.510658026 CEST443503145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.510992050 CEST443503145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.512520075 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.512520075 CEST50314443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.513911009 CEST50335443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.513988972 CEST443503355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.514100075 CEST50335443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.514451027 CEST50335443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.514486074 CEST443503355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.523617029 CEST50335443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.524600029 CEST443503345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.534545898 CEST443503155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.534854889 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.534858942 CEST443503155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.535218954 CEST50315443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.553839922 CEST50336443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.553874016 CEST443503365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.554373026 CEST50336443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.555313110 CEST50336443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.555327892 CEST443503365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.564503908 CEST443503355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.568634987 CEST50336443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.571482897 CEST443503165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.571566105 CEST50316443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.602332115 CEST50337443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.602354050 CEST443503375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.602410078 CEST50337443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.603413105 CEST50337443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.603427887 CEST443503375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.612514019 CEST443503365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.614837885 CEST443503175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.614908934 CEST50317443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.621419907 CEST50337443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.632880926 CEST443503185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.633011103 CEST443503185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.633078098 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.633078098 CEST50318443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.648746967 CEST50338443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.648761034 CEST443503385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.648828983 CEST50338443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.649192095 CEST50338443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.649203062 CEST443503385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.657147884 CEST443503195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.657212973 CEST50319443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.659240007 CEST50338443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.664496899 CEST443503375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.679225922 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.679255009 CEST443503395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.679305077 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.679567099 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.679580927 CEST443503395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.683433056 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.697540045 CEST443503205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.697622061 CEST50320443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.700525045 CEST443503385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.711947918 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.711963892 CEST443503405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.712007999 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.712254047 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.712268114 CEST443503405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.722115040 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.728497028 CEST443503395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.741929054 CEST50341443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.741945982 CEST443503415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.741995096 CEST50341443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.742218971 CEST50341443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.742228985 CEST443503415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.749826908 CEST443503215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.749886990 CEST50321443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.750988960 CEST50341443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.764986992 CEST443503225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.765050888 CEST50322443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.768498898 CEST443503405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.773410082 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.773420095 CEST443503425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.773466110 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.773710966 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.773721933 CEST443503425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.781692982 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.786391973 CEST443503235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.786457062 CEST50323443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.796494961 CEST443503415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.805999994 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.806015968 CEST443503435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.806063890 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.806376934 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.806397915 CEST443503435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.814632893 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.828542948 CEST443503425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.848661900 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.848685026 CEST443503445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.848743916 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.849215984 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.849226952 CEST443503445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.856992960 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.860541105 CEST443503435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.877628088 CEST443503265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.877698898 CEST50326443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.880556107 CEST443503255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.880624056 CEST50325443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.884094000 CEST50345443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.884121895 CEST443503455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.884169102 CEST50345443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.884469032 CEST50345443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.884490967 CEST443503455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.895756960 CEST50345443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.904493093 CEST443503445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.911458969 CEST443503275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.911509037 CEST50327443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.930226088 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.930253029 CEST443503465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.930313110 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.930600882 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.930615902 CEST443503465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.936505079 CEST443503455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.937664032 CEST443503285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.937728882 CEST50328443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.941387892 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.977981091 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.978001118 CEST443503475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.978060961 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.978363991 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:48.978374958 CEST443503475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.984533072 CEST443503465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:48.985791922 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.001364946 CEST443503295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.001564026 CEST50329443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.007308960 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.007328987 CEST443503485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.007425070 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.007653952 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.007667065 CEST443503485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.010387897 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.021663904 CEST443503305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.021866083 CEST50330443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.028569937 CEST443503475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.033864021 CEST443503315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.033931971 CEST50331443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.038793087 CEST50349443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.038809061 CEST443503495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.038892031 CEST50349443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.039153099 CEST50349443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.039164066 CEST443503495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.045542002 CEST50349443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.052582026 CEST443503485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.070610046 CEST50350443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.070616961 CEST443503505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.070709944 CEST50350443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.070985079 CEST50350443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.070993900 CEST443503505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.077828884 CEST50350443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.088537931 CEST443503495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.090616941 CEST443503325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.090751886 CEST443503325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.090802908 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.090802908 CEST50332443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.100788116 CEST50351443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.100801945 CEST443503515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.100848913 CEST50351443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.101078033 CEST50351443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.101089954 CEST443503515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.108093977 CEST50351443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.114377975 CEST443503335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.114509106 CEST50333443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.124532938 CEST443503505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.132891893 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.132975101 CEST443503525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.133039951 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.133322954 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.133353949 CEST443503525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.134116888 CEST443503345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.134175062 CEST50334443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.141582966 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.152507067 CEST443503515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.160423994 CEST443503355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.160537004 CEST50335443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.184556007 CEST443503525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.192667961 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.192765951 CEST443503535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.192859888 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.193533897 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.193562984 CEST443503535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.237648010 CEST443503365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.237709045 CEST50336443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.272891045 CEST443503375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.272954941 CEST50337443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.305620909 CEST443503385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.305681944 CEST50338443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.329466105 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.354012012 CEST443503395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.354154110 CEST443503395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.354211092 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.354242086 CEST50339443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.358241081 CEST443503405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.358588934 CEST443503405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.358660936 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.358660936 CEST50340443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.372530937 CEST443503535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.418201923 CEST443503415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.418426037 CEST50341443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.430237055 CEST443503425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.430568933 CEST443503425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.430628061 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.430628061 CEST50342443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.463779926 CEST443503435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.463912010 CEST443503435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.463979006 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.463979006 CEST50343443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.502671957 CEST443503445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.502795935 CEST443503445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.502855062 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.502855062 CEST50344443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.534030914 CEST443503455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.534127951 CEST50345443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.581808090 CEST443503465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.582083941 CEST443503465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.582120895 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.582724094 CEST50346443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.603950024 CEST50354443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.604015112 CEST443503545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.604116917 CEST50354443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.604471922 CEST50354443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.604510069 CEST443503545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.650439024 CEST443503475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.650739908 CEST443503475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.652019978 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.652019978 CEST50347443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.675126076 CEST443503485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.675415993 CEST443503485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.675479889 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.677850008 CEST50348443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.685280085 CEST443503495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.685379028 CEST50349443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.687988997 CEST50354443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.720892906 CEST50355443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.720978975 CEST443503555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.721668005 CEST50355443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.721966982 CEST50355443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.721997023 CEST443503555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.732527971 CEST443503545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.736057997 CEST443503505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.736135006 CEST50350443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.737236023 CEST50355443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.752464056 CEST443503515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.752547026 CEST50351443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.780523062 CEST443503555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.794491053 CEST443503525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.794806004 CEST443503525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.794872999 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.794872999 CEST50352443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.818078995 CEST50356443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.818120956 CEST443503565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.818203926 CEST50356443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.818492889 CEST50356443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.818519115 CEST443503565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.860403061 CEST443503535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.860547066 CEST443503535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.860618114 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.860618114 CEST50353443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.891768932 CEST50356443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.936506033 CEST443503565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.965687990 CEST50357443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.965748072 CEST443503575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.965826035 CEST50357443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.966310024 CEST50357443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:49.966331005 CEST443503575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:49.974507093 CEST50357443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.007220984 CEST50358443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.007244110 CEST443503585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.007631063 CEST50358443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.008645058 CEST50358443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.008670092 CEST443503585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.015703917 CEST50358443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.020502090 CEST443503575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.038852930 CEST50359443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.038894892 CEST443503595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.038980007 CEST50359443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.039360046 CEST50359443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.039385080 CEST443503595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.047300100 CEST50359443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.060498953 CEST443503585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.069765091 CEST50360443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.069787025 CEST443503605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.070396900 CEST50360443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.070640087 CEST50360443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.070664883 CEST443503605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.072359085 CEST50360443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.092499018 CEST443503595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.100647926 CEST50361443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.100672007 CEST443503615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.100780010 CEST50361443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.101212025 CEST50361443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.101238012 CEST443503615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.106031895 CEST50361443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.112529039 CEST443503605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.132608891 CEST50362443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.132630110 CEST443503625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.135777950 CEST50362443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.137275934 CEST50362443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.137300014 CEST443503625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.137655973 CEST50362443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.148514032 CEST443503615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.167665005 CEST50363443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.167687893 CEST443503635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.167819023 CEST50363443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.168169022 CEST50363443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.168207884 CEST443503635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.169334888 CEST50363443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.184551001 CEST443503625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.194906950 CEST50364443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.194935083 CEST443503645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.195004940 CEST50364443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.195209980 CEST50364443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.195226908 CEST443503645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.200555086 CEST50364443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.216519117 CEST443503635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.226119995 CEST50365443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.226161957 CEST443503655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.226249933 CEST50365443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.226526022 CEST50365443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.226547956 CEST443503655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.232434034 CEST50365443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.244537115 CEST443503645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.262892962 CEST50366443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.262918949 CEST443503665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.263048887 CEST50366443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.263791084 CEST50366443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.263813972 CEST443503665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.270432949 CEST50366443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.272512913 CEST443503655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.275901079 CEST443503545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.276026011 CEST50354443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.304656982 CEST50367443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.304687977 CEST443503675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.304778099 CEST50367443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.305085897 CEST50367443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.305109978 CEST443503675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.311028957 CEST50367443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.312539101 CEST443503665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.335235119 CEST50368443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.335315943 CEST443503685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.335597992 CEST50368443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.335706949 CEST50368443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.335736036 CEST443503685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.342478037 CEST50368443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.352528095 CEST443503675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.367786884 CEST50369443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.367866993 CEST443503695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.368359089 CEST50369443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.368525982 CEST50369443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.368567944 CEST443503695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.375783920 CEST50369443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.381381035 CEST443503555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.381644964 CEST50355443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.388540030 CEST443503685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.397897959 CEST50370443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.397975922 CEST443503705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.398072004 CEST50370443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.398367882 CEST50370443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.398401022 CEST443503705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.403670073 CEST50370443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.420537949 CEST443503695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.428843975 CEST50371443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.428924084 CEST443503715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.429116011 CEST50371443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.429389954 CEST50371443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.429415941 CEST443503715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.434117079 CEST50371443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.444571972 CEST443503705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.459731102 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.459810972 CEST443503725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.460979939 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.461299896 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.461352110 CEST443503725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.467802048 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.478259087 CEST443503565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.478398085 CEST50356443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.480519056 CEST443503715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.491799116 CEST50373443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.491878986 CEST443503735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.492347002 CEST50373443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.492547035 CEST50373443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.492580891 CEST443503735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.498385906 CEST50373443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.508573055 CEST443503725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.522910118 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.522988081 CEST443503745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.523123980 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.523310900 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.523344994 CEST443503745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.529006004 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.540574074 CEST443503735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.554502964 CEST50375443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.554619074 CEST443503755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.554780960 CEST50375443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.555155039 CEST50375443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.555236101 CEST443503755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.565942049 CEST50375443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.572587967 CEST443503745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.593394041 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.593473911 CEST443503765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.593556881 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.594041109 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.594079018 CEST443503765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.607431889 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.608573914 CEST443503755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.622570038 CEST443503575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.622653008 CEST50357443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.634588003 CEST50377443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.634665966 CEST443503775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.634761095 CEST50377443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.635416031 CEST50377443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.635493994 CEST443503775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.648592949 CEST443503765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.650304079 CEST50377443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.675651073 CEST443503585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.675748110 CEST50358443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.681019068 CEST50378443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.681101084 CEST443503785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.681240082 CEST50378443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.681605101 CEST50378443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.681639910 CEST443503785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.692559004 CEST443503775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.694642067 CEST50378443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.700953007 CEST443503595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.701010942 CEST50359443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.727153063 CEST50379443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.727233887 CEST443503795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.727556944 CEST50379443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.727655888 CEST50379443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.727684975 CEST443503795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.730911970 CEST50379443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.740509987 CEST443503785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.750437021 CEST443503605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.750504971 CEST50360443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.758403063 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.758481026 CEST443503805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.758553028 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.758784056 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.758812904 CEST443503805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.763576984 CEST443503615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.763645887 CEST50361443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.767143965 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.772541046 CEST443503795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.789082050 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.789164066 CEST443503815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.789520979 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.789660931 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.789695024 CEST443503815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.797020912 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.809181929 CEST443503625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.809253931 CEST50362443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.812541962 CEST443503805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.823296070 CEST50382443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.823376894 CEST443503825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.823473930 CEST50382443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.823940039 CEST50382443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.824017048 CEST443503825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.829224110 CEST443503635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.829397917 CEST50363443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.830724955 CEST50382443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.840572119 CEST443503815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.850572109 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.850615978 CEST443503835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.851038933 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.851281881 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.851300955 CEST443503835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.856113911 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.871078014 CEST443503645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.871150970 CEST50364443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.872572899 CEST443503825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.881035089 CEST443503655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.881093025 CEST50365443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.882525921 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.882606983 CEST443503845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.882688046 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.882939100 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.882975101 CEST443503845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.887770891 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.900516987 CEST443503835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.913774014 CEST50385443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.913852930 CEST443503855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.913959026 CEST50385443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.914316893 CEST50385443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.914392948 CEST443503855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.919662952 CEST50385443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.928544044 CEST443503845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.938040972 CEST443503665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.938102961 CEST50366443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.946752071 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.946831942 CEST443503865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.947107077 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.952452898 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.952522993 CEST443503865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.958019972 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.964502096 CEST443503855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.991614103 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.991692066 CEST443503875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.991787910 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.992017031 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.992068052 CEST443503875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.993190050 CEST443503685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:50.993274927 CEST50368443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:50.997801065 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.000085115 CEST443503675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.000159979 CEST50367443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.000525951 CEST443503865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.022855043 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.022933960 CEST443503885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.023251057 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.023360014 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.023389101 CEST443503885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.028551102 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.040510893 CEST443503875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.044611931 CEST443503695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.044689894 CEST50369443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.054279089 CEST50389443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.054357052 CEST443503895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.054436922 CEST50389443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.054816961 CEST50389443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.054893970 CEST443503895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.056014061 CEST50389443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.058986902 CEST443503705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.059232950 CEST50370443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.072527885 CEST443503885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.085467100 CEST50390443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.085546017 CEST443503905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.085609913 CEST50390443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.085865021 CEST50390443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.085901022 CEST443503905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.090101957 CEST443503715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.090168953 CEST50371443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.091846943 CEST50390443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.096574068 CEST443503895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.116662025 CEST50391443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.116740942 CEST443503915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.116844893 CEST50391443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.117274046 CEST50391443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.117348909 CEST443503915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.123023033 CEST50391443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.132548094 CEST443503905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.141375065 CEST443503725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.141498089 CEST443503725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.141552925 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.141552925 CEST50372443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.147443056 CEST50392443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.147526026 CEST443503925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.147696018 CEST50392443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.148005009 CEST50392443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.148035049 CEST443503925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.154386044 CEST50392443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.159941912 CEST443503735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.160010099 CEST50373443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.168526888 CEST443503915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.178599119 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.178678036 CEST443503935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.179092884 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.179364920 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.179399967 CEST443503935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.180716991 CEST443503745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.180794954 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.180808067 CEST443503745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.180859089 CEST50374443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.186606884 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.196590900 CEST443503925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.210093975 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.210170984 CEST443503945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.210256100 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.210700989 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.210778952 CEST443503945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.218200922 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.228571892 CEST443503935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.244048119 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.244126081 CEST443503955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.244226933 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.244856119 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.244932890 CEST443503955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.264548063 CEST443503945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.267560959 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.290241957 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.290321112 CEST443503965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.290400982 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.290993929 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.291069984 CEST443503965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.306281090 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.312505007 CEST443503955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.337388039 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.337466955 CEST443503975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.337558985 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.337928057 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.338006020 CEST443503975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.348540068 CEST443503965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.354873896 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.383282900 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.383320093 CEST443503985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.383502007 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.384032011 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.384071112 CEST443503985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.389408112 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.400511980 CEST443503975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.414220095 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.414299011 CEST443503995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.414376974 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.414829016 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.414879084 CEST443503995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.424185991 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.432538033 CEST443503985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.445765018 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.445802927 CEST443504005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.445868015 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.446135998 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.446150064 CEST443504005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.455246925 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.464509964 CEST443503995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.476255894 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.476279974 CEST443504015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.476336956 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.476645947 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.476655960 CEST443504015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.489532948 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.500509024 CEST443504005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.523036957 CEST50402443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.523046970 CEST443504025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.523308992 CEST50402443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.523410082 CEST50402443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.523432016 CEST443504025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.531179905 CEST50402443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.532537937 CEST443504015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.554781914 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.554796934 CEST443504035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.554862976 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.555224895 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.555237055 CEST443504035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.563961029 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.567946911 CEST443503765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.568087101 CEST443503765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.568161011 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.568161964 CEST50376443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.568465948 CEST443503755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.568540096 CEST50375443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.573193073 CEST443503775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.573355913 CEST50377443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.574604034 CEST443503805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.574733019 CEST443503805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.574769020 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.575177908 CEST50380443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.576535940 CEST443504025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.579271078 CEST443503815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.579446077 CEST443503815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.579503059 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.579592943 CEST50381443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.580437899 CEST443503825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.580543041 CEST50382443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.587694883 CEST443503785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.587989092 CEST50378443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.588187933 CEST443503855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.588213921 CEST443503845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.588254929 CEST50385443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.588399887 CEST443503845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.588423967 CEST443503795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.588438034 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.588511944 CEST50379443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.588531017 CEST50384443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.589416027 CEST443503835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.589764118 CEST443503835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.589828968 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.589828968 CEST50383443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.604520082 CEST443504035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.611793041 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.611824989 CEST443504045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.612381935 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.612381935 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.612411022 CEST443504045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.628123999 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.629475117 CEST443503865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.629601955 CEST443503865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.629717112 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.629717112 CEST50386443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.640749931 CEST443503875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.640877962 CEST443503875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.640966892 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.641343117 CEST50387443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.663501024 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.663533926 CEST443504055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.663672924 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.664020061 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.664032936 CEST443504055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.668498039 CEST443504045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.673057079 CEST443503885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.673197031 CEST443503885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.673331976 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.673377991 CEST50388443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.674304962 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.694860935 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.694869995 CEST443504065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.695075989 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.695352077 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.695363045 CEST443504065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.702092886 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.716538906 CEST443504055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.725347996 CEST443503895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.725558996 CEST50389443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.726005077 CEST50407443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.726028919 CEST443504075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.726123095 CEST50407443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.726433992 CEST50407443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.726443052 CEST443504075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.735685110 CEST50407443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.737606049 CEST443503905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.737706900 CEST50390443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.748519897 CEST443504065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.756903887 CEST50408443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.756922007 CEST443504085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.757076979 CEST50408443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.757236004 CEST50408443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.757261038 CEST443504085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.763796091 CEST50408443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.770576000 CEST443503915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.770745993 CEST50391443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.776526928 CEST443504075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.788019896 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.788037062 CEST443504095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.788458109 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.789032936 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.789041996 CEST443504095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.795741081 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.808497906 CEST443504085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.809892893 CEST443503925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.810115099 CEST50392443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.819112062 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.819129944 CEST443504105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.819574118 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.819657087 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.819665909 CEST443504105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.825053930 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.836549997 CEST443504095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.850646973 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.850668907 CEST443504115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.850800991 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.851022005 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.851031065 CEST443504115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.855130911 CEST443503935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.855451107 CEST443503935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.855566025 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.855684996 CEST50393443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.859673023 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.872512102 CEST443504105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.883693933 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.883711100 CEST443504125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.884073973 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.884073973 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.884099007 CEST443504125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.888510942 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.904498100 CEST443504115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.915673018 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.915683985 CEST443504135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.916156054 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.916171074 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.916174889 CEST443504135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.919728994 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.936532974 CEST443504125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.945312977 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.945322037 CEST443504145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.945445061 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.945795059 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.945802927 CEST443504145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.952261925 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.964492083 CEST443504135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.984169006 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.984201908 CEST443504155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.984329939 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.984797955 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:51.984810114 CEST443504155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.992521048 CEST443504145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:51.992872000 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.025551081 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.025641918 CEST443504165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.025728941 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.025971889 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.026017904 CEST443504165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.034943104 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.040497065 CEST443504155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.056278944 CEST50417443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.056361914 CEST443504175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.056523085 CEST50417443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.056962013 CEST50417443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.056997061 CEST443504175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.070099115 CEST50417443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.076534033 CEST443504165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.101543903 CEST50418443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.101572990 CEST443504185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.101831913 CEST50418443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.102333069 CEST50418443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.102353096 CEST443504185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.112508059 CEST443504175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.122375965 CEST50418443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.147689104 CEST50419443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.147731066 CEST443504195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.147973061 CEST50419443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.148165941 CEST50419443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.148180008 CEST443504195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.153646946 CEST50419443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.168514967 CEST443504185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.179636955 CEST50420443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.179668903 CEST443504205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.179814100 CEST50420443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.180056095 CEST50420443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.180094957 CEST443504205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.196523905 CEST443504195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.202934980 CEST50420443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.219125032 CEST443503945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.219269991 CEST443503945.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.219399929 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.220280886 CEST50394443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.222239971 CEST443504015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.222341061 CEST443504015.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.222388029 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.222716093 CEST50401443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.226563931 CEST443504035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.226660967 CEST443504035.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.226706982 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.227222919 CEST50403443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.229470968 CEST443503995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.229794025 CEST443503995.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.231827974 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.231827974 CEST50399443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.235687971 CEST443504025.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.235702991 CEST443503985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.235821009 CEST443503985.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.235897064 CEST50402443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.235901117 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.239788055 CEST50398443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.241591930 CEST443504005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.241710901 CEST443504005.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.242475033 CEST443503965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.242563963 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.242563963 CEST50400443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.242762089 CEST443503965.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.242815971 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.243671894 CEST50396443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.244158983 CEST443503975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.244473934 CEST443503975.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.244524956 CEST443504205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.244609118 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.244609118 CEST50397443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.246007919 CEST443503955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.246309042 CEST443503955.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.247709036 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.247709990 CEST50395443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.269530058 CEST443504045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.269829988 CEST443504045.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.270015001 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.270015001 CEST50404443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.337989092 CEST50421443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.338063955 CEST443504215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.338224888 CEST50421443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.341753960 CEST50421443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.341787100 CEST443504215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.347996950 CEST443504055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.348315001 CEST443504055.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.351716995 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.351716995 CEST50405443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.376166105 CEST443504065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.376526117 CEST443504065.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.378245115 CEST443504075.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.378336906 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.378336906 CEST50406443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.378400087 CEST50407443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.404572010 CEST443504085.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.404635906 CEST50408443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.418026924 CEST50421443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.460576057 CEST443504215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.474526882 CEST50422443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.474575996 CEST443504225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.474699974 CEST50422443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.474845886 CEST443504105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.474965096 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.474973917 CEST443504105.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.475040913 CEST50410443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.476856947 CEST50422443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.476886034 CEST443504225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.481481075 CEST443504095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.481620073 CEST443504095.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.483724117 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.483724117 CEST50409443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.506980896 CEST443504115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.507265091 CEST443504115.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.507354975 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.507354975 CEST50411443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.540961027 CEST443504125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.541285992 CEST443504125.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.543704987 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.543704987 CEST50412443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.579718113 CEST443504135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.580029964 CEST443504135.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.580096006 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.580108881 CEST50413443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.600919962 CEST443504145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.601214886 CEST443504145.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.601264954 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.601277113 CEST50414443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.632005930 CEST443504155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.632134914 CEST443504155.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.632201910 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.635665894 CEST50415443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.677215099 CEST443504165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.677337885 CEST443504165.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.677432060 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.677432060 CEST50416443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.759450912 CEST443504185.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.759520054 CEST50418443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.796891928 CEST50422443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.819506884 CEST443504195.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.819566011 CEST50419443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.823849916 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.823904991 CEST443504235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.823947906 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.824203968 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.824218988 CEST443504235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.829615116 CEST443504175.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.829683065 CEST50417443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.832762003 CEST443504205.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.832864046 CEST50420443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.834665060 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.840575933 CEST443504225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.868012905 CEST50424443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.868042946 CEST443504245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.868117094 CEST50424443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.868374109 CEST50424443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.868398905 CEST443504245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.875849962 CEST50424443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.880537987 CEST443504235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.899173975 CEST50425443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.899204969 CEST443504255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.899260044 CEST50425443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.899653912 CEST50425443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.899667978 CEST443504255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.906835079 CEST50425443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.916532040 CEST443504245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.929945946 CEST50426443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.929971933 CEST443504265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.930036068 CEST50426443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.930284023 CEST50426443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.930306911 CEST443504265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.933069944 CEST50426443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.948494911 CEST443504255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.960468054 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.960505962 CEST443504275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.960563898 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.960974932 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.960998058 CEST443504275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.970029116 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.976515055 CEST443504265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.992013931 CEST50428443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.992039919 CEST443504285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:52.992108107 CEST50428443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.992332935 CEST50428443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:52.992352962 CEST443504285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.000525951 CEST50428443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.016532898 CEST443504275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.023992062 CEST443504215.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.024061918 CEST50421443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.029278040 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.029310942 CEST443504295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.029382944 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.029658079 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.029697895 CEST443504295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.036885023 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.044514894 CEST443504285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.070943117 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.070971966 CEST443504305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.071036100 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.071294069 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.071312904 CEST443504305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.079094887 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.080518961 CEST443504295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.101953983 CEST50431443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.101994038 CEST443504315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.102219105 CEST50431443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.102497101 CEST50431443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.102521896 CEST443504315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.109977007 CEST50431443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.120579004 CEST443504305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.132808924 CEST50432443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.132844925 CEST443504325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.132942915 CEST50432443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.133191109 CEST50432443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.133208036 CEST443504325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.140008926 CEST50432443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.151922941 CEST443504225.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.151988983 CEST50422443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.156497002 CEST443504315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.163975954 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.164087057 CEST443504335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.164154053 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.164380074 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.164403915 CEST443504335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.170150042 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.180572033 CEST443504325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.195430994 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.195508003 CEST443504345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.195575953 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.195974112 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.196048975 CEST443504345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.204279900 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.212510109 CEST443504335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.225855112 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.225883961 CEST443504355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.225936890 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.226347923 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.226368904 CEST443504355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.234143972 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.248497009 CEST443504345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.258480072 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.258558035 CEST443504365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.258630037 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.259176016 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.259253025 CEST443504365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.264091015 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.280495882 CEST443504355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.299767971 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.299798965 CEST443504375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.299854994 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.300338030 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.300357103 CEST443504375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.304573059 CEST443504365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.315291882 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.337738991 CEST50438443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.337769032 CEST443504385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.337820053 CEST50438443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.338145018 CEST50438443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.338161945 CEST443504385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.355233908 CEST50438443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.360528946 CEST443504375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.392471075 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.392570019 CEST443504395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.393095016 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.393464088 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.393532038 CEST443504395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.396533012 CEST443504385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.408987999 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.429670095 CEST50440443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.429748058 CEST443504405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.429841995 CEST50440443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.430227995 CEST50440443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.430301905 CEST443504405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.445259094 CEST50440443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.452572107 CEST443504395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.467633963 CEST443504235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.467767000 CEST443504235.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.467839956 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.467840910 CEST50423443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.477102041 CEST50441443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.477140903 CEST443504415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.477199078 CEST50441443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.477457047 CEST50441443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.477478981 CEST443504415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.482620001 CEST50441443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.488548040 CEST443504405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.507329941 CEST50442443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.507368088 CEST443504425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.507463932 CEST50442443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.507775068 CEST50442443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.507792950 CEST443504425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.516865015 CEST50442443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.522099018 CEST443504245.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.522161007 CEST50424443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.528505087 CEST443504415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.538821936 CEST50443443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.538932085 CEST443504435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.539268970 CEST50443443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.539448023 CEST50443443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.539503098 CEST443504435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.546914101 CEST50443443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.560571909 CEST443504425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.566895008 CEST443504255.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.566955090 CEST50425443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.569552898 CEST50444443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.569591999 CEST443504445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.569669962 CEST50444443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.569978952 CEST50444443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.570019007 CEST443504445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.576430082 CEST50444443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.585920095 CEST443504265.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.586014986 CEST50426443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.588573933 CEST443504435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.600805044 CEST50445443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.600883007 CEST443504455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.601527929 CEST50445443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.601970911 CEST50445443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.602082968 CEST443504455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.611408949 CEST50445443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.620498896 CEST443504445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.622376919 CEST443504275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.622513056 CEST443504275.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.622833967 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.622833967 CEST50427443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.631923914 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.632003069 CEST443504465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.632435083 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.632569075 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.632610083 CEST443504465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.638185024 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.647270918 CEST443504285.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.647397995 CEST50428443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.652595997 CEST443504455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.679527044 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.679565907 CEST443504475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.679969072 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.679969072 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.680033922 CEST443504475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.684535980 CEST443504465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.688950062 CEST443504295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.689285994 CEST443504295.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.689382076 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.689383030 CEST50429443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.704749107 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.729479074 CEST443504305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.729804993 CEST443504305.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.729931116 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.729931116 CEST50430443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.743052006 CEST50448443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.743133068 CEST443504485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.743901014 CEST50448443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.744380951 CEST50448443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.744462013 CEST443504485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.745016098 CEST443504315.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.745136023 CEST50431443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.748580933 CEST443504475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.748892069 CEST50448443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.773351908 CEST50449443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.773391008 CEST443504495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.773627043 CEST50449443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.773996115 CEST50449443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.774034977 CEST443504495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.780499935 CEST50449443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.784172058 CEST443504325.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.784410954 CEST50432443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.792536974 CEST443504485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.807673931 CEST50450443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.807712078 CEST443504505.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.812083006 CEST50450443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.817868948 CEST443504335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.818193913 CEST443504335.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.818450928 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.818451881 CEST50433443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.828535080 CEST443504495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.837759972 CEST50451443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.837840080 CEST443504515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.838149071 CEST50451443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.838403940 CEST50451443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.838438034 CEST443504515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.843157053 CEST50451443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.844837904 CEST443504345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.844963074 CEST443504345.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.845015049 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.845870018 CEST50434443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.867717981 CEST50452443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.867754936 CEST443504525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.868256092 CEST50452443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.868587017 CEST50452443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.868612051 CEST443504525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.871767998 CEST50452443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.888545036 CEST443504515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.900213957 CEST443504355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.900264025 CEST50453443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.900342941 CEST443504355.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.900341988 CEST443504535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.900422096 CEST50453443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.900474072 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.900474072 CEST50435443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.900664091 CEST50453443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.900693893 CEST443504535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.904432058 CEST50453443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.911070108 CEST443504365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.911408901 CEST443504365.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.911623955 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.911624908 CEST50436443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.912550926 CEST443504525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.931706905 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.931787968 CEST443504545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.932399035 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.932620049 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.932665110 CEST443504545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.933984041 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.944578886 CEST443504535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.960180998 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.960223913 CEST443504555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.960515976 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.962807894 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.962847948 CEST443504555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.966466904 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.976574898 CEST443504545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.981750011 CEST443504375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.982047081 CEST443504375.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.982197046 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.988146067 CEST50437443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.992825985 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.992863894 CEST443504565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:53.993242025 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.993242979 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:53.993282080 CEST443504565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.006618023 CEST443504385.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.006911039 CEST50438443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.007642031 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.008538961 CEST443504555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.039808989 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.039890051 CEST443504575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.040680885 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.041074991 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.041155100 CEST443504575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.048532963 CEST443504565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.053558111 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.070420980 CEST443504395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.070544004 CEST443504395.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.070770979 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.070770979 CEST50439443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.081971884 CEST443504405.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.082211971 CEST50440443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.087791920 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.087872982 CEST443504585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.088285923 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.088285923 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.088416100 CEST443504585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.091263056 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.096549988 CEST443504575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.116421938 CEST50459443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.116461039 CEST443504595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.117043972 CEST50459443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.117342949 CEST50459443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.117383957 CEST443504595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.124083042 CEST50459443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.132550001 CEST443504585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.147931099 CEST50460443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.148011923 CEST443504605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.148147106 CEST50460443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.148432016 CEST50460443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.148469925 CEST443504605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.152190924 CEST443504415.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.152405977 CEST50441443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.158890963 CEST50460443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.168499947 CEST443504595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.179029942 CEST50461443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.179068089 CEST443504615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.179336071 CEST50461443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.179572105 CEST50461443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.179595947 CEST443504615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.189095974 CEST50461443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.189726114 CEST443504435.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.189953089 CEST50443443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.200592041 CEST443504605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.210047960 CEST50462443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.210088015 CEST443504625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.210179090 CEST50462443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.210578918 CEST50462443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.210618973 CEST443504625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.217263937 CEST50462443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.222660065 CEST443504445.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.222918987 CEST50444443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.232570887 CEST443504615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.241811037 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.241890907 CEST443504635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.242273092 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.242392063 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.242423058 CEST443504635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.247598886 CEST443504425.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.247750998 CEST50442443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.250492096 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.252836943 CEST443504455.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.252954960 CEST50445443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.260528088 CEST443504625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.273780107 CEST50464443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.273832083 CEST443504645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.273955107 CEST50464443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.274363995 CEST50464443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.274393082 CEST443504645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.293040037 CEST50464443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.296509027 CEST443504635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.302735090 CEST443504465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.302875996 CEST443504465.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.302948952 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.302948952 CEST50446443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.321721077 CEST50465443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.321787119 CEST443504655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.321815968 CEST443504475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.321856976 CEST50465443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.321934938 CEST443504475.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.322105885 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.322105885 CEST50447443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.322248936 CEST50465443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.322278976 CEST443504655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.336838007 CEST50465443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.340506077 CEST443504645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.366875887 CEST50466443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.366909027 CEST443504665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.367122889 CEST50466443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.367448092 CEST50466443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.367472887 CEST443504665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.384522915 CEST443504655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.391761065 CEST443504485.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.391972065 CEST50448443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.396197081 CEST50466443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.431679010 CEST50467443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.431732893 CEST443504675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.431843996 CEST50467443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.432189941 CEST50467443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.432207108 CEST443504675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.436532021 CEST443504665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.438910961 CEST443504495.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.439095974 CEST50449443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.441761017 CEST50467443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.462376118 CEST50468443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.462414026 CEST443504685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.462702990 CEST50468443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.464159012 CEST50468443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.464184999 CEST443504685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.470120907 CEST50468443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.484534979 CEST443504675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.493799925 CEST50469443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.493819952 CEST443504695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.493895054 CEST50469443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.494177103 CEST50469443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.494199038 CEST443504695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.499608040 CEST443504515.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.499850988 CEST50451443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.502801895 CEST50469443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.512547970 CEST443504685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.519155979 CEST443504525.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.519259930 CEST50452443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.523097038 CEST50470443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.523123026 CEST443504705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.527723074 CEST50470443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.528206110 CEST50470443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.528230906 CEST443504705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.535675049 CEST50470443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.544575930 CEST443504695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.551824093 CEST443504535.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.551922083 CEST50453443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.554394960 CEST50471443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.554441929 CEST443504715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.554538965 CEST50471443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.554933071 CEST50471443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.554956913 CEST443504715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.561928988 CEST50471443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.580492973 CEST443504705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.583035946 CEST443504545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.583159924 CEST443504545.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.583211899 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.583211899 CEST50454443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.585587978 CEST50472443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.585608959 CEST443504725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.585664988 CEST50472443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.586087942 CEST50472443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.586106062 CEST443504725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.595429897 CEST50472443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.608536959 CEST443504715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.617889881 CEST443504555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.618040085 CEST443504555.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.618113041 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.618113041 CEST50455443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.618627071 CEST50473443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.618652105 CEST443504735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.618712902 CEST50473443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.619091988 CEST50473443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.619117022 CEST443504735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.636514902 CEST443504725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.642327070 CEST50473443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.648677111 CEST443504565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.648998976 CEST443504565.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.649064064 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.649064064 CEST50456443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.664145947 CEST50474443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.664166927 CEST443504745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.664227962 CEST50474443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.664593935 CEST50474443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.664617062 CEST443504745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.675277948 CEST50474443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.684525013 CEST443504735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.696528912 CEST50475443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.696556091 CEST443504755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.696618080 CEST50475443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.696923018 CEST50475443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.696947098 CEST443504755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.697088957 CEST443504575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.697266102 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.697300911 CEST443504575.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.697551966 CEST50457443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.707223892 CEST50475443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.716526031 CEST443504745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.742938995 CEST50476443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.742970943 CEST443504765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.743022919 CEST50476443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.743307114 CEST50476443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.743314981 CEST443504765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.750684023 CEST443504585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.750823975 CEST443504585.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.750853062 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.750922918 CEST50458443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.752506971 CEST443504755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.753222942 CEST50476443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.774477005 CEST50477443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.774524927 CEST443504775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.774605989 CEST50477443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.774997950 CEST50477443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.775027037 CEST443504775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.778398037 CEST443504595.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.778496027 CEST50459443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.784849882 CEST50477443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.796528101 CEST443504765.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.804392099 CEST50478443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.804428101 CEST443504785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.804498911 CEST50478443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.804722071 CEST50478443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.804745913 CEST443504785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.811028004 CEST443504605.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.811093092 CEST50460443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.814229012 CEST50478443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.832530975 CEST443504775.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.838323116 CEST50479443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.838340044 CEST443504795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.838392019 CEST50479443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.838715076 CEST50479443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.838726997 CEST443504795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.849622011 CEST443504615.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.849792957 CEST50461443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.860526085 CEST443504785.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.870762110 CEST443504625.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.870939970 CEST50462443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.871169090 CEST50479443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.899538040 CEST50480443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.899564981 CEST443504805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.899616957 CEST50480443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.899965048 CEST50480443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.899976015 CEST443504805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.905320883 CEST50480443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.912501097 CEST443504795.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.925921917 CEST443504635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.926048040 CEST443504635.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.926110029 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.926110983 CEST50463443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.930408001 CEST50481443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.930439949 CEST443504815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.930496931 CEST50481443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.930783987 CEST50481443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.930798054 CEST443504815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.937829971 CEST50481443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.940254927 CEST443504645.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.940320969 CEST50464443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.948533058 CEST443504805.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.961714029 CEST50482443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.961729050 CEST443504825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.961831093 CEST50482443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.962116003 CEST50482443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.962126970 CEST443504825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.970601082 CEST50482443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.982196093 CEST443504655.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.982264042 CEST50465443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.984503984 CEST443504815.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.991775990 CEST50483443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.991796017 CEST443504835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:54.991842031 CEST50483443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.992084026 CEST50483443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:54.992094994 CEST443504835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.002041101 CEST50483443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.016509056 CEST443504825.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.023175001 CEST50484443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.023200989 CEST443504845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.023274899 CEST50484443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.023510933 CEST50484443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.023520947 CEST443504845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.031369925 CEST50484443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.048523903 CEST443504835.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.076543093 CEST443504845.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.083357096 CEST50485443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.083386898 CEST443504855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.083462000 CEST50485443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.083754063 CEST50485443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.083765030 CEST443504855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.087907076 CEST443504675.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.087961912 CEST50467443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.093516111 CEST50485443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.109113932 CEST443504665.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.109170914 CEST50466443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.116257906 CEST443504685.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.116344929 CEST50468443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.117645979 CEST50486443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.117657900 CEST443504865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.117707014 CEST50486443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.117953062 CEST50486443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.117961884 CEST443504865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.121965885 CEST50486443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.140533924 CEST443504855.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.145930052 CEST443504695.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.145992041 CEST50469443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.147497892 CEST50487443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.147530079 CEST443504875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.147825003 CEST50487443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.147892952 CEST50487443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.147901058 CEST443504875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.153954983 CEST50487443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.168494940 CEST443504865.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.191807032 CEST443504705.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.191924095 CEST50470443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.200522900 CEST443504875.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.221992970 CEST50488443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.222008944 CEST443504885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.222069979 CEST50488443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.222352028 CEST50488443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.222363949 CEST443504885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.226484060 CEST50488443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.241059065 CEST443504725.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.241133928 CEST50472443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.257972956 CEST50489443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.257991076 CEST443504895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.258038044 CEST50489443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.258284092 CEST50489443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.258294106 CEST443504895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.267585993 CEST50489443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.271930933 CEST443504735.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.272012949 CEST50473443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.272494078 CEST443504885.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.289038897 CEST50490443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.289058924 CEST443504905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.289118052 CEST50490443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.289525986 CEST50490443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.289535999 CEST443504905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.299170017 CEST50490443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.310900927 CEST443504745.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.310952902 CEST50474443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.311326981 CEST443504715.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.311423063 CEST50471443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.312494993 CEST443504895.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.320883036 CEST50491443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.320913076 CEST443504915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.320960999 CEST50491443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.321234941 CEST50491443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.321252108 CEST443504915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.330789089 CEST50491443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.340492010 CEST443504905.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.351588011 CEST50492443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.351599932 CEST443504925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.351912975 CEST50492443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.352253914 CEST50492443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.352263927 CEST443504925.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.360429049 CEST50492443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.364365101 CEST443504755.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.364429951 CEST50475443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.376498938 CEST443504915.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.383758068 CEST50493443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.383771896 CEST443504935.75.168.191192.168.2.4
                                          Aug 13, 2024 08:53:55.383821964 CEST50493443192.168.2.45.75.168.191
                                          Aug 13, 2024 08:53:55.384051085 CEST50493443192.168.2.45.75.168.191

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Aug 13, 2024 08:52:04.536140919 CEST192.168.2.41.1.1.10xb1d3Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:36.555075884 CEST192.168.2.41.1.1.10xe0f3Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:53:36.428668022 CEST192.168.2.41.1.1.10xf067Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:54:36.414333105 CEST192.168.2.41.1.1.10xc83Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:55:36.687242985 CEST192.168.2.41.1.1.10x5e1fStandard query (0)getscreen.meA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Aug 13, 2024 08:52:04.548923969 CEST1.1.1.1192.168.2.40xb1d3No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:04.548923969 CEST1.1.1.1192.168.2.40xb1d3No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:04.548923969 CEST1.1.1.1192.168.2.40xb1d3No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:36.563746929 CEST1.1.1.1192.168.2.40xe0f3No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:36.563746929 CEST1.1.1.1192.168.2.40xe0f3No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:52:36.563746929 CEST1.1.1.1192.168.2.40xe0f3No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:53:36.476808071 CEST1.1.1.1192.168.2.40xf067No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:53:36.476808071 CEST1.1.1.1192.168.2.40xf067No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:53:36.476808071 CEST1.1.1.1192.168.2.40xf067No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:54:36.423084974 CEST1.1.1.1192.168.2.40xc83No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:54:36.423084974 CEST1.1.1.1192.168.2.40xc83No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:54:36.423084974 CEST1.1.1.1192.168.2.40xc83No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:55:36.695905924 CEST1.1.1.1192.168.2.40x5e1fNo error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:55:36.695905924 CEST1.1.1.1192.168.2.40x5e1fNo error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                          Aug 13, 2024 08:55:36.695905924 CEST1.1.1.1192.168.2.40x5e1fNo error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.4497325.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:52:05 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:52:05 UTC266INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:52:05 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 10
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:52:05 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.4497335.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:52:18 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:52:18 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:52:18 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:52:18 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.4497425.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:52:37 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:52:37 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:52:37 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:52:37 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.4497435.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:52:44 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:52:44 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:52:44 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:52:44 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.4497445.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:52:55 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:52:55 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:52:55 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:52:55 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.4497465.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:53:09 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:53:10 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:53:09 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:53:10 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.4497475.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:53:12 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:53:12 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:53:12 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:53:12 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.4497485.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:53:17 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:53:17 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:53:17 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:53:17 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.4497495.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:53:21 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:53:22 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:53:22 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:53:22 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.4532175.75.168.1914437268C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:56:10 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:56:10 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:56:10 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:56:10 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          10192.168.2.4532185.75.168.191443
                                          TimestampBytes transferredDirectionData
                                          2024-08-13 06:56:36 UTC290OUTGET /signal/agent HTTP/1.1
                                          Host: getscreen.me
                                          Upgrade: websocket
                                          Connection: Upgrade
                                          Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                          Origin: https://getscreen.me
                                          Sec-WebSocket-Protocol: chat, superchat
                                          Sec-WebSocket-Version: 13
                                          User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                          2024-08-13 06:56:36 UTC265INHTTP/1.1 400 Bad Request
                                          content-type: text/plain; charset=utf-8
                                          sec-websocket-version: 13
                                          x-content-type-options: nosniff
                                          date: Tue, 13 Aug 2024 06:56:36 GMT
                                          content-length: 12
                                          x-envoy-upstream-service-time: 3
                                          server: lb2.getscreen.me
                                          connection: close
                                          2024-08-13 06:56:36 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                          Data Ascii: Bad Request


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:02:52:00
                                          Start date:13/08/2024
                                          Path:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\getscreen-156413884-x86.exe"
                                          Imagebase:0xd60000
                                          File size:3'654'440 bytes
                                          MD5 hash:2E9DE68641B502474E5BA330FE5396BB
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:1
                                          Start time:02:52:00
                                          Start date:13/08/2024
                                          Path:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\getscreen-156413884-x86.exe" -gpipe \\.\pipe\PCommand97jozacdivvdywhof -gui
                                          Imagebase:0xd60000
                                          File size:3'654'440 bytes
                                          MD5 hash:2E9DE68641B502474E5BA330FE5396BB
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:2
                                          Start time:02:52:01
                                          Start date:13/08/2024
                                          Path:C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\ProgramData\Getscreen.me\apiirpcewshyuslqylilsjzmfgzdtrv-elevate.exe" -elevate \\.\pipe\elevateGS512apiirpcewshyuslqylilsjzmfgzdtrv
                                          Imagebase:0xed0000
                                          File size:3'654'440 bytes
                                          MD5 hash:2E9DE68641B502474E5BA330FE5396BB
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 1%, Virustotal, Browse
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:02:52:03
                                          Start date:13/08/2024
                                          Path:C:\Windows\System32\svchost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
                                          Imagebase:0x7ff6eef20000
                                          File size:55'320 bytes
                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:4
                                          Start time:02:52:04
                                          Start date:13/08/2024
                                          Path:C:\Users\user\Desktop\getscreen-156413884-x86.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\getscreen-156413884-x86.exe" -cpipe \\.\pipe\PCommand96hbjpbtabxviuvrw -cmem 0000pipe0PCommand96hbjpbtabxviuvrwje4lkifw6rl2mfm -child
                                          Imagebase:0xd60000
                                          File size:3'654'440 bytes
                                          MD5 hash:2E9DE68641B502474E5BA330FE5396BB
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:1%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:6.1%
                                            Total number of Nodes:115
                                            Total number of Limit Nodes:9
                                            execution_graph 13370 dbd00a 13381 dbbe18 13370->13381 13374 dbd01f 13397 e52edc 13374->13397 13376 dbd030 13377 dbbe18 9 API calls 13376->13377 13378 dbd049 13377->13378 13379 dbc13c 3 API calls 13378->13379 13380 dbd052 13379->13380 13382 dbbe41 13381->13382 13390 dbbe39 13381->13390 13408 141ff78 RtlAcquireSRWLockExclusive 13382->13408 13384 dbbe4b 13384->13390 13413 141fecc 13384->13413 13386 dbbe5e 13418 dbbe80 RtlInitializeCriticalSection TlsAlloc 13386->13418 13388 dbbe6a 13419 141ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 13388->13419 13391 dbc13c 13390->13391 13392 dbc14a 13391->13392 13393 dbc153 TlsGetValue 13391->13393 13424 dbc178 13392->13424 13395 dbc167 TlsSetValue 13393->13395 13396 dbc151 13393->13396 13395->13374 13396->13395 13398 e5300b 13397->13398 13402 e52f33 13397->13402 13399 141ff78 3 API calls 13398->13399 13401 e53015 13399->13401 13400 e52fbf KiUserExceptionDispatcher 13400->13376 13401->13402 13403 e53025 GetModuleHandleA GetProcAddress 13401->13403 13402->13400 13404 e52f92 GetCurrentThread 13402->13404 13427 141ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 13403->13427 13406 e52fb5 SetThreadDescription 13404->13406 13406->13400 13407 e53059 13407->13402 13410 141ff8c 13408->13410 13409 141ff91 RtlReleaseSRWLockExclusive 13409->13384 13410->13409 13420 141ffc7 SleepConditionVariableSRW 13410->13420 13415 141fed1 13413->13415 13414 141feeb 13414->13386 13415->13414 13421 14223ce 13415->13421 13417 1420ffb 13417->13386 13418->13388 13419->13390 13420->13410 13422 1422415 KiUserExceptionDispatcher 13421->13422 13423 14223e8 13421->13423 13422->13417 13423->13422 13425 141fecc KiUserExceptionDispatcher 13424->13425 13426 dbc187 13425->13426 13426->13396 13427->13407 13428 ecb829 SetLastError 13429 ecb88c 13428->13429 13435 ecb841 13428->13435 13437 133f1f8 13429->13437 13438 133f206 Concurrency::cancel_current_task 13437->13438 13439 14223ce Concurrency::cancel_current_task KiUserExceptionDispatcher 13438->13439 13440 133f214 13439->13440 13441 142b62b 13442 142b637 13441->13442 13443 142b64b 13442->13443 13444 142b63e GetLastError RtlExitUserThread 13442->13444 13447 143f42c GetLastError 13443->13447 13444->13443 13446 142b650 13448 143f442 13447->13448 13458 143f44c SetLastError 13448->13458 13474 143f717 13448->13474 13451 143f4dc 13451->13446 13452 143f479 13453 143f4b9 13452->13453 13455 143f481 13452->13455 13482 143f25a 13453->13482 13454 143f4e1 13461 143f717 RtlAllocateHeap 13454->13461 13462 143f4fe 13454->13462 13478 143f066 13455->13478 13458->13451 13458->13454 13460 143f066 ___std_exception_copy 2 API calls 13460->13458 13463 143f522 13461->13463 13464 143f57d GetLastError 13462->13464 13473 143f503 13462->13473 13465 143f52a 13463->13465 13466 143f55e 13463->13466 13467 143f593 13464->13467 13468 143f066 ___std_exception_copy 2 API calls 13465->13468 13469 143f25a 2 API calls 13466->13469 13470 143f622 SetLastError 13467->13470 13468->13462 13471 143f569 13469->13471 13470->13446 13472 143f066 ___std_exception_copy 2 API calls 13471->13472 13472->13473 13473->13446 13477 143f730 13474->13477 13475 143f74f RtlAllocateHeap 13476 143f764 13475->13476 13475->13477 13476->13452 13477->13475 13477->13476 13479 143f071 RtlFreeHeap 13478->13479 13481 143f093 ___std_exception_copy 13478->13481 13480 143f086 GetLastError 13479->13480 13479->13481 13480->13481 13481->13458 13487 143f0ee 13482->13487 13488 143f0fa 13487->13488 13499 142f2a5 RtlEnterCriticalSection 13488->13499 13490 143f104 13500 143f134 13490->13500 13493 143f200 13494 143f20c 13493->13494 13504 142f2a5 RtlEnterCriticalSection 13494->13504 13496 143f216 13505 143f24e 13496->13505 13499->13490 13503 142f2ed RtlLeaveCriticalSection 13500->13503 13502 143f122 13502->13493 13503->13502 13504->13496 13508 142f2ed RtlLeaveCriticalSection 13505->13508 13507 143f23c 13507->13460 13508->13507 13509 24b29e0 13511 24b29f8 13509->13511 13510 24b2b03 LoadLibraryA 13510->13511 13511->13510 13513 24b2b2c GetProcAddress 13511->13513 13514 24b2b48 VirtualProtect VirtualProtect 13511->13514 13513->13511 13515 24b2b42 ExitProcess 13513->13515 13516 24b2bc0 13514->13516 13517 dc7900 13518 dc7984 13517->13518 13519 dc790c 13517->13519 13521 1425f15 13519->13521 13522 143f066 ___std_exception_copy 2 API calls 13521->13522 13523 1425f2d 13522->13523 13523->13518

                                            Executed Functions

                                            Function 024B29E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 14 24b29e0-24b29f0 15 24b2a02-24b2a07 14->15 16 24b2a09 15->16 17 24b2a0b 16->17 18 24b29f8-24b29fd 16->18 20 24b2a10-24b2a12 17->20 19 24b29fe-24b2a00 18->19 19->15 19->16 21 24b2a1b-24b2a1f 20->21 22 24b2a14-24b2a19 20->22 23 24b2a2c-24b2a2f 21->23 24 24b2a21 21->24 22->21 25 24b2a38-24b2a3a 23->25 26 24b2a31-24b2a36 23->26 27 24b2a4b-24b2a50 24->27 28 24b2a23-24b2a2a 24->28 25->20 26->25 29 24b2a63-24b2a65 27->29 30 24b2a52-24b2a5b 27->30 28->23 28->27 33 24b2a6e 29->33 34 24b2a67-24b2a6c 29->34 31 24b2a5d-24b2a61 30->31 32 24b2ad2-24b2ad5 30->32 31->33 35 24b2ada 32->35 36 24b2a3c-24b2a3e 33->36 37 24b2a70-24b2a73 33->37 34->33 40 24b2adc-24b2ade 35->40 38 24b2a40-24b2a45 36->38 39 24b2a47-24b2a49 36->39 41 24b2a7c 37->41 42 24b2a75-24b2a7a 37->42 38->39 43 24b2a9d-24b2aac 39->43 44 24b2ae0-24b2ae3 40->44 45 24b2af7 40->45 41->36 46 24b2a7e-24b2a80 41->46 42->41 50 24b2aae-24b2ab5 43->50 51 24b2abc-24b2ac9 43->51 44->40 52 24b2ae5-24b2af5 44->52 47 24b2afd-24b2b01 45->47 48 24b2a89-24b2a8d 46->48 49 24b2a82-24b2a87 46->49 53 24b2b48-24b2b4b 47->53 54 24b2b03-24b2b19 LoadLibraryA 47->54 48->46 55 24b2a8f 48->55 49->48 50->50 56 24b2ab7 50->56 51->51 57 24b2acb-24b2acd 51->57 52->35 61 24b2b4e-24b2b55 53->61 58 24b2b1a-24b2b1f 54->58 59 24b2a9a 55->59 60 24b2a91-24b2a98 55->60 56->19 57->19 58->47 62 24b2b21-24b2b23 58->62 59->43 60->46 60->59 63 24b2b79-24b2bbd VirtualProtect * 2 61->63 64 24b2b57-24b2b59 61->64 65 24b2b2c-24b2b39 GetProcAddress 62->65 66 24b2b25-24b2b2b 62->66 71 24b2bc0-24b2bc1 63->71 67 24b2b5b-24b2b6a 64->67 68 24b2b6c-24b2b77 64->68 69 24b2b3b-24b2b40 65->69 70 24b2b42 ExitProcess 65->70 66->65 67->61 68->67 69->58 72 24b2bc5-24b2bc9 71->72 72->72 73 24b2bcb 72->73
                                            APIs
                                            • LoadLibraryA.KERNEL32(?), ref: 024B2B13
                                            • GetProcAddress.KERNELBASE(?,0248CFF9), ref: 024B2B31
                                            • ExitProcess.KERNEL32(?,0248CFF9), ref: 024B2B42
                                            • VirtualProtect.KERNELBASE(00D60000,00001000,00000004,?,00000000), ref: 024B2B90
                                            • VirtualProtect.KERNELBASE(00D60000,00001000), ref: 024B2BA5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                            • String ID:
                                            • API String ID: 1996367037-0
                                            • Opcode ID: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction ID: d0ae418350bdc67fde13f2f37d00c39ec521af3bd17cc9c7e9247e9c20d2f06e
                                            • Opcode Fuzzy Hash: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction Fuzzy Hash: 8351F2726147125AE732CEB8CCC07E6B791EF4A224718072ADDE2D73C6EBE459468370
                                            Function 00E52EDC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91threadlibraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetCurrentThread.KERNEL32 ref: 00E52FA5
                                            • SetThreadDescription.KERNELBASE(00000000,?), ref: 00E52FBD
                                            • KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,?), ref: 00E52FEA
                                            • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 00E53031
                                            • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 00E5303D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Thread$AddressCurrentDescriptionDispatcherExceptionHandleModuleProcUser
                                            • String ID: Kernel32.dll$SetThreadDescription
                                            • API String ID: 2856497764-1724334159
                                            • Opcode ID: a5175905ab38eac31b63bd1bc4b9f11cf9b2a780799bf95caa3df07351c3faa5
                                            • Instruction ID: e6af360bfdd4711fa0fa79137e68accdd64723ed8dc12627c00f97ee1ef861cd
                                            • Opcode Fuzzy Hash: a5175905ab38eac31b63bd1bc4b9f11cf9b2a780799bf95caa3df07351c3faa5
                                            • Instruction Fuzzy Hash: BA41CFB1D007459FCB24CF58DC48BAAB7B4FB8A324F24835AE865A73A1D7744984CB91
                                            Function 00ECB829 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 74 ecb829-ecb83f SetLastError 75 ecb88c-ecb8c0 call 133f1f8 call 141fecc 74->75 76 ecb841-ecb84e 74->76 83 ecb8e0-ecb8fc 75->83 84 ecb8c2-ecb8dd 75->84 81 ecb852-ecb854 76->81 85 ecb856-ecb85b 81->85 86 ecb883-ecb889 81->86 89 ecb8fe-ecb901 83->89 90 ecb903 83->90 84->83 87 ecb85d-ecb875 85->87 88 ecb87a-ecb880 call 141fc88 85->88 87->88 88->86 92 ecb906-ecb91e call 12b2ba0 89->92 90->92
                                            APIs
                                            • SetLastError.KERNEL32(00000000), ref: 00ECB834
                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ECB88C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_taskErrorLast
                                            • String ID:
                                            • API String ID: 523316592-0
                                            • Opcode ID: 9b7fc1d3caa9981351766d9f9512f777d77aacd7621f6f2fd6356b3610290974
                                            • Instruction ID: df580a0f0f419197d40f4f09051555383618c57603cc918bce658a26b315d5b1
                                            • Opcode Fuzzy Hash: 9b7fc1d3caa9981351766d9f9512f777d77aacd7621f6f2fd6356b3610290974
                                            • Instruction Fuzzy Hash: AE31C476A003159FCB24DF69D984A6BBBB9FF88710B050529EA09A7310D731FC40CBD1
                                            Function 0142B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetLastError.KERNEL32(01580388,0000000C), ref: 0142B63E
                                            • RtlExitUserThread.NTDLL(00000000), ref: 0142B645
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitLastThreadUser
                                            • String ID:
                                            • API String ID: 1750398979-0
                                            • Opcode ID: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction ID: 6086993c94fc618f31227310ec58130ff8e3fcd83ce0aada473f565c26069d54
                                            • Opcode Fuzzy Hash: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction Fuzzy Hash: 3DF0C271A00216AFDF21AFB1C409A6E7B74EF65710F14415EF405A72B1CB306981CBA2
                                            Function 0143F066 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 118 143f066-143f06f 119 143f071-143f084 RtlFreeHeap 118->119 120 143f09e-143f09f 118->120 119->120 121 143f086-143f09d GetLastError call 1425f3b call 1425fd8 119->121 121->120
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F07C
                                            • GetLastError.KERNEL32(?,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F087
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 485612231-0
                                            • Opcode ID: d7266c98038aefb317f2a3b300c5c28a3c2a3f03a3f9fe641acaefbf0b122843
                                            • Instruction ID: 44d8290ddaf0c098711e509237bd276160635a3b5426c6a66108f15f0856ac80
                                            • Opcode Fuzzy Hash: d7266c98038aefb317f2a3b300c5c28a3c2a3f03a3f9fe641acaefbf0b122843
                                            • Instruction Fuzzy Hash: E4E0867150021867DF312FA9ED08F9A7A699B54755F550025F60C9A170D67488908795
                                            Function 014223CE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 126 14223ce-14223e6 127 1422415-1422437 KiUserExceptionDispatcher 126->127 128 14223e8-14223eb 126->128 129 142240b-142240e 128->129 130 14223ed-1422409 128->130 129->127 131 1422410 129->131 130->127 130->129 131->127
                                            APIs
                                            • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,0133F214,?,?,?,?,0133F214,?,0157FCE4), ref: 0142242E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: DispatcherExceptionUser
                                            • String ID:
                                            • API String ID: 6842923-0
                                            • Opcode ID: 1479d901214ed285330f3adc6b79d225c860c31d1abf81c685f2335e8732fba6
                                            • Instruction ID: b996788efd375f249a6f85777b50407a47fa158de80b81c41f923caf09d1dbf4
                                            • Opcode Fuzzy Hash: 1479d901214ed285330f3adc6b79d225c860c31d1abf81c685f2335e8732fba6
                                            • Instruction Fuzzy Hash: C601D4759002189BDB019F5CD480B9EBFB8EF48604F05406AEA01AB360D7B09941CB90

                                            Non-executed Functions

                                            Function 013D7449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 704 13d7449-13d745b LoadLibraryA 705 13d745d 704->705 706 13d745e-13d78e4 GetProcAddress * 63 call 13e001b 704->706
                                            APIs
                                            • LoadLibraryA.KERNEL32(wtsapi32.dll,013D7168), ref: 013D744E
                                            • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 013D746B
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 013D747D
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 013D748F
                                            • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 013D74A1
                                            • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 013D74B3
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 013D74C5
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 013D74D7
                                            • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 013D74E9
                                            • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 013D74FB
                                            • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 013D750D
                                            • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 013D751F
                                            • GetProcAddress.KERNEL32(WTSCloseServer), ref: 013D7531
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 013D7543
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 013D7555
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 013D7567
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 013D7579
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 013D758B
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 013D759D
                                            • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 013D75AF
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 013D75C1
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 013D75D3
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 013D75E5
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 013D75F7
                                            • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 013D7609
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                            • API String ID: 2238633743-2998606599
                                            • Opcode ID: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction ID: 3896cb70a0008139251e06703b9c09ebde9e8c76644898bb80b48b41fc6e08c9
                                            • Opcode Fuzzy Hash: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction Fuzzy Hash: 0BB1ADB5D40334BACF315F72AC8A80E3E63F7156767287A1AE4845AB58D7B54070DFA0
                                            Function 0138E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D6B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0138E59B,00000001,00006060,00000010), ref: 013D6B3E
                                            • GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0138E6DC
                                            • CreateThreadpool.KERNEL32(00000000), ref: 0138E6E2
                                            Strings
                                            • com.freerdp.codec.rfx, xrefs: 0138E530
                                            • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0138E605
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                            • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                            • API String ID: 3882483829-2530424157
                                            • Opcode ID: 28d81c8dcd1edb0f90faafeb5b7d212b59075c2ced48200ab52f9ed9d98f0da1
                                            • Instruction ID: cda3456878bfa4334dfcee4a7caf8f4a2847bb425a54e31f1175154bb03f9d94
                                            • Opcode Fuzzy Hash: 28d81c8dcd1edb0f90faafeb5b7d212b59075c2ced48200ab52f9ed9d98f0da1
                                            • Instruction Fuzzy Hash: 8F41E4B5A00706AFE724AF79DC85B96BBF8FF14608F00407EE5199A651EB30E948CB50
                                            Function 013CE437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D43BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                            • API String ID: 689400697-3976766517
                                            • Opcode ID: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction ID: 3d3c1bd64a95e4e8c8ca3d5ec4fd612ade2c6b9b7535c10fd32eb1328bc63899
                                            • Opcode Fuzzy Hash: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction Fuzzy Hash: 6D1198773802057FEB216E5AFC47E6B3E6CEB91A55F100068FA00A95D1D961CA60D7B0
                                            Function 013CE42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D42FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                            • API String ID: 689400697-3301108232
                                            • Opcode ID: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction ID: 810d866c165060910277caf65d0c1a3bb98ce342e222a01aaaabe4eeb6144924
                                            • Opcode Fuzzy Hash: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction Fuzzy Hash: C511B2773803057BEB216A5ABC47E6B3E6CFB96A15F000168FA00A95D1D961CA20D7B0
                                            Function 01375E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_fingerprint.GETSCREEN-156413884-X86(?), ref: 01375E1C
                                              • Part of subcall function 0137576E: crypto_cert_fingerprint_by_hash.GETSCREEN-156413884-X86(?,sha256), ref: 01375779
                                            • crypto_cert_issuer.GETSCREEN-156413884-X86(?), ref: 01375E30
                                            • crypto_cert_subject.GETSCREEN-156413884-X86(?,?), ref: 01375E3A
                                            • certificate_data_new.GETSCREEN-156413884-X86(?,?,00000000,00000000,00000000,?,?), ref: 01375E4A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                            • String ID:
                                            • API String ID: 1865246629-0
                                            • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction ID: a404041bf680b9b395dfa63bbf5ebd5c4f2f21a51e34ae9ab9cb459bad4371a5
                                            • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction Fuzzy Hash: A1E0DF35000209BFCF252F2DCC04CAF7EADEF816E8B048128BC0856220EA32CD1096A0
                                            Function 00DD89A0 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Genu$OPENSSL_ia32cap$ineI$ntel
                                            • API String ID: 0-3767422159
                                            • Opcode ID: 158caf0982877b31c73ee2345856290c8380dcea6b9b261641c6506139dc99c1
                                            • Instruction ID: b19303c42d16fb172753b147004284b54f36890c84a584d435a1aade4f193805
                                            • Opcode Fuzzy Hash: 158caf0982877b31c73ee2345856290c8380dcea6b9b261641c6506139dc99c1
                                            • Instruction Fuzzy Hash: 8E4149B2F8420607EF2C4579FC553BF3585AB953A8F38A23FD556E22C0DA349D808A95
                                            Function 01383F1C Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_base64_encode.GETSCREEN-156413884-X86(0156A688,00000000,00000000,00000000,00000000,?,01375E4F,?,?,00000000,00000000,00000000,?,?), ref: 01383F7D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: crypto_base64_encode
                                            • String ID:
                                            • API String ID: 2528031924-0
                                            • Opcode ID: 0bff45c7851ab4d5ecf638a059f0e725df03e18aa38f3992fad3f3a19a7df1e7
                                            • Instruction ID: 611f403c18a61de059bdb1b78bf5e862d2f712765f343a9e7867a8801f08e732
                                            • Opcode Fuzzy Hash: 0bff45c7851ab4d5ecf638a059f0e725df03e18aa38f3992fad3f3a19a7df1e7
                                            • Instruction Fuzzy Hash: 5121C4715007139BEB317F6EC840D5BBBE8FF64614715482EEA858B6A0EE71D880CB90
                                            Function 014261B5 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 014262AD
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 014262B7
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 014262C4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: 9a623220a48476cc59a766d1b06a6cb644d82bc1f49ba861b628482cf096ce46
                                            • Instruction ID: 3722ba0cce88f14a43f2e8713dc03c0a4737738a09862276db4145658a01a17f
                                            • Opcode Fuzzy Hash: 9a623220a48476cc59a766d1b06a6cb644d82bc1f49ba861b628482cf096ce46
                                            • Instruction Fuzzy Hash: 4631C77490122D9BCF21DF29D88879DBBB4BF18714F5041EAE81CA7260EB709BC58F55
                                            Function 01375B39 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_subject.GETSCREEN-156413884-X86(?), ref: 01375B42
                                            • crypto_cert_issuer.GETSCREEN-156413884-X86(?,?), ref: 01375B4C
                                            • crypto_cert_fingerprint.GETSCREEN-156413884-X86(?,?,?), ref: 01375B56
                                              • Part of subcall function 0137576E: crypto_cert_fingerprint_by_hash.GETSCREEN-156413884-X86(?,sha256), ref: 01375779
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: crypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                            • String ID:
                                            • API String ID: 727492566-0
                                            • Opcode ID: a1fc534dc46fdc7d926a4608a789591736f570c84edf29a249ce033f65392466
                                            • Instruction ID: eab3ad671d463cfd217138dcd351c5c39b38cb67a7e0675b335ff58fd2ead4a7
                                            • Opcode Fuzzy Hash: a1fc534dc46fdc7d926a4608a789591736f570c84edf29a249ce033f65392466
                                            • Instruction Fuzzy Hash: 44111E7170430766EF39AA7DDC46F6E2ACCDF10AACF145529F900DA181EE6DD94046A4
                                            Function 0137576E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_fingerprint_by_hash.GETSCREEN-156413884-X86(?,sha256), ref: 01375779
                                              • Part of subcall function 01375782: crypto_cert_hash.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,0137577E,?,sha256), ref: 01375792
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: crypto_cert_fingerprint_by_hashcrypto_cert_hash
                                            • String ID: sha256
                                            • API String ID: 2885152359-1556616439
                                            • Opcode ID: 6aa5e67dcf3895ae79a54ce84bd0d89da392821365742fa4735795561b864369
                                            • Instruction ID: c54ccb55706ef5e1f69750a6e7a681297a9fb40b19ad37b46775f675cc7d5b4c
                                            • Opcode Fuzzy Hash: 6aa5e67dcf3895ae79a54ce84bd0d89da392821365742fa4735795561b864369
                                            • Instruction Fuzzy Hash: 53A0222000830CBBCA023AABCC02C0ABE0CAB00880B000028BC000A0A2CBA3BA0220C0
                                            Function 01375782 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_hash.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,0137577E,?,sha256), ref: 01375792
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: crypto_cert_hash
                                            • String ID:
                                            • API String ID: 1547982073-0
                                            • Opcode ID: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                            • Instruction ID: 446be60659455d53363d0906c9689548723d193cef797fc5c667cb14014505a8
                                            • Opcode Fuzzy Hash: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                            • Instruction Fuzzy Hash: CCC09BB501020CBFEF066FC5CC45CEF7B6DDB04150B008125B90445010F671BF105BB4
                                            Function 01375ABB Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                            • Instruction ID: 0f0a42ae59bdb9215d4ee3162590f84026a34f9833e9924da834901e55cad872
                                            • Opcode Fuzzy Hash: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                            • Instruction Fuzzy Hash: F8F0E9326102087FFB24DE99CC41EBF7FACDB40764F104025FA046A150E6759D40C6A0
                                            Function 00D901A0 Relevance: .3, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2d8c1697f6f9d0d1db2187d02e4e27f72d0497b3dab760683f2c319e9340772
                                            • Instruction ID: aec333e90ed968cb660e497c5d2f81180b7c487c8e05c4bc99bcbf0c383da67e
                                            • Opcode Fuzzy Hash: b2d8c1697f6f9d0d1db2187d02e4e27f72d0497b3dab760683f2c319e9340772
                                            • Instruction Fuzzy Hash: FAE1C265C2DFD945E323573EA40326BE7647FFB288E50EB1BBDD831C60EB614245620A
                                            Function 00DC6657 Relevance: .2, Instructions: 238COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1b7adda0c8c3e57321c7809557f5b9a668d8a48d17905b2680d8c8fa3db88a7
                                            • Instruction ID: 0db461e20c63d6e35fd5e23362c5a51044c86b7e38b0fb3a4778453267c5ea5b
                                            • Opcode Fuzzy Hash: b1b7adda0c8c3e57321c7809557f5b9a668d8a48d17905b2680d8c8fa3db88a7
                                            • Instruction Fuzzy Hash: FEA19D21C19F8646E70B3B754447760E330AFF3248B50DB1AFDA1BA9A7EB61F6885170
                                            Function 00D89700 Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c732388a8a47ed671e7c3ecd3571bb85af5e36de19f68237e3c8f9a8b443c74c
                                            • Instruction ID: 0370b3b325e14c8a00074980d5ba819d042c41be9b9984ef6644cfb8634ee193
                                            • Opcode Fuzzy Hash: c732388a8a47ed671e7c3ecd3571bb85af5e36de19f68237e3c8f9a8b443c74c
                                            • Instruction Fuzzy Hash: 4681DE20D18BC583E7129F3C88426BAF3A0BFD6318F18E719EDD466552FB31A6C58791
                                            Function 01387B3F Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fdb1dac01aa4860a980b086edd79efc1a9ae4d31f88564667edbb66726d5c19
                                            • Instruction ID: 7519fb46dd1b1cfb83c5ad9f2e131f137712d1bfad921bc05ed8d43abf4f7f50
                                            • Opcode Fuzzy Hash: 5fdb1dac01aa4860a980b086edd79efc1a9ae4d31f88564667edbb66726d5c19
                                            • Instruction Fuzzy Hash: 67313F636083D04EDB1A8F2D88A46657FF65B5A010F2D85DEE9EACF343E421D60AD730
                                            Function 00DAB080 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 67c5a5b38ad57acd17395755d6869b213b2472f5960ea1db488aef957251935f
                                            • Instruction ID: 2edc2e34ac4a512768ed074ca56d6f1971363e1d8c753602a4e72a2f9cb1ec4d
                                            • Opcode Fuzzy Hash: 67c5a5b38ad57acd17395755d6869b213b2472f5960ea1db488aef957251935f
                                            • Instruction Fuzzy Hash: FB513371C20B8286E261AB31CD547D3B7A1BFB5304F259B2ED4DE22170FBB175E48A81
                                            Function 00DC7300 Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                            • Instruction ID: 853bae833523e151b59c4ae8bff4b9f08134bbaab3b4ef11f8f396c90664e872
                                            • Opcode Fuzzy Hash: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                            • Instruction Fuzzy Hash: ED215024D2CF8B41E7136B788443BAAA710EFE6355F64D31EF8D83B552FB204644A931
                                            Function 00DCA30D Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                            • Instruction ID: 3e4aa2ddb2d8e81c8354a7a9abd9c0855dd406e35942f766b766150b3b172115
                                            • Opcode Fuzzy Hash: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                            • Instruction Fuzzy Hash: DD1151D9C2AF7A06E713633B5D42242DA105EF7989550D347FCB439D61F701B5C17210
                                            Function 01452165 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 626452242-0
                                            • Opcode ID: 275f9ee7f2cad9b9e4652bb5d18b03f2ce09b260487c2d401c6b274c1d3dbde2
                                            • Instruction ID: 6fb6921390f6a66cc47b048fefae650c5252e2a128730553bc2c0a0150299fa2
                                            • Opcode Fuzzy Hash: 275f9ee7f2cad9b9e4652bb5d18b03f2ce09b260487c2d401c6b274c1d3dbde2
                                            • Instruction Fuzzy Hash: A3015675A00209ABDB08DF59DC51DFEB7B9EB9C750F40812AE92597290E67059058B60
                                            Function 0137590A Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84b44aee3ce2010bb11fe9cd9bfe8199031e157d18e3273147acef832804a5b4
                                            • Instruction ID: e42a32daab3246c60858a233e0b2b112f2accf261e1857019aa295fdee6aca41
                                            • Opcode Fuzzy Hash: 84b44aee3ce2010bb11fe9cd9bfe8199031e157d18e3273147acef832804a5b4
                                            • Instruction Fuzzy Hash: C0F0BBB2D00129AFEF24FBA8CC5ACBE77BCEF05218F10046DE811A7151EA749A148B60
                                            Function 01375732 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a5245e7be1296754392847f4bed58c415fd5748a5bd025052867f57d3d07922
                                            • Instruction ID: 21447105bd86ade479b00030675f082082d53699822c18a5e805c5249e545d0c
                                            • Opcode Fuzzy Hash: 0a5245e7be1296754392847f4bed58c415fd5748a5bd025052867f57d3d07922
                                            • Instruction Fuzzy Hash: DEE0D13200166AE6CB352E0DDC40EEF7F55EFC1275F15402EF944170504B35B881CE91
                                            Function 01452620 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                            • Instruction ID: 7cc38383f29d7df1ba3d77a203d67f5438dd054bdff9debe9f2cf2705ab7e3b8
                                            • Opcode Fuzzy Hash: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                            • Instruction Fuzzy Hash: 5DE08635712615DF9B95CE69C880D6B77E5BF45600354846BDD8DDB321D370E8028BE0
                                            Function 01377321 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c920fcbb8b362c6c414a7613c8428d6942e7fb65bc5c0d3cec4812cbf3b80f8
                                            • Instruction ID: 1320ad87886132d1e945b829a4b12922afc1cbbe6f4db8f5d57353616f8f1dce
                                            • Opcode Fuzzy Hash: 4c920fcbb8b362c6c414a7613c8428d6942e7fb65bc5c0d3cec4812cbf3b80f8
                                            • Instruction Fuzzy Hash: B1D05E3365020D6BEF199EE8AC09D7A379DEF44618B084499FE1C87511E23AD870AA80
                                            Function 01375ED1 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                            • Instruction ID: 99eb85916b110eeded9dd6724c958bf259cedb8a009c9b728bd3a04003fbfd22
                                            • Opcode Fuzzy Hash: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                            • Instruction Fuzzy Hash: EBE0C23A5092E787C334495D50004E7FFA9AEE9998324C9AADEE85B7068020E94143F0
                                            Function 01375DA5 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                            • Instruction ID: 0c1eda87f72ea613608cc556d88a528285033b5e254dea076940cbef6b55af87
                                            • Opcode Fuzzy Hash: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                            • Instruction Fuzzy Hash: 14D0123251D53536EA3536A99C03E8B398DCB426B4F210311BD39751E5E984D90151F0
                                            Function 0137612F Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                            • Instruction ID: b9abcab52f9af8570bc428aad80f735badd316f65935ea272389455be2b739c6
                                            • Opcode Fuzzy Hash: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                            • Instruction Fuzzy Hash: 9AD0927204460EBBCF122ECAEC02DEA3F6AAB186A4F448050FF1805971D677D571ABD5
                                            Function 01375D58 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af454b5cda78a2c3d57e0cbe02570ddcc9075b23da022ed3fa23d96e327ad826
                                            • Instruction ID: 4b46d4ae5e8046e43c67c88f481c27118b5412b42539406233ba71c1415ab581
                                            • Opcode Fuzzy Hash: af454b5cda78a2c3d57e0cbe02570ddcc9075b23da022ed3fa23d96e327ad826
                                            • Instruction Fuzzy Hash: F9D0223240122E36EA2025DA9801FEA7B0CCB01BB8F404012FE0C5E580C8A0880203F0
                                            Function 01376105 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                            • Instruction ID: 8aa21b4fb6af6656030f8796435443c8ab01ee55d43b39e3bc7459cb5f260b11
                                            • Opcode Fuzzy Hash: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                            • Instruction Fuzzy Hash: AAD0613200820EBBCF026E85CC028AA3F6AAB08690B008410FA24008218A37E831AB91
                                            Function 0137584E Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab71a9f5da58474ae0166a4e189ddeee788839cecb9f2a9b2ef120b35d17fe59
                                            • Instruction ID: 7f8094ddc8a0c87e4db44e18d46b25fb9ba398257a242579315bbd8c2bafb39e
                                            • Opcode Fuzzy Hash: ab71a9f5da58474ae0166a4e189ddeee788839cecb9f2a9b2ef120b35d17fe59
                                            • Instruction Fuzzy Hash: D1C012A044061D7AFF20F6A9CC5FDBF7A6CAB00604F800414F91061041E678951546A0
                                            Function 01375831 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                            • Instruction ID: 4d8f414f1e4887d8053831f5a4a05f4ad394ca57c1d0f4d78053111d1acf77a7
                                            • Opcode Fuzzy Hash: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                            • Instruction Fuzzy Hash: 39C09B32501238779D216DCDD401999BF5CDE01BB57054465FD48776154552AC5056E4
                                            Function 01387B24 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                            • Instruction ID: b5b3d61da59f4cec37d3a3f6b712783f7296bdb4903722c163030ab2dcab08b8
                                            • Opcode Fuzzy Hash: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                            • Instruction Fuzzy Hash: 2CC0027104420DABCF02AF95EC018993B6AFF45268B104064FD180A221E6339A319B95
                                            Function 01375D82 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                            • Instruction ID: 9e42c622051b94c495c61b3e5c07ac67882839fa1273530b484aca86a5ff9e8f
                                            • Opcode Fuzzy Hash: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                            • Instruction Fuzzy Hash: CFB0123200C30C3ADD1836E5FC0398A3B8DCB515B4B104416F81C05461ED2BB45110FC
                                            Function 01375966 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                            • Instruction ID: 69c6477a91a1df0287c4494ceeea6dc2faebfa0a92f60585af4073211fe54a10
                                            • Opcode Fuzzy Hash: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                            • Instruction Fuzzy Hash: 4AB09231004228BB4B226A9A8C09C8B7FACEB06AA0B010000BD08471118A20A90196F9
                                            Function 01375A65 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                            • Instruction ID: 7455423235d5d0f80b8c585f593aaf213a29d546d45e3872afacbb7a9d38f258
                                            • Opcode Fuzzy Hash: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                            • Instruction Fuzzy Hash: DFC09BB4C053095AF650F7F9850A95F7AEC5F01600F45441459C052142DA7CA548C7B3
                                            Function 01375B24 Relevance: .0, Instructions: 6COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                            • Instruction ID: 91cd28665ba0c665fcabd02ae77acf89651504583b8a9ea8afccbd6af2ad091b
                                            • Opcode Fuzzy Hash: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                            • Instruction Fuzzy Hash: 75A01130000228B3CA023AAACC02A8E3A8CEA022C0B008820B80802022EA2AA80200B8
                                            Function 01375D97 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                            • Instruction ID: 613ce9de6e79f6b8a4807cfd635efa25df8dbf532670aee38e54aa3890142cff
                                            • Opcode Fuzzy Hash: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                            • Instruction Fuzzy Hash:
                                            Function 01375A61 Relevance: .0, Instructions: 3COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                            • Instruction ID: f9d93bb6050abece768ba640a33519d1f25643404e4c276bdb386cb4d050c773
                                            • Opcode Fuzzy Hash: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                            • Instruction Fuzzy Hash:
                                            Function 013C14E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 811 13c14e3-13c14fb 812 13c16dd 811->812 813 13c1501-13c1509 811->813 815 13c16df-13c16e3 812->815 813->812 814 13c150f-13c1523 freerdp_error_info 813->814 816 13c1529-13c152f 814->816 817 13c16e4-13c16f0 814->817 816->812 818 13c1535-13c153c 816->818 819 13c16fe-13c170a call 13ce9a3 817->819 820 13c16f2-13c16f9 call 13ce717 817->820 821 13c154e-13c155a call 13ce9a3 818->821 822 13c153e-13c1549 call 13ce717 818->822 829 13c158e-13c1595 819->829 830 13c1710-13c1736 call 13ced82 819->830 820->819 834 13c155c-13c1586 freerdp_get_error_info_string call 13ced82 821->834 835 13c1589 821->835 822->821 829->812 836 13c159b-13c15a3 829->836 830->829 834->835 835->829 839 13c15a5-13c15ad 836->839 840 13c15b3-13c15ba 836->840 839->812 839->840 841 13c15bc-13c15c3 call 13ce717 840->841 842 13c15c8-13c15d4 call 13ce9a3 840->842 841->842 848 13c15d6-13c15fd call 13ced82 842->848 849 13c1600-13c1609 freerdp_reconnect 842->849 848->849 851 13c160f-13c161c freerdp_get_last_error 849->851 852 13c173b-13c173e 849->852 854 13c161e-13c1625 851->854 855 13c166b 851->855 852->815 857 13c1627-13c162e call 13ce717 854->857 858 13c1633-13c163f call 13ce9a3 854->858 856 13c166d-13c1671 855->856 860 13c167c-13c1688 Sleep 856->860 861 13c1673-13c167a 856->861 857->858 866 13c1667 858->866 867 13c1641-13c1664 call 13ced82 858->867 860->856 864 13c168a-13c168e 860->864 861->812 861->860 864->836 869 13c1694-13c169b 864->869 866->855 867->866 871 13c169d-13c16a4 call 13ce717 869->871 872 13c16a9-13c16b5 call 13ce9a3 869->872 871->872 872->812 878 13c16b7-13c16da call 13ced82 872->878 878->812
                                            APIs
                                            • freerdp_error_info.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1519
                                            • freerdp_get_error_info_string.GETSCREEN-156413884-X86(00000000,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C155D
                                            • freerdp_reconnect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1601
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1611
                                            • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C167E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                            • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                            • API String ID: 968149013-2963753137
                                            • Opcode ID: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction ID: 6f57ed85601c1ed12580f7841f3b666beb615a4ce0743806257e00425fefb1a2
                                            • Opcode Fuzzy Hash: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction Fuzzy Hash: 0651AB72780306B7F7226E2DEC46F6A2A98AB20F2CF14412DFA05EE1C6D6B49D505754
                                            Function 0138A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • gdi_get_pixel_format.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138A8B3
                                            • gdi_free.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138AA40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_freegdi_get_pixel_format
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                            • API String ID: 1251975138-534786182
                                            • Opcode ID: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction ID: 159ed97255acf3df06af589bec5dadd90c9c30064dd8a8638358d342e0afeb15
                                            • Opcode Fuzzy Hash: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction Fuzzy Hash: 3B41D371200703AFEB11BF38DC40BA9BBA5FF50318F14842EEA589B555EF72A8508B50
                                            Function 013C6C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,?), ref: 013C6D79
                                            • _strlen.LIBCMT ref: 013C6DF4
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6E1D
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6F6F
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C7044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_device_collection_add$_strlen
                                            • String ID: drive$parallel$printer$serial$smartcard
                                            • API String ID: 2230162058-807955808
                                            • Opcode ID: 7b0ecd2ee36b10ed8153bd2f5fea14a7e1c1572fbb979851ac357fe759a64519
                                            • Instruction ID: af469f7c7d7865033e1512754ab9a6ed36f447a73bb594dc56e28c7fd9e0ae65
                                            • Opcode Fuzzy Hash: 7b0ecd2ee36b10ed8153bd2f5fea14a7e1c1572fbb979851ac357fe759a64519
                                            • Instruction Fuzzy Hash: 95B1F2725042279FDF15AF19C851DADBBA1FF14718B15806EE9085F262EF32DD918F80
                                            Function 01350E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350F64
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350F79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                            • API String ID: 3168844106-1571615648
                                            • Opcode ID: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction ID: 5f0f12fb799cee8d87f7b1fe246568b1f5c8198efb26002170337a39528fea28
                                            • Opcode Fuzzy Hash: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction Fuzzy Hash: 34419071A44306AEDB599FADDC46F9D77F4AB08B18F10402DFA18AB180D771A904CB94
                                            Function 013842E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 013842FA
                                            • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01384320
                                            • GetFileSize.KERNEL32(00000000,?), ref: 0138433A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreateSize_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 2645226956-2916857029
                                            • Opcode ID: facc71bab5d1b1c26f43b9ba0a204d0c62bfec45e1fe413122ad8734943ecaa4
                                            • Instruction ID: 45aa4d3e0be2c9c29de822f64a3f4606144c2b4de684e5bb55edde4a13fb1e83
                                            • Opcode Fuzzy Hash: facc71bab5d1b1c26f43b9ba0a204d0c62bfec45e1fe413122ad8734943ecaa4
                                            • Instruction Fuzzy Hash: 5E5184B1900316AEEF11ABB9EC45BBF7BBCEF15628F10412AF901E6950EB34D9008761
                                            Function 01350C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350D92
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350DB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                            • API String ID: 3168844106-4217659166
                                            • Opcode ID: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction ID: 987e4c116d9f46f87f4a3b24b469bd4f017d95157e2228a3670d9e26348f9da1
                                            • Opcode Fuzzy Hash: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction Fuzzy Hash: 7D519271A40306AFEB69DF69DC85F9E7BE4EB04B18F14402DFA04AB290E775A900CB54
                                            Function 01455E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • avc444_ensure_buffer, xrefs: 01455F1F
                                            • YUV buffer not initialized! check your decoder settings, xrefs: 01455F1A
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 01455F24
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                            • API String ID: 733272558-18228272
                                            • Opcode ID: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction ID: d44039bc7597f7f4584488b1f34008df8b41a5a3505abb317dad0748f8e3166c
                                            • Opcode Fuzzy Hash: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction Fuzzy Hash: A941B672640306AFDB209F6ACC81A66BBE5FF64214F14483FEA86CF671D272E451CB40
                                            Function 01453B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,00000400,00000001), ref: 01453B87
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000401,00000000), ref: 01453BB7
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000404,?), ref: 01453BDB
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000402,00000000), ref: 01453BFA
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000014,?), ref: 01453C12
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,000006C1,?), ref: 01453C2B
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000403,?), ref: 01453C44
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000015,00000000), ref: 01453C60
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,00000013,?), ref: 01453C82
                                            • freerdp_target_net_addresses_free.GETSCREEN-156413884-X86(?), ref: 01453C93
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                            • String ID:
                                            • API String ID: 949014189-0
                                            • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction ID: 15cfdf968d52cf33472049923efd657471d542d8177c3115c5808c9df6fff7d1
                                            • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction Fuzzy Hash: 3041C271600716BBF7619E28CC44FAF7BA4BF04344F04402AFF06866A2E772E066C794
                                            Function 01401612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D5CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01401701,00000001), ref: 013D5CF9
                                            • zgfx_context_new.GETSCREEN-156413884-X86(00000000), ref: 01401874
                                              • Part of subcall function 0145693A: zgfx_context_reset.GETSCREEN-156413884-X86(00000000,00000000,00000000,?,01401879,00000000), ref: 01456964
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                            • API String ID: 3732774510-3243565116
                                            • Opcode ID: 219cba239c4d70b0e84538d4880de1dfe89b84ab2b46787b9885e1812ef1c115
                                            • Instruction ID: 183b212b2b90db48f12a6ea765d9fa1e7f6a0cf356c20f0c0e82c84cda0a2046
                                            • Opcode Fuzzy Hash: 219cba239c4d70b0e84538d4880de1dfe89b84ab2b46787b9885e1812ef1c115
                                            • Instruction Fuzzy Hash: AA71A3756947026BE3259F2B9C41B5677E8FB25B68F10003EF609AB6D0EB74E9408B84
                                            Function 013CE889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8B2
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8D6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                            • API String ID: 1431749950-225596728
                                            • Opcode ID: d342f32b4a9737f0b164c308ea7547c2e48bed006183cd3ddfda3ec5e07710ba
                                            • Instruction ID: 14d6c8906ed4902fe463f09e1a8613424af917d7514baa2971575b23a5938da8
                                            • Opcode Fuzzy Hash: d342f32b4a9737f0b164c308ea7547c2e48bed006183cd3ddfda3ec5e07710ba
                                            • Instruction Fuzzy Hash: C721E53324426769F6A4626BAC4AEBB1E5CDB63D7C760003FE404AA0D0EE948C8187B1
                                            Function 01343971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013548D9
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 0135498F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_set_last_error_ex
                                            • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                            • API String ID: 270715978-29603548
                                            • Opcode ID: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction ID: ada44c9c176bce61c4fd9bb10bf5bf2af172f1d35a04daa17dea898e328152eb
                                            • Opcode Fuzzy Hash: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction Fuzzy Hash: 4C210772A40305BAE7156A9DDC46FAB7BB8BB11E18F10015AFE086E1C1E6B19580CAA5
                                            Function 014558B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 014558FA
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000001,00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 01455902
                                            • audio_format_compatible.GETSCREEN-156413884-X86(01455425,?,?,?,?,01455425,?,?,?,?,00000000,?), ref: 0145594D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string$audio_format_compatible
                                            • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                            • API String ID: 204136587-155179076
                                            • Opcode ID: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction ID: 851a32f3e0bc40a2144dd4275f7b3dfc78552c5240cb2faf05dd8eb5691b9314
                                            • Opcode Fuzzy Hash: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction Fuzzy Hash: EA2188A16843016BF7655E69AC42F7637AC9B11E28F10002FFA49EF1D1F569985043E9
                                            Function 013D4B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(secur32.dll,?,013D4AEC), ref: 013D4B18
                                            • LoadLibraryA.KERNEL32(security.dll,?,013D4AEC), ref: 013D4B28
                                            • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 013D4B42
                                            • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 013D4B51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                            • API String ID: 2574300362-4081094439
                                            • Opcode ID: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction ID: 6cd7259ed1d171f23321d36627a9014de113ac0aba885ec646b9e0f2bb13a950
                                            • Opcode Fuzzy Hash: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction Fuzzy Hash: 5AF0E9B3E0033267CB22EBBEBC0091A7EE8AB985543150257D840D7108F6B0C4128FA1
                                            Function 0136501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_read_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 0136502A
                                            • ber_read_length.GETSCREEN-156413884-X86(?,?), ref: 0136503F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_read_lengthber_read_universal_tag
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                            • API String ID: 3186670568-2454464461
                                            • Opcode ID: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction ID: e5fdac76fc3730e5ebc534f38cc4f3dfadfbe618c3a8de2cb82513b95d14be7e
                                            • Opcode Fuzzy Hash: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction Fuzzy Hash: 3B4128B1B04312ABEF218F2DCC41B293BEDAB51659F04C179E5568B28DE774D600CB60
                                            Function 013A9C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,?), ref: 013A9C6E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_rects
                                            • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                            • API String ID: 844131241-2640574824
                                            • Opcode ID: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction ID: a64c203dab79ce0a4abd67865680c2fb9c44ffcc2eee55210e216c04a2f82af0
                                            • Opcode Fuzzy Hash: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction Fuzzy Hash: B931A47678030279F736566EEC43F6A76D8EB25F1DF10052DF904AD1C4FB95999083A0
                                            Function 01342BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C14
                                            • clearChannelError.GETSCREEN-156413884-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C1B
                                              • Part of subcall function 013426E1: ResetEvent.KERNEL32(?), ref: 0134270A
                                              • Part of subcall function 01358142: ResetEvent.KERNEL32(?,?,01342C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 0135814E
                                            Strings
                                            • freerdp_connect, xrefs: 01342C01
                                            • freerdp, xrefs: 01343062
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342BFC
                                            • ConnectionResult, xrefs: 01343077
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                            • API String ID: 3632380314-3564821047
                                            • Opcode ID: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction ID: 7eff56f78b8bfe3baab6e801ccf08da336fa98a28459ace08b5ddc8dd88d8607
                                            • Opcode Fuzzy Hash: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction Fuzzy Hash: 0231A470600206AFEB10DF7DD884FAABBE4FF18758F240179E909EB261DB71A954CB50
                                            Function 013653FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365415
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000001,?,00000002,00000000), ref: 0136541D
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365440
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000002,?,00000002,00000000), ref: 01365448
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_write_lengthber_write_universal_tag
                                            • String ID:
                                            • API String ID: 1889070510-0
                                            • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction ID: 2bf31fd318fd4ed50356b849d95cb755770fe2c8729f65a2d77a492ed6a7eb98
                                            • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction Fuzzy Hash: 5A210A30201744EFDB135B08CD41B5A77ADEF21B45F05C4A9FA8B6FA86C261AE01CBA1
                                            Function 0136CB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB79
                                            • brush_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB86
                                            • pointer_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB94
                                            • bitmap_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBA2
                                            • offscreen_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBB0
                                            • palette_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBBE
                                            • nine_grid_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBCC
                                            • cache_free.GETSCREEN-156413884-X86(00000000), ref: 0136CBDE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                            • String ID:
                                            • API String ID: 2332728789-0
                                            • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction ID: d185b866ff33126594a6f4853e9e7592bde1fcd2126b7e484436ac6d4a898b50
                                            • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction Fuzzy Hash: E1018436248B075AF7246B7DA850D3F7BEC8F52978714943ED5C0D7988EF24E001AA71
                                            Function 0138EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_init.GETSCREEN-156413884-X86(?), ref: 0138F58A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_init
                                            • String ID:
                                            • API String ID: 4140821900-0
                                            • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction ID: 264eb4e0bc3d73e58ac888e216b6bfd6b9dd9e59fcff56fba44a4aff49372d38
                                            • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction Fuzzy Hash: C0516F72D0021A9BDF18DFA9C884AEEBBF9FF48308F14452AF519E7244E7359945CB60
                                            Function 0138AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CreateCompatibleDC.GETSCREEN-156413884-X86(?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?,?,?,?,?,0138A899), ref: 0138AAE7
                                            • gdi_CreateCompatibleBitmap.GETSCREEN-156413884-X86(?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB0E
                                            • gdi_CreateBitmapEx.GETSCREEN-156413884-X86(?,?,?,?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB2A
                                            • gdi_SelectObject.GETSCREEN-156413884-X86(?,?), ref: 0138AB60
                                            • gdi_CreateRectRgn.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000), ref: 0138ABA5
                                            • gdi_DeleteObject.GETSCREEN-156413884-X86(?), ref: 0138AC39
                                            • gdi_DeleteDC.GETSCREEN-156413884-X86(?), ref: 0138AC48
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                            • String ID:
                                            • API String ID: 412453062-0
                                            • Opcode ID: 465b4ffd023e57f5a0c4565455c46a70f3e764856c2752f7a876167ddfb1c273
                                            • Instruction ID: 0fb9888efb7931af809adae1a062039f67dc79181bf685930612d9e38b17da90
                                            • Opcode Fuzzy Hash: 465b4ffd023e57f5a0c4565455c46a70f3e764856c2752f7a876167ddfb1c273
                                            • Instruction Fuzzy Hash: 7E5103752007059FDB25DF69C884EA6BBE1FF1C314B0549AEE98A8BB61E771E841CF40
                                            Function 013DEA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?), ref: 013DEABD
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEAE7
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB14
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                            • API String ID: 1431749950-2760771567
                                            • Opcode ID: 250b7dff5513be944b6b340eb85a10db2e44d7e992eaf3b5d3f68ed51d2de136
                                            • Instruction ID: 5e3dba4c0725a2be43c9c9f05425b76a93ab3884538e9cec03990b78d6a41c60
                                            • Opcode Fuzzy Hash: 250b7dff5513be944b6b340eb85a10db2e44d7e992eaf3b5d3f68ed51d2de136
                                            • Instruction Fuzzy Hash: B931D677908722BFDB256BAAB849D6E7F68FB5156C310003DE5019F610DB30A814C7B1
                                            Function 00DC8EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8F0A
                                            • GetLastError.KERNEL32 ref: 00DC8F38
                                            • TlsGetValue.KERNEL32 ref: 00DC8F46
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8F4F
                                            • RtlAcquireSRWLockExclusive.NTDLL(01601284), ref: 00DC8F61
                                            • RtlReleaseSRWLockExclusive.NTDLL(01601284), ref: 00DC8F73
                                            • TlsSetValue.KERNEL32(00000000,?,?,00000000,00DAB080), ref: 00DC8FB5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                            • String ID:
                                            • API String ID: 389898287-0
                                            • Opcode ID: f576c2f8ed04c1ec0dd6d0a778a76dcdf1e300e1b38d09fee0aa34bead70e559
                                            • Instruction ID: 249735312486a94351990552ad44d75c1e1b0c4a0b7581e90a44cdefec978509
                                            • Opcode Fuzzy Hash: f576c2f8ed04c1ec0dd6d0a778a76dcdf1e300e1b38d09fee0aa34bead70e559
                                            • Instruction Fuzzy Hash: E221F2B06002169FDB216FA5EC08FAF3B65BF06704F49402DF805C7264DB7198549BB2
                                            Function 013DF61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(00000002,00000002,00000011), ref: 013DF673
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF68A
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF6AB
                                            • closesocket.WS2_32(?), ref: 013DF6E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$closesocketsocket
                                            • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                            • API String ID: 65193492-3368084233
                                            • Opcode ID: 0f36eff9298ff52b9447ce38e611f818ea8ee9476f07bae494bdef4974c9f182
                                            • Instruction ID: 37441cab6b8bb7b8aec0e610bef0a0d95f6e128e879c3f5d7d82f63709224333
                                            • Opcode Fuzzy Hash: 0f36eff9298ff52b9447ce38e611f818ea8ee9476f07bae494bdef4974c9f182
                                            • Instruction Fuzzy Hash: CC21DE33144B12ABE3345B7AAC89A167FA8FF4072CB50041EF2439A9B0DBB0A4468B41
                                            Function 013E001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(winsta.dll,?,013D78D9,01687120), ref: 013E0023
                                            • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 013E003C
                                            • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 013E0052
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                            • API String ID: 2238633743-2382846951
                                            • Opcode ID: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction ID: ef5d444c0e560ba448fc8b36d8399bafb4abc3c66a94cdd69eaa126e5b218283
                                            • Opcode Fuzzy Hash: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction Fuzzy Hash: F90129B47113558FDB1C9FB19C0DA623FE4BB0435CF0940B9F449DB2A6DAB084599F14
                                            Function 0136CB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_free.GETSCREEN-156413884-X86(?), ref: 0136CB1E
                                            • brush_cache_free.GETSCREEN-156413884-X86(?,?), ref: 0136CB26
                                            • pointer_cache_free.GETSCREEN-156413884-X86(?,?,?), ref: 0136CB2E
                                            • bitmap_cache_free.GETSCREEN-156413884-X86(?,?,?,?), ref: 0136CB36
                                            • offscreen_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 0136CB3E
                                            • palette_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?), ref: 0136CB46
                                            • nine_grid_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?,?), ref: 0136CB4E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                            • String ID:
                                            • API String ID: 637575458-0
                                            • Opcode ID: 2a12e379a9b476aac062f53d4a627af9393f4fd168afc1b96a522a904cabb56b
                                            • Instruction ID: 8e9aba3c9f4f97ecbbef73598ee1a11f665ce30e1cafe14076421dff4adf04fc
                                            • Opcode Fuzzy Hash: 2a12e379a9b476aac062f53d4a627af9393f4fd168afc1b96a522a904cabb56b
                                            • Instruction Fuzzy Hash: ECE09230001A17ABCA323F69CC01C4ABFAEAF31658300C428E48662479CB22BC60AF90
                                            Function 013ADFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 013AE040
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE04F
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 013AE062
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE0A3
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?), ref: 013AE0C8
                                            • gdi_RectToCRgn.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013AE147
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-0
                                            • Opcode ID: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction ID: fbbd1590eca75635813602885ed1f0f4b3aea22f144ecc163ffdc90e97a0d727
                                            • Opcode Fuzzy Hash: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction Fuzzy Hash: 8351C076E0122EEFCF14CF99C8808EEBBB9FF48714B54402AE515A7250D775AA51CFA0
                                            Function 01381D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,000007C0,?), ref: 01381DA2
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000001), ref: 01381DCC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381DE8
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381DFC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381E19
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381E2D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                            • String ID:
                                            • API String ID: 4272850885-0
                                            • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction ID: 500943f86ac32f97420b61c336ef68b5b1ffec6c49e91746df5be320985c6a68
                                            • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction Fuzzy Hash: 2F118E62B853067DF9603A6C5C82F7B36AC4BB295CF440025FF0CA51C4E995B20684A6
                                            Function 013A8AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 013A8C2B
                                            Strings
                                            • com.freerdp.color, xrefs: 013A8D98
                                            • freerdp_image_copy_from_icon_data, xrefs: 013A8DBA
                                            • 1bpp and 4bpp icons are not supported, xrefs: 013A8DB5
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A8DBF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                            • API String ID: 1523062921-332027372
                                            • Opcode ID: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction ID: b3c80ff7611f479b94a534a5c03df8c4fc709099846a6a53c6b527a17d53725c
                                            • Opcode Fuzzy Hash: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction Fuzzy Hash: 2A51D9B260021DAADF249F19CC51BFE7BA8EF14208F4481ADFE14A6190D7708A85CFA4
                                            Function 013C8423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: kbd-lang-list$kbd-list$monitor-list
                                            • API String ID: 0-1393584692
                                            • Opcode ID: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction ID: 1815499a2fcad54aa70fa22f353ad94e7bed8959eae0eba790e154755f7717ec
                                            • Opcode Fuzzy Hash: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction Fuzzy Hash: DB31E732A012299ADB20DB69DD45DCAB7A8AB15728F0401AAF908A71D1D770DE40CBD0
                                            Function 01399962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            • com.freerdp.codec, xrefs: 01399AD0
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01399AFA
                                            • interleaved_compress, xrefs: 01399AF5
                                            • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01399AF0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                            • API String ID: 0-4054760794
                                            • Opcode ID: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction ID: 622174f53f7a1bf29e55418faad0b0ab36f820957b93108b3dd8206b473540d5
                                            • Opcode Fuzzy Hash: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction Fuzzy Hash: 0F214C72200206BBFF255E5EDC46FAB3F59EB1465CF08422CFA055A190E67AEC60CB51
                                            Function 013CE492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                            • API String ID: 689400697-743139187
                                            • Opcode ID: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction ID: 2c42d4f0d5645ebb6af76c5dd663b66885aba2be9207ea8aa57bbe426507fe40
                                            • Opcode Fuzzy Hash: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction Fuzzy Hash: 3421ABB3240245BFEF225E5AEC02E9B3F69FB65B55F040158FA04690E0C562DD70DBA1
                                            Function 013CE489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3DA3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                            • API String ID: 689400697-1744466472
                                            • Opcode ID: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction ID: 02a62b35606ec655c006856512e6257c57f8e9fdb5df97027751ab6aab914b75
                                            • Opcode Fuzzy Hash: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction Fuzzy Hash: DF21C6B7240205BFEF225E9AFC02DAB3F69FB99B14F000158FA04690E0C662CD61D7A1
                                            Function 013511D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 013511FA
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01351248
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelDetached$freerdp
                                            • API String ID: 3987305115-436519898
                                            • Opcode ID: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction ID: d74e0c556aaaf0c316e4534870d09e625b3ec817d441928eb4b5215d5a96b2be
                                            • Opcode Fuzzy Hash: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction Fuzzy Hash: 322130B1A00209AFDB55DF98C884F9EBBF9FF18744F104469E944EB251D770AA50DF90
                                            Function 01350B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 01350B64
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01350BB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelAttached$freerdp
                                            • API String ID: 3987305115-2646891115
                                            • Opcode ID: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction ID: 771fab76d09c638d0fafe160a4b56140bf73a164e229b2e216136ccc17d0ef7d
                                            • Opcode Fuzzy Hash: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction Fuzzy Hash: 66213271A0020AEFDF15DF98C884FAEBBF5FF08748F104469F948AB251D771AA509B90
                                            Function 013CE413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3227
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                            • API String ID: 689400697-2657764935
                                            • Opcode ID: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction ID: 282d89c9de534930e6f6239bc300c3d2673591249330c5178d8a5b5a73ec5e6d
                                            • Opcode Fuzzy Hash: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction Fuzzy Hash: A211B7B36442057FEF215E5AEC06EAB3F69FBA9B18F100158FA14690D0D562CD20D7B1
                                            Function 013CE40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D32F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                            • API String ID: 689400697-1172745827
                                            • Opcode ID: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction ID: b07c76d0c7175639f0e1f62923067537993acd32edee6e0c8b12638249cc3299
                                            • Opcode Fuzzy Hash: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction Fuzzy Hash: 3E11E4B32442057BEF215E5AEC06EAB3F69FB95B24F000058FA00691E0CE62CD20D7B1
                                            Function 013CE401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D384E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                            • API String ID: 689400697-2008077614
                                            • Opcode ID: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction ID: 9e941cc5d00f9adcef50f667d2f731b1906a0073b9186e24004e2fd4be0a9a07
                                            • Opcode Fuzzy Hash: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction Fuzzy Hash: 9211DAB72402057BEF215E5AEC07EAB3FA9FB95B14F100168FA00A91E0D561CD31D7B1
                                            Function 013CE476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3548
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                            • API String ID: 689400697-3257054040
                                            • Opcode ID: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction ID: f0d00a5465505872dd19ff335fa6ece98be48e75ef17b7f81c317385ea879d2f
                                            • Opcode Fuzzy Hash: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction Fuzzy Hash: 3F11ABB73402057AEB315A5ABC07F5B3E5DF791A54F104158FA009E1D0D961DD20D7B5
                                            Function 013CE46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D360B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                            • API String ID: 689400697-848437295
                                            • Opcode ID: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction ID: 934c7c00e9e6fe622a30c314a18c899b2efb568d73a26c412f954f097b23fdd9
                                            • Opcode Fuzzy Hash: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction Fuzzy Hash: 031127B73803057AEB215A5ABC47E6B3F6CFB92A29F100158FA00AD1D0C961CD20C7B5
                                            Function 013CE452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D33CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                            • API String ID: 689400697-3640258815
                                            • Opcode ID: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction ID: 8ac8f6ae221fdc01d91dfe8b03cd829dd7519ccc951b10d66da4b4a34ab493c0
                                            • Opcode Fuzzy Hash: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction Fuzzy Hash: D111EBB73803057AEB311A5AFC07E6B3E6CFB92B14F404058FA00AE1D0D9658D20C7B1
                                            Function 013CE49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4481
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                            • API String ID: 689400697-3834539683
                                            • Opcode ID: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction ID: 1830fe0f1d2f575a12795db60fddef7d7b4089932d18b096a6163c3876376eab
                                            • Opcode Fuzzy Hash: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction Fuzzy Hash: F81127773802057EEB301A5ABC03E6B3F6DEB92B14F100068FA00AD9D1D9A1CE60C7B0
                                            Function 013CE4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4544
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                            • API String ID: 689400697-1495805676
                                            • Opcode ID: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction ID: 2da07699e9fca94e2e4646fb7538e5aa12c535265ad99812fc74418e7426048f
                                            • Opcode Fuzzy Hash: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction Fuzzy Hash: 5A11C8773802057AEB21595ABC07E5B3E9DF7A1A14F400068FA00999D1D561D920C7B4
                                            Function 013CE4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D40BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                            • API String ID: 689400697-247170817
                                            • Opcode ID: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction ID: 138e0b15d04b24f97d727f8a400d6340cae0761711245f7a4efb9eff360a8fc8
                                            • Opcode Fuzzy Hash: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction Fuzzy Hash: 8E11C4773802057BEB212A6ABC07E6B3E6CFBA2A19F00415CFA00AD5D1D561CE20C7B0
                                            Function 013CE4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D417E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                            • API String ID: 689400697-1164902870
                                            • Opcode ID: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction ID: 86d7679b8c2d4cebac55deb217671f0c24208ed6fc226e9e1db3c3fea8a47bbe
                                            • Opcode Fuzzy Hash: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction Fuzzy Hash: B911AB773443157BEB316A6ABC07E5B3E6CF7A5A19F00006CFA009D5D1D961CA60C7B0
                                            Function 013A1A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • ncrush_context_reset.GETSCREEN-156413884-X86(00000000,00000000), ref: 013A1B36
                                            Strings
                                            • ncrush_context_new, xrefs: 013A1B14
                                            • com.freerdp.codec, xrefs: 013A1AF1
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 013A1B19
                                            • ncrush_context_new: failed to initialize tables, xrefs: 013A1B0F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ncrush_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                            • API String ID: 2838332675-904927664
                                            • Opcode ID: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction ID: acdae00c4c4af0aa5d44c0fc365b57227a9cb1eaf0c9e9d659c43378311e05bb
                                            • Opcode Fuzzy Hash: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction Fuzzy Hash: 7E1108B23407033AF315AB5AEC41FD6B798EB60758F40412DF5149A684EBB2A95087A0
                                            Function 013CE4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D36CE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                            • API String ID: 689400697-3413647607
                                            • Opcode ID: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction ID: be9317a4fa6a4fd30fbe1a4eceb7135781ba5d6163dc15acafd64b53f4665913
                                            • Opcode Fuzzy Hash: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction Fuzzy Hash: B71194F73803517AEA21565ABC47E6B3E9CFBA2B55F100058FA10AD1D0D9A18D20C7B2
                                            Function 013CE4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D378E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                            • API String ID: 689400697-3754301720
                                            • Opcode ID: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction ID: b76558983257192ccb242193deb46cc20f04a42be3075b5623646df381f4d280
                                            • Opcode Fuzzy Hash: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction Fuzzy Hash: 4C11A7F73803057AEB21565ABC47E6B3F9CF7A2A55F100068FA149D1D0D961CD60C7B1
                                            Function 013CE4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3E7E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                            • API String ID: 689400697-2578917824
                                            • Opcode ID: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction ID: 0078f9ef0b7ec19db0589fb002ad5f6533fbb1aac3269719063c3981ddea06d0
                                            • Opcode Fuzzy Hash: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction Fuzzy Hash: 3711E7B73842057BEB31565ABC07E6B3E6CFBA6E29F00015CF614AD1D0D5628E20C3B1
                                            Function 013CE4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3F3E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                            • API String ID: 689400697-3211427146
                                            • Opcode ID: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction ID: f3b887a9a1cf89e638e70d282a7d7431d6d83c394f2a690b8e0b30af2c1a27bc
                                            • Opcode Fuzzy Hash: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction Fuzzy Hash: 111198B73443157BEB21265ABC06E6B3E6DF795E15F10419CF600AD1D1D961CE20C7B1
                                            Function 013A954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 013A95B5
                                            Strings
                                            • freerdp_image_scale, xrefs: 013A95EB
                                            • SmartScaling requested but compiled without libcairo support!, xrefs: 013A95E6
                                            • com.freerdp.color, xrefs: 013A95C8
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A95F0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                            • API String ID: 1523062921-212429655
                                            • Opcode ID: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction ID: fe8980f493cb094a6de82cd79eecaa96a22aac27f89beb73841ae6e49b5bb5f1
                                            • Opcode Fuzzy Hash: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction Fuzzy Hash: 9521B17224020EBBEF169E58DD13FED3BA9EB14718F448119FD04AA190E371E920DB80
                                            Function 013CE425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D39DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                            • API String ID: 689400697-1972714555
                                            • Opcode ID: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction ID: f4c8a5057fbc380b01701830371402cbbaa5d9bd0bb3f61a8671b1f102c7a90b
                                            • Opcode Fuzzy Hash: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction Fuzzy Hash: D111CAB77802117AFA21565BBC07E6B3E5DFB92E54F100168F6049E1D0D9518D10C7B2
                                            Function 013CE41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3920
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                            • API String ID: 689400697-2845897268
                                            • Opcode ID: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction ID: be0fa33b64ca1f8875b244285ef539c84b11eac729c5261c7dbdc367e11c3ffe
                                            • Opcode Fuzzy Hash: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction Fuzzy Hash: 4C1177B73842157AEB21155ABC07F6B3E9CF792A54F10016CF5009E5D0D9618D60D7B5
                                            Function 013CE449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2F33
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                            • API String ID: 689400697-255015424
                                            • Opcode ID: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction ID: d5a3ebd68911a535aeeb0b7c2a34c046f59ea55eb9a4be41106c9a425836e38f
                                            • Opcode Fuzzy Hash: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction Fuzzy Hash: 8B11E3B73843053EEA20666BBC07E6B3E5CEBA6E24F0000A8FA04AE4D0D9518D10C3B0
                                            Function 013CE440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2FF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                            • API String ID: 689400697-1149382491
                                            • Opcode ID: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction ID: c147acf2263b6c7537b668f898509ddb737586bd95fa448640316aa73ad04942
                                            • Opcode Fuzzy Hash: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction Fuzzy Hash: 711191B73842157AE730562ABC06E6B3E5CFBA2A68F000068FA05AD5D0D9518D50C3B1
                                            Function 013CE4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D30AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                            • API String ID: 689400697-2261828479
                                            • Opcode ID: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction ID: e193f44991604b807c5770e0623a6486ba0efc542a8da411534963c15fbc7f6e
                                            • Opcode Fuzzy Hash: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction Fuzzy Hash: 2D11CAB73843157AEA30662BBC07E6B3E6CF7A6E18F100168F6149E1D0D991CD50C3B1
                                            Function 013CE4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D316A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                            • API String ID: 689400697-3351603741
                                            • Opcode ID: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction ID: c929f952f091c9d3abf8b48691903ed613fc7f3a6540702611c4cd8645ae5fdf
                                            • Opcode Fuzzy Hash: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction Fuzzy Hash: 3B11CAB73842057AEA31665ABC07E6B3E6CF7A6B14F000168FA109E1D1D591DD21C7B5
                                            Function 013CE4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3FFE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                            • API String ID: 689400697-2156878011
                                            • Opcode ID: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction ID: 4dc28cbed8cbd1e76ca147199481ec4a28713421ef12abbb7c069bfe4c1f2875
                                            • Opcode Fuzzy Hash: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction Fuzzy Hash: 0E11A3B73843057BE631266ABC07E6B3E6CEB92A18F10416CF604AE5D1D9A18910C3B0
                                            Function 013CE510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D348E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                            • API String ID: 689400697-3116451197
                                            • Opcode ID: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction ID: 729eb5e262a689ee81060c5dd95a339eecc5005e3bdf4a177380a16ee1ab0981
                                            • Opcode Fuzzy Hash: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction Fuzzy Hash: B011C6BB3843117AEA31156ABC07E2B3E6CF792A54F104168F600AE1D0D955CD50C3B5
                                            Function 013CE507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3A9A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                            • API String ID: 689400697-4185332897
                                            • Opcode ID: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction ID: c178f4a39daeeffa0d6e6a84d3807c62299036f1de2a17239aca9061ca3cdec6
                                            • Opcode Fuzzy Hash: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction Fuzzy Hash: CF11A0B77803157AE631565BBC07E6B3E9CFBA2A18F10016CFA04AE1D0D9918D1087B2
                                            Function 013CE464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3C0E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                            • API String ID: 689400697-4242683877
                                            • Opcode ID: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction ID: 23800e62f724abafc8b409ea4c20ab94c05c7d83a8beed787f1719943e4f0d0f
                                            • Opcode Fuzzy Hash: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction Fuzzy Hash: 921186F73802117AEA21265BBC47E6B3E5CF7A2A54F100168FA009E5E1D991CE51C3B5
                                            Function 013CE45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3B54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                            • API String ID: 689400697-1791514552
                                            • Opcode ID: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction ID: 9ad6c95ddfabacc7665aea0fa9ada8186571716aa21c0d6eca89923629443ef4
                                            • Opcode Fuzzy Hash: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction Fuzzy Hash: 5C11A5B73843117AEA21159BBC07E6B3E9CF7A2F59F1001A8FA00AE5D0D9A1CD10C7B5
                                            Function 013CE4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4241
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                            • API String ID: 689400697-954186549
                                            • Opcode ID: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction ID: a7fe0d85e8b21110b056b3b14284ee82adcf29955d6a88fdd52ba1ee4e5ceb04
                                            • Opcode Fuzzy Hash: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction Fuzzy Hash: BE11C6773802057AF621255BBC07E6B3E5CE7A2E55F100069FA00AE9D1D9A18E50C7B4
                                            Function 014565C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 014565CB
                                            Strings
                                            • com.freerdp.codec, xrefs: 0145660B
                                            • error when decoding lines, xrefs: 01456629
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 01456633
                                            • yuv_process_work_callback, xrefs: 0145662E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: primitives_get
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                            • API String ID: 2017034601-2620645302
                                            • Opcode ID: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction ID: f5ae369ee5c2942e50893042ea44bf7d40f63702763722015f39cdff8a0a4e8b
                                            • Opcode Fuzzy Hash: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction Fuzzy Hash: 0C0184B1640306AFDB159F59DC41E9A7BACFF04718F00415EF9089B241E671E9508BA4
                                            Function 01451D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %zd;NAME=%s%zd;PASS=%s
                                            • API String ID: 4218353326-3114484625
                                            • Opcode ID: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction ID: 3e749f08cb06d938524569cb4386494e0ad9bdf064c4512bd2e38717b923d40e
                                            • Opcode Fuzzy Hash: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction Fuzzy Hash: 5A015B71A00208BFDF54AFA4C881B9D7BA4EB18204F00886EEE059A322E2799654DB40
                                            Function 013A9EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9F06
                                            • region16_extents.GETSCREEN-156413884-X86(?,?), ref: 013A9F12
                                            • region16_n_rects.GETSCREEN-156413884-X86(?,?,?), ref: 013A9F1D
                                            • region16_n_rects.GETSCREEN-156413884-X86(?), ref: 013A9F7D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_extentsregion16_n_rects
                                            • String ID:
                                            • API String ID: 2062899502-0
                                            • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction ID: aba05ed040633ab9c2a85beb471273d6576c67906f60491e7d764fc8eb9e5ca7
                                            • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction Fuzzy Hash: 84512976D0022AAFCB14DF99C8409AEF7F5FF18754B55816AE859E7350E334AE40CBA0
                                            Function 0145408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strncpy
                                            • String ID:
                                            • API String ID: 2961919466-0
                                            • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction ID: 9bc75039f6a7905dcf9943e88435edab747272ca8948c5b6d09a72d323632bb0
                                            • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction Fuzzy Hash: B5119AB5400707AED7315E55D844B93FBBCEF28204F14491FD999C7661F331A558C7A1
                                            Function 00DC8E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8E6A
                                            • GetLastError.KERNEL32 ref: 00DC8E7F
                                            • TlsGetValue.KERNEL32 ref: 00DC8E8D
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8E96
                                            • TlsAlloc.KERNEL32 ref: 00DC8EC3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLastOnce$AllocExecuteInitValue
                                            • String ID:
                                            • API String ID: 2822033501-0
                                            • Opcode ID: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction ID: c6d8dce2ba7c17218e9a3e6543bd31135eeb7542f8117c423804dd858714fb0b
                                            • Opcode Fuzzy Hash: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction Fuzzy Hash: 480126756002099FCF209FB5EC08F6B7BBCFB09714B44412AF815D3264EB3198548BA1
                                            Function 00DAA790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                            • API String ID: 4218353326-3992632484
                                            • Opcode ID: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction ID: 293f2463c3dfe0f764a2504d82ed4a12d0b5830eeb0b9dd1b696862e9e74fb6f
                                            • Opcode Fuzzy Hash: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction Fuzzy Hash: A4414672F0031616EB205A698C41FBE7329FFE6344F58432DED45A7281FB788E45C2A2
                                            Function 014549E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_print.GETSCREEN-156413884-X86(?,?,?), ref: 01454A72
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_print
                                            • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                            • API String ID: 2744001552-3527835062
                                            • Opcode ID: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction ID: 562aebc54ae76dbb7b8593e4fcfa839605d457ae74abeb7991d28baa08d000ae
                                            • Opcode Fuzzy Hash: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction Fuzzy Hash: 8411D67264031637DB61AE1A5C46FAF2F5CAF71E64F48001EFD046B192F6B5DA4083E9
                                            Function 013C783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: audin$rdpsnd
                                            • API String ID: 0-930729200
                                            • Opcode ID: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction ID: 4c9795d63d76e3a78d7f186cc70a2ab4e1e21a1a7ebe166579e6f13d78f6174c
                                            • Opcode Fuzzy Hash: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction Fuzzy Hash: DE119331A00B16ABE725CF2CC48069AFBA4BB04F45F15422EEA6456140D7316850CFD1
                                            Function 01384029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 0138403A
                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01384060
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01384076
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreatePointer_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 4211031630-2916857029
                                            • Opcode ID: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction ID: 381c51d33e24c53357b96191ce7170b0469a98985975db59006ed86296b4e4b1
                                            • Opcode Fuzzy Hash: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction Fuzzy Hash: 58016236201210BBDB212BA6EC4EEA77F69EF45778F148155FA189D0E1D722C852D7A0
                                            Function 01454701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?), ref: 01454737
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 01454748
                                            • audio_format_print, xrefs: 01454743
                                            • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 0145473E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string
                                            • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                            • API String ID: 2866491501-3564663344
                                            • Opcode ID: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction ID: 4d3cc1b02c4a41811b38431a1373be714141d6e6a231df157a76bcf1ad8519a6
                                            • Opcode Fuzzy Hash: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction Fuzzy Hash: 6CF09675140205BADB401F46CC01E763B6DEB24B14B24804EFD1C8C0A1E677D9A2D3A0
                                            Function 01342713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?), ref: 01342725
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 01342745
                                            Strings
                                            • freerdp_abort_connect, xrefs: 01342739
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342734
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                            • API String ID: 3690923134-629580617
                                            • Opcode ID: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction ID: 780ff261c06bc48f883fade53332c5b6b2476ccd844acd2a968f0f22de3fa92b
                                            • Opcode Fuzzy Hash: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction Fuzzy Hash: 22E0D835240215EFEB616E19EC01F56BFD4AF10B98F20045DF6C476462E76174808684
                                            Function 0145632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0145633F
                                            • primitives_flags.GETSCREEN-156413884-X86(00000000), ref: 01456353
                                            • TpWaitForWork.NTDLL(00000000,00000000), ref: 014564A9
                                            • TpReleaseWork.NTDLL(00000000), ref: 014564B2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                            • String ID:
                                            • API String ID: 704174238-0
                                            • Opcode ID: 2d9a01ea79e199341bf383d19bf1eaccf096791351f878c39a88877f4185c01c
                                            • Instruction ID: d9f0c99ce5cf63a5b1e12375c16a99ecf4366011f718a65047e6f6f0b5ad0e20
                                            • Opcode Fuzzy Hash: 2d9a01ea79e199341bf383d19bf1eaccf096791351f878c39a88877f4185c01c
                                            • Instruction Fuzzy Hash: CE6139B5A0060AEFCB14CF68C9819AEBBF5FF58310B15856AE915E7321D730E951CF90
                                            Function 013AC297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_SetRgn.GETSCREEN-156413884-X86(?,?,?,?,00000000,00000001,?,?), ref: 013AC324
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_
                                            • String ID:
                                            • API String ID: 2273374161-0
                                            • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction ID: 1f52663d081b8fba09c00a6db078a19e8747deeb431cd4dda427110fb5127d8c
                                            • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction Fuzzy Hash: 1A31C7B1900209EFDB10DF98C9849AEBBF9FF48214F54806AE915E7250D335EA45CFA0
                                            Function 013D5C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 013D5C16
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C34
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C54
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C9A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Leave$Enter
                                            • String ID:
                                            • API String ID: 2978645861-0
                                            • Opcode ID: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction ID: 6c8160d4a94bd88029e7668633473bdcf0b6a98b89b100415c0ab11d05e72274
                                            • Opcode Fuzzy Hash: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction Fuzzy Hash: 0121CF32600605EFEF24CF18D980A69BBF8FF4536AF15462DE882A7260D770B981CB50
                                            Function 0142B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0143F42C: GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                              • Part of subcall function 0143F42C: SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                            • CloseHandle.KERNEL32(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B711
                                            • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B727
                                            • RtlExitUserThread.NTDLL(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B730
                                            • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0142B76E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                            • String ID:
                                            • API String ID: 1062721995-0
                                            • Opcode ID: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction ID: 5244581fe6ff735b4c11b26be4ea97906a3d4c7666ae54fe677bc28ddb87bbc0
                                            • Opcode Fuzzy Hash: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction Fuzzy Hash: 40119671900224ABDB209B6ADC04A5B7FA8DFD4760F58412BFA15D73B0DB70D945C791
                                            Function 013A9BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,00000000), ref: 013A9BDC
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9BEC
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9BF7
                                              • Part of subcall function 013A97FD: rectangles_intersection.GETSCREEN-156413884-X86(?,?,?), ref: 013A980C
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9C1A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                            • String ID:
                                            • API String ID: 3854534691-0
                                            • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction ID: f8ec99a550dcc8481c7017ee043332e9b4491628539506e417e6fe172d5fefda
                                            • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction Fuzzy Hash: 8401C433114A1969EF24DB5DD8C0BBBF7DCDB4456CF94401AE918B6040EB35E881C3B4
                                            Function 013C1F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_new.GETSCREEN-156413884-X86 ref: 013C1F56
                                            • freerdp_context_new.GETSCREEN-156413884-X86(00000000,00000000,?,?), ref: 013C1FA4
                                            • freerdp_register_addin_provider.GETSCREEN-156413884-X86(?,00000000), ref: 013C1FC7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                            • String ID:
                                            • API String ID: 3731710698-0
                                            • Opcode ID: 3c1f5c13c1d6a323915b4b62573cf6e7d28c4b372ec3b648d997735dbb8ebefd
                                            • Instruction ID: a1a17a3c6adcac49a707be13d191953146c7e3f5c8bdc6e6cd74f0191733f9da
                                            • Opcode Fuzzy Hash: 3c1f5c13c1d6a323915b4b62573cf6e7d28c4b372ec3b648d997735dbb8ebefd
                                            • Instruction Fuzzy Hash: D311E331604B13EBD324AF7AD800F9ABBE9BF70A28F10451EE45887251EB70F851DB90
                                            Function 0145621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID:
                                            • API String ID: 733272558-0
                                            • Opcode ID: f9bfd293d50d9658b4a192b63f08b5d3fc8ac9060039a7e83c718fe4fda1f98b
                                            • Instruction ID: 653c06db864b53c376e4040653804ab83f5bd281b5c57cbd09c17127d62a6851
                                            • Opcode Fuzzy Hash: f9bfd293d50d9658b4a192b63f08b5d3fc8ac9060039a7e83c718fe4fda1f98b
                                            • Instruction Fuzzy Hash: 63E0DF32040B207FCA717BA6CD00D9BBB98BF78601300041AF88697630CA33A8528BC0
                                            Function 01356AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_free.GETSCREEN-156413884-X86(00000000), ref: 01357326
                                              • Part of subcall function 01357F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 01357FCC
                                              • Part of subcall function 01357F9B: freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000680,?), ref: 01357FFC
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(00000000,00000086,?), ref: 01356D8C
                                            Strings
                                            • C:\Windows\System32\mstscax.dll, xrefs: 01356F3F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                            • String ID: C:\Windows\System32\mstscax.dll
                                            • API String ID: 2334115954-183970058
                                            • Opcode ID: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction ID: 9e91f0b4fd58cee27cd03cd22d5f841d7e4cbdfb9462bbd71c24c6718714c978
                                            • Opcode Fuzzy Hash: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction Fuzzy Hash: B5E1D8B0504B009EE324DF39D895B93BBE4FF18311F91592EE5AE8B391D7B1A584CB48
                                            Function 013AD99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-3916222277
                                            • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction ID: 35c16b48eae4dfdb2886fb0bc315170ca8c54eb0522c590ca10cebc9d28bfd99
                                            • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction Fuzzy Hash: 3351A3B300014ABBDF02DE94CD40DEB7BAEFF18248F494256FE1991420E732E6659BA1
                                            Function 013D68CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013D697B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: %s: unknown handler type %u$WLog_Appender_New
                                            • API String ID: 2593887523-3466059274
                                            • Opcode ID: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction ID: 045603b24084d45e782251ca89a28e5b85f2358a0d6697204453bb550e78f160
                                            • Opcode Fuzzy Hash: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction Fuzzy Hash: 5A114CF350821767E6227ABD7C87DFF5F6C9B5393CB04401EF525AA550DE30E10141A2
                                            Function 01343FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s%s-client.%s$DeviceServiceEntry
                                            • API String ID: 0-2733899524
                                            • Opcode ID: 24570782b5d97f5c6a435bb959d90934631c2e13bbb8a464d3f3e07e42d188ea
                                            • Instruction ID: ad26b422da8b47cd049169b701be9ea8e2c1fdc0ebe83c870a6fde087fe8a876
                                            • Opcode Fuzzy Hash: 24570782b5d97f5c6a435bb959d90934631c2e13bbb8a464d3f3e07e42d188ea
                                            • Instruction Fuzzy Hash: FD119476A00219ABFB109E9DC880BAFBBECEF50A58F14402EFE14D7240D770E9118B90
                                            Function 013CEBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,013CE987), ref: 013CEBF6
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,013CE987), ref: 013CEC1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILTER
                                            • API String ID: 1431749950-2006202657
                                            • Opcode ID: 6c73511cc095a714a81733591ef13c2c80ba2ec2b5dae46204c1d096e9b38ca8
                                            • Instruction ID: 23829b4781b5ec053d71c6dc6f29d870354d0287abbeab3a86d8256aecd6931f
                                            • Opcode Fuzzy Hash: 6c73511cc095a714a81733591ef13c2c80ba2ec2b5dae46204c1d096e9b38ca8
                                            • Instruction Fuzzy Hash: 97F021332152657BD720276AFC89C6F7F6DEAA6ABC351403EF404C7114EB754C4187A1
                                            Function 013CBC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: .msrcIncident$.rdp
                                            • API String ID: 4218353326-1437571178
                                            • Opcode ID: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction ID: 2dedb52d1feb61a4fe27bc53ea19b4e30870e6810465bfe3cc792999e0d2a39b
                                            • Opcode Fuzzy Hash: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction Fuzzy Hash: 6FF02873A1492B6ACD2499BDDC0386BB74CEA129F8710832EE43AD75D0DE32DC1087D0
                                            Function 013D4BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BCC
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WINPR_NATIVE_SSPI
                                            • API String ID: 1431749950-1020623567
                                            • Opcode ID: a11977c71e10b6d64f6760cf5c5797a0a5dc6a42415db91c88526046bc38d1b7
                                            • Instruction ID: 816ab11a40be2ab034225549062833fb89e05e5101713531481e5a99bb21681b
                                            • Opcode Fuzzy Hash: a11977c71e10b6d64f6760cf5c5797a0a5dc6a42415db91c88526046bc38d1b7
                                            • Instruction Fuzzy Hash: 0CF0273365523336E935316A7C05F7B9E68DBB7E2CB15012DF501DB884CA60444346D1
                                            Function 0139A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • rfx_context_new.GETSCREEN-156413884-X86(?), ref: 0139A2ED
                                              • Part of subcall function 0138E4DD: GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                              • Part of subcall function 0138E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                              • Part of subcall function 0138E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • progressive_context_free.GETSCREEN-156413884-X86(00000000), ref: 0139A36D
                                            Strings
                                            • com.freerdp.codec.progressive, xrefs: 0139A2CA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                            • String ID: com.freerdp.codec.progressive
                                            • API String ID: 2699998398-3622116780
                                            • Opcode ID: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction ID: b903ba57351ec306bb47c57f361eef0bbc234dd5903d3337a18a4bf8388ca9ac
                                            • Opcode Fuzzy Hash: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction Fuzzy Hash: 75F0E932A057131AF7247BBE9841F4B7FD8DF52A74F14012EF648AB580DAB194018360
                                            Function 0133F215 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0133F221
                                              • Part of subcall function 014223CE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,0133F214,?,?,?,?,0133F214,?,0157FCE4), ref: 0142242E
                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0133F241
                                              • Part of subcall function 012A91A0: ___std_exception_copy.LIBVCRUNTIME ref: 012A91D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: std::invalid_argument::invalid_argument$DispatcherExceptionUser___std_exception_copy
                                            • String ID: bad function call
                                            • API String ID: 1082284150-3612616537
                                            • Opcode ID: 0b6c52e323deb56b225f3ae0b0c91ef558f51bc131a0d16cd93dd87c69f0f902
                                            • Instruction ID: f02ba862bfbcb8a289e49bb17c6c981b3319f74de7650393de47a4825ad16c0a
                                            • Opcode Fuzzy Hash: 0b6c52e323deb56b225f3ae0b0c91ef558f51bc131a0d16cd93dd87c69f0f902
                                            • Instruction Fuzzy Hash: A4F05434C0420D77CF04FBF5E846CCCB77CAE24240FC04465FA14A6450EBB1A75986E1
                                            Function 01381ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_get_key_for_name.GETSCREEN-156413884-X86(?), ref: 01381EEF
                                            • freerdp_settings_get_type_for_key.GETSCREEN-156413884-X86(00000000), ref: 01381F51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                            • String ID: TRUE
                                            • API String ID: 1888880752-3412697401
                                            • Opcode ID: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction ID: 25d52f0e006ed1afefd704ce1bc38db49ac92e3eef42a2633b70413bd4a5f87d
                                            • Opcode Fuzzy Hash: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction Fuzzy Hash: 23E0E572304715AEDA117BDEDC81D9F371CEB55EA9B11012AF60467240E770D90656B0
                                            Function 013815BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: 42cba1ae3c82294e59f63611198e77300255bb6e2078cec47984a07bf366e8cc
                                            • Instruction ID: cf3832540a1a8c38c237d136510522c526fbee2589fdee85625e56d4c22a2fb9
                                            • Opcode Fuzzy Hash: 42cba1ae3c82294e59f63611198e77300255bb6e2078cec47984a07bf366e8cc
                                            • Instruction Fuzzy Hash: A2F082B140031BBFDB217FA68C81DAB7B5DFF28294B450025FD0896221E735DA21D6E0
                                            Function 01381493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: e9229e0123e37ae92adb0d97c2434b16a8d750e7ae9f70db5e8ddc06ac9b49f8
                                            • Instruction ID: b0cbd28eee89c9f9112022bab4031aa3c83bd418a782fb116d89730d1bdd7555
                                            • Opcode Fuzzy Hash: e9229e0123e37ae92adb0d97c2434b16a8d750e7ae9f70db5e8ddc06ac9b49f8
                                            • Instruction Fuzzy Hash: 35F089B14003177BDB217FA6DC41DAB7A6DFF25154B450424FD04A7221E735DD21D6E1
                                            Function 013D717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,013D7163), ref: 013D7190
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,013D7163), ref: 013D71B1
                                              • Part of subcall function 013D7310: LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                              • Part of subcall function 013D7310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                            • String ID: WTSAPI_LIBRARY
                                            • API String ID: 3590464466-1122459656
                                            • Opcode ID: c6ad1879343ed119d0beab14d00fd5c74476a19a8f20884d797cb3375bb840ef
                                            • Instruction ID: 7441bf2974fc97e8c13fddd70787de18a6548a41442f3a284a154d77796e6aec
                                            • Opcode Fuzzy Hash: c6ad1879343ed119d0beab14d00fd5c74476a19a8f20884d797cb3375bb840ef
                                            • Instruction Fuzzy Hash: 90E09B3310563379E632216DBC4BF9FBA15DBD3A6DF65021DF4005B1D4AF60544182A6
                                            Function 013D7310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                            • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitWtsApi
                                            • API String ID: 2574300362-3428673357
                                            • Opcode ID: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction ID: 072ac635a8ee2cbf33a5a4639453ee5b4b504269c70a302cd996b0db578b38f2
                                            • Opcode Fuzzy Hash: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction Fuzzy Hash: 3FD01772644605ABEF20AFF6BC0691A3FADAB4094D3086926E829C6564EB71C16087A1
                                            Function 0143F42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0142B650,01580388,0000000C), ref: 0143F430
                                            • SetLastError.KERNEL32(00000000), ref: 0143F4D2
                                            • GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                            • SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                              • Part of subcall function 0143F066: RtlFreeHeap.NTDLL(00000000,00000000,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F07C
                                              • Part of subcall function 0143F066: GetLastError.KERNEL32(?,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F087
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.4144046676.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000000.00000002.4143965159.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000015FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000234F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023D4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4144046676.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.4148449731.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FreeHeap
                                            • String ID:
                                            • API String ID: 3197834085-0
                                            • Opcode ID: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction ID: 275aef4f51c561095fb4ef2a3d52f5b552f496daa72ef52b60e430bac8d23e29
                                            • Opcode Fuzzy Hash: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction Fuzzy Hash: 62412B35E156126FEA213B7DAD84D2B364C9FBC674B160237F620DA2F1DB30980E4A13

                                            Execution Graph

                                            Execution Coverage:0.4%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:57
                                            Total number of Limit Nodes:4
                                            execution_graph 12891 142b62b 12892 142b637 12891->12892 12893 142b64b 12892->12893 12894 142b63e GetLastError RtlExitUserThread 12892->12894 12897 143f42c GetLastError 12893->12897 12894->12893 12896 142b650 12898 143f442 12897->12898 12908 143f44c SetLastError 12898->12908 12924 143f717 12898->12924 12901 143f4dc 12901->12896 12902 143f479 12904 143f481 12902->12904 12905 143f4b9 12902->12905 12903 143f4e1 12911 143f717 RtlAllocateHeap 12903->12911 12913 143f4fe 12903->12913 12928 143f066 12904->12928 12932 143f25a 12905->12932 12908->12901 12908->12903 12910 143f066 __aligned_free 2 API calls 12910->12908 12912 143f522 12911->12912 12916 143f52a 12912->12916 12917 143f55e 12912->12917 12914 143f57d GetLastError 12913->12914 12923 143f503 12913->12923 12915 143f593 12914->12915 12919 143f622 SetLastError 12915->12919 12920 143f066 __aligned_free 2 API calls 12916->12920 12918 143f25a 2 API calls 12917->12918 12921 143f569 12918->12921 12919->12896 12920->12913 12922 143f066 __aligned_free 2 API calls 12921->12922 12922->12923 12923->12896 12927 143f730 12924->12927 12925 143f74f RtlAllocateHeap 12926 143f764 12925->12926 12925->12927 12926->12902 12927->12925 12927->12926 12929 143f071 HeapFree 12928->12929 12931 143f093 __aligned_free 12928->12931 12930 143f086 GetLastError 12929->12930 12929->12931 12930->12931 12931->12908 12937 143f0ee 12932->12937 12938 143f0fa 12937->12938 12949 142f2a5 RtlEnterCriticalSection 12938->12949 12940 143f104 12950 143f134 12940->12950 12943 143f200 12944 143f20c 12943->12944 12954 142f2a5 RtlEnterCriticalSection 12944->12954 12946 143f216 12955 143f24e 12946->12955 12949->12940 12953 142f2ed RtlLeaveCriticalSection 12950->12953 12952 143f122 12952->12943 12953->12952 12954->12946 12958 142f2ed RtlLeaveCriticalSection 12955->12958 12957 143f23c 12957->12910 12958->12957 12959 24b29e0 12961 24b29f8 12959->12961 12960 24b2b03 LoadLibraryA 12960->12961 12961->12960 12963 24b2b48 VirtualProtect VirtualProtect 12961->12963 12964 24b2b2c GetProcAddress 12961->12964 12966 24b2bc0 12963->12966 12964->12961 12965 24b2b42 ExitProcess 12964->12965

                                            Executed Functions

                                            Function 024B29E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 24b29e0-24b29f0 1 24b2a02-24b2a07 0->1 2 24b2a09 1->2 3 24b2a0b 2->3 4 24b29f8-24b29fd 2->4 6 24b2a10-24b2a12 3->6 5 24b29fe-24b2a00 4->5 5->1 5->2 7 24b2a1b-24b2a1f 6->7 8 24b2a14-24b2a19 6->8 9 24b2a2c-24b2a2f 7->9 10 24b2a21 7->10 8->7 13 24b2a38-24b2a3a 9->13 14 24b2a31-24b2a36 9->14 11 24b2a4b-24b2a50 10->11 12 24b2a23-24b2a2a 10->12 15 24b2a63-24b2a65 11->15 16 24b2a52-24b2a5b 11->16 12->9 12->11 13->6 14->13 19 24b2a6e 15->19 20 24b2a67-24b2a6c 15->20 17 24b2a5d-24b2a61 16->17 18 24b2ad2-24b2ad5 16->18 17->19 21 24b2ada 18->21 22 24b2a3c-24b2a3e 19->22 23 24b2a70-24b2a73 19->23 20->19 24 24b2adc-24b2ade 21->24 27 24b2a40-24b2a45 22->27 28 24b2a47-24b2a49 22->28 25 24b2a7c 23->25 26 24b2a75-24b2a7a 23->26 30 24b2ae0-24b2ae3 24->30 31 24b2af7 24->31 25->22 32 24b2a7e-24b2a80 25->32 26->25 27->28 29 24b2a9d-24b2aac 28->29 33 24b2aae-24b2ab5 29->33 34 24b2abc-24b2ac9 29->34 30->24 35 24b2ae5-24b2af5 30->35 36 24b2afd-24b2b01 31->36 37 24b2a89-24b2a8d 32->37 38 24b2a82-24b2a87 32->38 33->33 39 24b2ab7 33->39 34->34 40 24b2acb-24b2acd 34->40 35->21 41 24b2b48-24b2b4b 36->41 42 24b2b03-24b2b19 LoadLibraryA 36->42 37->32 43 24b2a8f 37->43 38->37 39->5 40->5 44 24b2b4e-24b2b55 41->44 45 24b2b1a-24b2b1f 42->45 46 24b2a9a 43->46 47 24b2a91-24b2a98 43->47 48 24b2b79-24b2bbd VirtualProtect * 2 44->48 49 24b2b57-24b2b59 44->49 45->36 50 24b2b21-24b2b23 45->50 46->29 47->32 47->46 57 24b2bc0-24b2bc1 48->57 51 24b2b5b-24b2b6a 49->51 52 24b2b6c-24b2b77 49->52 53 24b2b2c-24b2b39 GetProcAddress 50->53 54 24b2b25-24b2b2b 50->54 51->44 52->51 55 24b2b3b-24b2b40 53->55 56 24b2b42 ExitProcess 53->56 54->53 55->45 58 24b2bc5-24b2bc9 57->58 58->58 59 24b2bcb 58->59
                                            APIs
                                            • LoadLibraryA.KERNEL32(?), ref: 024B2B13
                                            • GetProcAddress.KERNELBASE(?,0248CFF9), ref: 024B2B31
                                            • ExitProcess.KERNEL32(?,0248CFF9), ref: 024B2B42
                                            • VirtualProtect.KERNELBASE(00D60000,00001000,00000004,?,00000000), ref: 024B2B90
                                            • VirtualProtect.KERNELBASE(00D60000,00001000), ref: 024B2BA5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                            • String ID:
                                            • API String ID: 1996367037-0
                                            • Opcode ID: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction ID: d0ae418350bdc67fde13f2f37d00c39ec521af3bd17cc9c7e9247e9c20d2f06e
                                            • Opcode Fuzzy Hash: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction Fuzzy Hash: 8351F2726147125AE732CEB8CCC07E6B791EF4A224718072ADDE2D73C6EBE459468370
                                            Function 0142B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetLastError.KERNEL32(01580388,0000000C), ref: 0142B63E
                                            • RtlExitUserThread.NTDLL(00000000), ref: 0142B645
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitLastThreadUser
                                            • String ID:
                                            • API String ID: 1750398979-0
                                            • Opcode ID: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction ID: 6086993c94fc618f31227310ec58130ff8e3fcd83ce0aada473f565c26069d54
                                            • Opcode Fuzzy Hash: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction Fuzzy Hash: 3DF0C271A00216AFDF21AFB1C409A6E7B74EF65710F14415EF405A72B1CB306981CBA2

                                            Non-executed Functions

                                            Function 013CE437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D43BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                            • API String ID: 689400697-3976766517
                                            • Opcode ID: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction ID: 3d3c1bd64a95e4e8c8ca3d5ec4fd612ade2c6b9b7535c10fd32eb1328bc63899
                                            • Opcode Fuzzy Hash: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction Fuzzy Hash: 6D1198773802057FEB216E5AFC47E6B3E6CEB91A55F100068FA00A95D1D961CA60D7B0
                                            Function 013CE42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D42FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                            • API String ID: 689400697-3301108232
                                            • Opcode ID: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction ID: 810d866c165060910277caf65d0c1a3bb98ce342e222a01aaaabe4eeb6144924
                                            • Opcode Fuzzy Hash: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction Fuzzy Hash: C511B2773803057BEB216A5ABC47E6B3E6CFB96A15F000168FA00A95D1D961CA20D7B0
                                            Function 01375E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_fingerprint.GETSCREEN-156413884-X86(?), ref: 01375E1C
                                              • Part of subcall function 0137576E: crypto_cert_fingerprint_by_hash.GETSCREEN-156413884-X86(?,sha256), ref: 01375779
                                            • crypto_cert_issuer.GETSCREEN-156413884-X86(?), ref: 01375E30
                                            • crypto_cert_subject.GETSCREEN-156413884-X86(?,?), ref: 01375E3A
                                            • certificate_data_new.GETSCREEN-156413884-X86(?,?,00000000,00000000,00000000,?,?), ref: 01375E4A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                            • String ID:
                                            • API String ID: 1865246629-0
                                            • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction ID: a404041bf680b9b395dfa63bbf5ebd5c4f2f21a51e34ae9ab9cb459bad4371a5
                                            • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction Fuzzy Hash: A1E0DF35000209BFCF252F2DCC04CAF7EADEF816E8B048128BC0856220EA32CD1096A0
                                            Function 013D7449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 593 13d7449-13d745b LoadLibraryA 594 13d745d 593->594 595 13d745e-13d78e4 GetProcAddress * 63 call 13e001b 593->595
                                            APIs
                                            • LoadLibraryA.KERNEL32(wtsapi32.dll,013D7168), ref: 013D744E
                                            • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 013D746B
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 013D747D
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 013D748F
                                            • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 013D74A1
                                            • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 013D74B3
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 013D74C5
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 013D74D7
                                            • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 013D74E9
                                            • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 013D74FB
                                            • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 013D750D
                                            • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 013D751F
                                            • GetProcAddress.KERNEL32(WTSCloseServer), ref: 013D7531
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 013D7543
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 013D7555
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 013D7567
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 013D7579
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 013D758B
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 013D759D
                                            • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 013D75AF
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 013D75C1
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 013D75D3
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 013D75E5
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 013D75F7
                                            • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 013D7609
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                            • API String ID: 2238633743-2998606599
                                            • Opcode ID: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction ID: 3896cb70a0008139251e06703b9c09ebde9e8c76644898bb80b48b41fc6e08c9
                                            • Opcode Fuzzy Hash: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction Fuzzy Hash: 0BB1ADB5D40334BACF315F72AC8A80E3E63F7156767287A1AE4845AB58D7B54070DFA0
                                            Function 013C14E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 700 13c14e3-13c14fb 701 13c16dd 700->701 702 13c1501-13c1509 700->702 704 13c16df-13c16e3 701->704 702->701 703 13c150f-13c1523 freerdp_error_info 702->703 705 13c1529-13c152f 703->705 706 13c16e4-13c16f0 703->706 705->701 707 13c1535-13c153c 705->707 708 13c16fe-13c170a call 13ce9a3 706->708 709 13c16f2-13c16f9 call 13ce717 706->709 712 13c154e-13c155a call 13ce9a3 707->712 713 13c153e-13c1549 call 13ce717 707->713 718 13c158e-13c1595 708->718 719 13c1710-13c1736 call 13ced82 708->719 709->708 724 13c155c-13c1586 freerdp_get_error_info_string call 13ced82 712->724 725 13c1589 712->725 713->712 718->701 722 13c159b-13c15a3 718->722 719->718 726 13c15a5-13c15ad 722->726 727 13c15b3-13c15ba 722->727 724->725 725->718 726->701 726->727 730 13c15bc-13c15c3 call 13ce717 727->730 731 13c15c8-13c15d4 call 13ce9a3 727->731 730->731 737 13c15d6-13c15fd call 13ced82 731->737 738 13c1600-13c1609 freerdp_reconnect 731->738 737->738 740 13c160f-13c161c freerdp_get_last_error 738->740 741 13c173b-13c173e 738->741 742 13c161e-13c1625 740->742 743 13c166b 740->743 741->704 745 13c1627-13c162e call 13ce717 742->745 746 13c1633-13c163f call 13ce9a3 742->746 747 13c166d-13c1671 743->747 745->746 756 13c1667 746->756 757 13c1641-13c1664 call 13ced82 746->757 750 13c167c-13c1688 Sleep 747->750 751 13c1673-13c167a 747->751 750->747 752 13c168a-13c168e 750->752 751->701 751->750 752->722 755 13c1694-13c169b 752->755 759 13c169d-13c16a4 call 13ce717 755->759 760 13c16a9-13c16b5 call 13ce9a3 755->760 756->743 757->756 759->760 760->701 767 13c16b7-13c16da call 13ced82 760->767 767->701
                                            APIs
                                            • freerdp_error_info.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1519
                                            • freerdp_get_error_info_string.GETSCREEN-156413884-X86(00000000,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C155D
                                            • freerdp_reconnect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1601
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1611
                                            • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C167E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                            • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                            • API String ID: 968149013-2963753137
                                            • Opcode ID: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction ID: 6f57ed85601c1ed12580f7841f3b666beb615a4ce0743806257e00425fefb1a2
                                            • Opcode Fuzzy Hash: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction Fuzzy Hash: 0651AB72780306B7F7226E2DEC46F6A2A98AB20F2CF14412DFA05EE1C6D6B49D505754
                                            Function 0138A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • gdi_get_pixel_format.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138A8B3
                                            • gdi_free.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138AA40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_freegdi_get_pixel_format
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                            • API String ID: 1251975138-534786182
                                            • Opcode ID: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction ID: 159ed97255acf3df06af589bec5dadd90c9c30064dd8a8638358d342e0afeb15
                                            • Opcode Fuzzy Hash: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction Fuzzy Hash: 3B41D371200703AFEB11BF38DC40BA9BBA5FF50318F14842EEA589B555EF72A8508B50
                                            Function 013C6C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 826 13c6c86-13c6ca5 call 14335f0 829 13c6cdf-13c6cef call 14335f0 826->829 830 13c6ca7-13c6caa 826->830 839 13c6cf5-13c6cfa 829->839 840 13c6da3-13c6db3 call 14335f0 829->840 831 13c6cb0-13c6cc5 830->831 832 13c6d43 830->832 834 13c6cca-13c6cdd call 13c706d 831->834 835 13c6cc7 831->835 836 13c6d45-13c6d49 832->836 834->836 835->834 839->832 842 13c6cfc-13c6d0b 839->842 848 13c6e3d-13c6e4d call 14335f0 840->848 849 13c6db9-13c6dbe 840->849 844 13c7066-13c7068 842->844 845 13c6d11-13c6d20 call 1425feb 842->845 844->836 845->832 853 13c6d22-13c6d3a call 1425ff6 845->853 858 13c6faf-13c6fbf call 14335f0 848->858 859 13c6e53-13c6e58 848->859 849->832 852 13c6dc0-13c6de0 call 1425feb 849->852 852->832 861 13c6de6-13c6def 852->861 864 13c6d3c-13c6d3d call 1425f15 853->864 865 13c6d4a-13c6d4d 853->865 858->832 873 13c6fc5-13c6fca 858->873 859->832 862 13c6e5e-13c6e7e call 1425feb 859->862 866 13c6e19-13c6e26 freerdp_device_collection_add 861->866 867 13c6df1-13c6dfc call 1433680 861->867 862->832 880 13c6e84-13c6e89 862->880 878 13c6d42 864->878 874 13c6d4f-13c6d60 call 1425ff6 865->874 875 13c6d73 865->875 866->844 876 13c6e2c-13c6e32 call 1425f15 866->876 885 13c6dfe-13c6e0f call 1425ff6 867->885 886 13c6e16 867->886 873->832 881 13c6fd0-13c6ff0 call 1425feb 873->881 877 13c6d75-13c6d82 freerdp_device_collection_add 874->877 897 13c6d62-13c6d6a call 1425f15 874->897 875->877 891 13c6e37-13c6e38 876->891 877->844 884 13c6d88-13c6da1 call 1425f15 * 3 877->884 878->832 887 13c6f5f-13c6f62 880->887 888 13c6e8f-13c6ea5 call 1425ff6 880->888 881->832 904 13c6ff6-13c6fff 881->904 884->832 885->866 908 13c6e11 885->908 886->866 895 13c6f65-13c6f78 freerdp_device_collection_add 887->895 888->864 909 13c6eab-13c6eae 888->909 898 13c6d6b-13c6d71 call 1425f15 891->898 895->844 903 13c6f7e-13c6faa call 1425f15 * 5 895->903 897->898 898->878 903->832 911 13c703d-13c704d freerdp_device_collection_add 904->911 912 13c7001-13c7017 call 1425ff6 904->912 908->864 909->887 916 13c6eb4-13c6eca call 1425ff6 909->916 911->844 914 13c704f-13c7061 call 1425f15 * 2 911->914 912->864 924 13c701d-13c7020 912->924 914->844 931 13c6ecc-13c6ed9 call 1425f15 916->931 932 13c6ede-13c6ee1 916->932 924->911 929 13c7022-13c7033 call 1425ff6 924->929 929->911 944 13c7035 929->944 931->891 932->887 936 13c6ee3-13c6ef9 call 1425ff6 932->936 947 13c6f18-13c6f1b 936->947 948 13c6efb-13c6f12 call 1425f15 * 2 936->948 944->911 947->895 951 13c6f1d-13c6f2e call 1425ff6 947->951 948->947 951->895 957 13c6f30-13c6f5a call 1425f15 * 4 951->957 957->832
                                            APIs
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,?), ref: 013C6D79
                                            • _strlen.LIBCMT ref: 013C6DF4
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6E1D
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6F6F
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C7044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_device_collection_add$_strlen
                                            • String ID: drive$parallel$printer$serial$smartcard
                                            • API String ID: 2230162058-807955808
                                            • Opcode ID: 1d85a621f1dde8e66923ce991a9316ea76b848ab9a048d32270712ec6bca43d1
                                            • Instruction ID: af469f7c7d7865033e1512754ab9a6ed36f447a73bb594dc56e28c7fd9e0ae65
                                            • Opcode Fuzzy Hash: 1d85a621f1dde8e66923ce991a9316ea76b848ab9a048d32270712ec6bca43d1
                                            • Instruction Fuzzy Hash: 95B1F2725042279FDF15AF19C851DADBBA1FF14718B15806EE9085F262EF32DD918F80
                                            Function 01350E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 966 1350e1f-1350e32 967 1350e34-1350e3b 966->967 968 1350e82-1350e8f call 1351585 966->968 969 1350e4d-1350e59 call 13ce9a3 967->969 970 1350e3d-1350e48 call 13ce717 967->970 977 1350ee4-1350f8c call 14229c0 RtlEnterCriticalSection RtlLeaveCriticalSection 968->977 978 1350e91-1350e98 968->978 981 1350fdf-1350fe2 969->981 982 1350e5f-1350e7d 969->982 970->969 992 1350ede 977->992 996 1350f92-1350f99 977->996 979 1350eaa-1350eb6 call 13ce9a3 978->979 980 1350e9a-1350ea5 call 13ce717 978->980 979->992 993 1350eb8-1350edb call 13ced82 979->993 980->979 986 1350ee0-1350ee3 981->986 987 1350fd7-1350fdc call 13ced82 982->987 987->981 992->986 993->992 998 1350fab-1350fb7 call 13ce9a3 996->998 999 1350f9b-1350fa6 call 13ce717 996->999 998->981 1005 1350fb9-1350fd1 998->1005 999->998 1005->987
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350F64
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350F79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                            • API String ID: 3168844106-1571615648
                                            • Opcode ID: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction ID: 5f0f12fb799cee8d87f7b1fe246568b1f5c8198efb26002170337a39528fea28
                                            • Opcode Fuzzy Hash: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction Fuzzy Hash: 34419071A44306AEDB599FADDC46F9D77F4AB08B18F10402DFA18AB180D771A904CB94
                                            Function 013842E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1049 13842e5-13843dd call 1433680 call 13d010e CreateFileA GetFileSize call 1425f30 1059 13843e3-13843f4 ReadFile 1049->1059 1060 1384507-1384514 CloseHandle 1049->1060 1061 13843fa-13843fd 1059->1061 1062 1384500-1384506 call 1425f15 1059->1062 1061->1062 1063 1384403-1384408 1061->1063 1062->1060 1063->1062 1065 138440e-138448f SetFilePointer SetEndOfFile 1063->1065 1065->1062 1068 1384515-138451e 1065->1068 1069 138469c-13846b0 call 13d536b 1068->1069 1072 1384523-138452c call 1433680 1069->1072 1073 13847b3-13847d8 call 13ce9a3 1069->1073 1072->1069 1078 1384532-138454e call 138484b 1072->1078 1073->1062 1081 13847de-13847ed call 1425fd8 * 2 call 1433e39 1073->1081 1078->1069 1084 1384554-1384624 call 1384878 call 14335f0 call 1348b2e 1078->1084 1084->1062 1097 138462a-138463c call 1425f30 1084->1097 1097->1069 1097->1073
                                            APIs
                                            • _strlen.LIBCMT ref: 013842FA
                                            • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01384320
                                            • GetFileSize.KERNEL32(00000000,?), ref: 0138433A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreateSize_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 2645226956-2916857029
                                            • Opcode ID: f78269b460aaa402379a1412562b5e89bd8862e68fe2ae83f9820b6bdbe93d2f
                                            • Instruction ID: 45aa4d3e0be2c9c29de822f64a3f4606144c2b4de684e5bb55edde4a13fb1e83
                                            • Opcode Fuzzy Hash: f78269b460aaa402379a1412562b5e89bd8862e68fe2ae83f9820b6bdbe93d2f
                                            • Instruction Fuzzy Hash: 5E5184B1900316AEEF11ABB9EC45BBF7BBCEF15628F10412AF901E6950EB34D9008761
                                            Function 01350C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1100 1350c4d-1350c61 1101 1350cb1-1350cbf call 135155c 1100->1101 1102 1350c63-1350c6a 1100->1102 1111 1350d15-1350dc4 call 14229c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1101->1111 1112 1350cc1-1350cc8 1101->1112 1103 1350c7c-1350c88 call 13ce9a3 1102->1103 1104 1350c6c-1350c77 call 13ce717 1102->1104 1113 1350e17-1350e1a 1103->1113 1114 1350c8e-1350cac 1103->1114 1104->1103 1126 1350d0e 1111->1126 1131 1350dca-1350dd1 1111->1131 1116 1350cda-1350ce6 call 13ce9a3 1112->1116 1117 1350cca-1350cd5 call 13ce717 1112->1117 1118 1350d10-1350d14 1113->1118 1119 1350e0f-1350e14 call 13ced82 1114->1119 1116->1126 1127 1350ce8-1350d0b call 13ced82 1116->1127 1117->1116 1119->1113 1126->1118 1127->1126 1133 1350de3-1350def call 13ce9a3 1131->1133 1134 1350dd3-1350dde call 13ce717 1131->1134 1133->1113 1139 1350df1-1350e09 1133->1139 1134->1133 1139->1119
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350D92
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350DB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                            • API String ID: 3168844106-4217659166
                                            • Opcode ID: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction ID: 987e4c116d9f46f87f4a3b24b469bd4f017d95157e2228a3670d9e26348f9da1
                                            • Opcode Fuzzy Hash: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction Fuzzy Hash: 7D519271A40306AFEB69DF69DC85F9E7BE4EB04B18F14402DFA04AB290E775A900CB54
                                            Function 01455E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1140 1455e43-1455e57 1141 1455e5e-1455e64 1140->1141 1142 1455e59-1455e5b 1140->1142 1143 1455e66-1455e6b 1141->1143 1144 1455e6d-1455e73 1141->1144 1142->1141 1143->1144 1145 1455ee5-1455ee7 1143->1145 1146 1455e76-1455ea2 call 143aa7a call 143aa94 1144->1146 1147 1455ee9-1455eec 1145->1147 1161 1455f3e 1146->1161 1162 1455ea8-1455ec8 call 14229c0 1146->1162 1149 1455eee-1455ef0 1147->1149 1150 1455f0a-1455f18 call 13ce9a3 1147->1150 1149->1150 1152 1455ef2-1455ef5 1149->1152 1158 1455f40-1455f6e call 143aa7a * 4 1150->1158 1159 1455f1a-1455f3c call 13ced82 1150->1159 1152->1150 1155 1455ef7-1455efe 1152->1155 1155->1147 1160 1455f00-1455f03 1155->1160 1170 1455f71-1455f75 1158->1170 1159->1158 1160->1158 1165 1455f05-1455f08 1160->1165 1161->1158 1162->1146 1171 1455eca-1455ee2 call 143aa7a call 143aa94 1162->1171 1165->1170 1171->1145
                                            APIs
                                            Strings
                                            • YUV buffer not initialized! check your decoder settings, xrefs: 01455F1A
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 01455F24
                                            • avc444_ensure_buffer, xrefs: 01455F1F
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                            • API String ID: 733272558-18228272
                                            • Opcode ID: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction ID: d44039bc7597f7f4584488b1f34008df8b41a5a3505abb317dad0748f8e3166c
                                            • Opcode Fuzzy Hash: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction Fuzzy Hash: A941B672640306AFDB209F6ACC81A66BBE5FF64214F14483FEA86CF671D272E451CB40
                                            Function 01453B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1182 1453b76-1453b91 freerdp_settings_set_bool 1183 1453b97-1453b9e 1182->1183 1184 1453d20 1182->1184 1183->1184 1186 1453ba4-1453ba8 1183->1186 1185 1453d22-1453d26 1184->1185 1186->1184 1187 1453bae-1453bc1 freerdp_settings_set_string 1186->1187 1187->1184 1188 1453bc7-1453bcb 1187->1188 1189 1453bd2 1188->1189 1190 1453bcd-1453bd0 1188->1190 1191 1453bd5-1453be5 freerdp_settings_set_string 1189->1191 1190->1191 1191->1184 1192 1453beb-1453bef 1191->1192 1193 1453bf1-1453c04 freerdp_settings_set_string 1192->1193 1194 1453c0a-1453c1c freerdp_settings_set_string 1192->1194 1193->1184 1193->1194 1194->1184 1195 1453c22-1453c35 freerdp_settings_set_string 1194->1195 1195->1184 1196 1453c3b-1453c4e freerdp_settings_set_string 1195->1196 1196->1184 1197 1453c54-1453c58 1196->1197 1198 1453c70-1453c8c freerdp_settings_set_uint32 1197->1198 1199 1453c5a-1453c6a freerdp_settings_set_string 1197->1199 1198->1184 1200 1453c92-1453ca4 freerdp_target_net_addresses_free 1198->1200 1199->1184 1199->1198 1201 1453ca6-1453cd0 call 1425feb * 2 1200->1201 1202 1453d1b-1453d1e 1200->1202 1201->1184 1207 1453cd2-1453cd4 1201->1207 1202->1185 1207->1184 1208 1453cd6-1453cde 1207->1208 1208->1202 1209 1453ce0-1453d10 call 1425ff6 1208->1209 1209->1184 1212 1453d12-1453d19 1209->1212 1212->1202 1212->1209
                                            APIs
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,00000400,00000001), ref: 01453B87
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000401,00000000), ref: 01453BB7
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000404,?), ref: 01453BDB
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000402,00000000), ref: 01453BFA
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000014,?), ref: 01453C12
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,000006C1,?), ref: 01453C2B
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000403,?), ref: 01453C44
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000015,00000000), ref: 01453C60
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,00000013,?), ref: 01453C82
                                            • freerdp_target_net_addresses_free.GETSCREEN-156413884-X86(?), ref: 01453C93
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                            • String ID:
                                            • API String ID: 949014189-0
                                            • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction ID: 15cfdf968d52cf33472049923efd657471d542d8177c3115c5808c9df6fff7d1
                                            • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction Fuzzy Hash: 3041C271600716BBF7619E28CC44FAF7BA4BF04344F04402AFF06866A2E772E066C794
                                            Function 01401612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D5CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01401701,00000001), ref: 013D5CF9
                                            • zgfx_context_new.GETSCREEN-156413884-X86(00000000), ref: 01401874
                                              • Part of subcall function 0145693A: zgfx_context_reset.GETSCREEN-156413884-X86(00000000,00000000,00000000,?,01401879,00000000), ref: 01456964
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                            • API String ID: 3732774510-3243565116
                                            • Opcode ID: d4b5a9ce66d107b28b7d2a688a23afbe46beb1c66fcd546d98d81bcbbe168b61
                                            • Instruction ID: 183b212b2b90db48f12a6ea765d9fa1e7f6a0cf356c20f0c0e82c84cda0a2046
                                            • Opcode Fuzzy Hash: d4b5a9ce66d107b28b7d2a688a23afbe46beb1c66fcd546d98d81bcbbe168b61
                                            • Instruction Fuzzy Hash: AA71A3756947026BE3259F2B9C41B5677E8FB25B68F10003EF609AB6D0EB74E9408B84
                                            Function 0138E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D6B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0138E59B,00000001,00006060,00000010), ref: 013D6B3E
                                            • GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0138E6DC
                                            • CreateThreadpool.KERNEL32(00000000), ref: 0138E6E2
                                            Strings
                                            • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0138E605
                                            • com.freerdp.codec.rfx, xrefs: 0138E530
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                            • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                            • API String ID: 3882483829-2530424157
                                            • Opcode ID: 4095d9286f4a2cfa153743af033db57fd843d2dc7a46c874d1c63afccb412d97
                                            • Instruction ID: cda3456878bfa4334dfcee4a7caf8f4a2847bb425a54e31f1175154bb03f9d94
                                            • Opcode Fuzzy Hash: 4095d9286f4a2cfa153743af033db57fd843d2dc7a46c874d1c63afccb412d97
                                            • Instruction Fuzzy Hash: 8F41E4B5A00706AFE724AF79DC85B96BBF8FF14608F00407EE5199A651EB30E948CB50
                                            Function 013CE889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8B2
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8D6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                            • API String ID: 1431749950-225596728
                                            • Opcode ID: 4966241a751d6f172d809f5efd277a1b77109d2d25395c72706b6648813896ad
                                            • Instruction ID: 14d6c8906ed4902fe463f09e1a8613424af917d7514baa2971575b23a5938da8
                                            • Opcode Fuzzy Hash: 4966241a751d6f172d809f5efd277a1b77109d2d25395c72706b6648813896ad
                                            • Instruction Fuzzy Hash: C721E53324426769F6A4626BAC4AEBB1E5CDB63D7C760003FE404AA0D0EE948C8187B1
                                            Function 01343971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013548D9
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 0135498F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_set_last_error_ex
                                            • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                            • API String ID: 270715978-29603548
                                            • Opcode ID: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction ID: ada44c9c176bce61c4fd9bb10bf5bf2af172f1d35a04daa17dea898e328152eb
                                            • Opcode Fuzzy Hash: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction Fuzzy Hash: 4C210772A40305BAE7156A9DDC46FAB7BB8BB11E18F10015AFE086E1C1E6B19580CAA5
                                            Function 014558B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 014558FA
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000001,00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 01455902
                                            • audio_format_compatible.GETSCREEN-156413884-X86(01455425,?,?,?,?,01455425,?,?,?,?,00000000,?), ref: 0145594D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string$audio_format_compatible
                                            • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                            • API String ID: 204136587-155179076
                                            • Opcode ID: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction ID: 851a32f3e0bc40a2144dd4275f7b3dfc78552c5240cb2faf05dd8eb5691b9314
                                            • Opcode Fuzzy Hash: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction Fuzzy Hash: EA2188A16843016BF7655E69AC42F7637AC9B11E28F10002FFA49EF1D1F569985043E9
                                            Function 013D4B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(secur32.dll,?,013D4AEC), ref: 013D4B18
                                            • LoadLibraryA.KERNEL32(security.dll,?,013D4AEC), ref: 013D4B28
                                            • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 013D4B42
                                            • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 013D4B51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                            • API String ID: 2574300362-4081094439
                                            • Opcode ID: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction ID: 6cd7259ed1d171f23321d36627a9014de113ac0aba885ec646b9e0f2bb13a950
                                            • Opcode Fuzzy Hash: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction Fuzzy Hash: 5AF0E9B3E0033267CB22EBBEBC0091A7EE8AB985543150257D840D7108F6B0C4128FA1
                                            Function 0136501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_read_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 0136502A
                                            • ber_read_length.GETSCREEN-156413884-X86(?,?), ref: 0136503F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_read_lengthber_read_universal_tag
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                            • API String ID: 3186670568-2454464461
                                            • Opcode ID: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction ID: e5fdac76fc3730e5ebc534f38cc4f3dfadfbe618c3a8de2cb82513b95d14be7e
                                            • Opcode Fuzzy Hash: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction Fuzzy Hash: 3B4128B1B04312ABEF218F2DCC41B293BEDAB51659F04C179E5568B28DE774D600CB60
                                            Function 013A9C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,?), ref: 013A9C6E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_rects
                                            • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                            • API String ID: 844131241-2640574824
                                            • Opcode ID: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction ID: a64c203dab79ce0a4abd67865680c2fb9c44ffcc2eee55210e216c04a2f82af0
                                            • Opcode Fuzzy Hash: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction Fuzzy Hash: B931A47678030279F736566EEC43F6A76D8EB25F1DF10052DF904AD1C4FB95999083A0
                                            Function 01342BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C14
                                            • clearChannelError.GETSCREEN-156413884-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C1B
                                              • Part of subcall function 013426E1: ResetEvent.KERNEL32(?), ref: 0134270A
                                              • Part of subcall function 01358142: ResetEvent.KERNEL32(?,?,01342C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 0135814E
                                            Strings
                                            • freerdp_connect, xrefs: 01342C01
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342BFC
                                            • freerdp, xrefs: 01343062
                                            • ConnectionResult, xrefs: 01343077
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                            • API String ID: 3632380314-3564821047
                                            • Opcode ID: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction ID: 7eff56f78b8bfe3baab6e801ccf08da336fa98a28459ace08b5ddc8dd88d8607
                                            • Opcode Fuzzy Hash: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction Fuzzy Hash: 0231A470600206AFEB10DF7DD884FAABBE4FF18758F240179E909EB261DB71A954CB50
                                            Function 013653FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365415
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000001,?,00000002,00000000), ref: 0136541D
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365440
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000002,?,00000002,00000000), ref: 01365448
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_write_lengthber_write_universal_tag
                                            • String ID:
                                            • API String ID: 1889070510-0
                                            • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction ID: 2bf31fd318fd4ed50356b849d95cb755770fe2c8729f65a2d77a492ed6a7eb98
                                            • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction Fuzzy Hash: 5A210A30201744EFDB135B08CD41B5A77ADEF21B45F05C4A9FA8B6FA86C261AE01CBA1
                                            Function 0136CB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB79
                                            • brush_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB86
                                            • pointer_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB94
                                            • bitmap_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBA2
                                            • offscreen_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBB0
                                            • palette_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBBE
                                            • nine_grid_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBCC
                                            • cache_free.GETSCREEN-156413884-X86(00000000), ref: 0136CBDE
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                            • String ID:
                                            • API String ID: 2332728789-0
                                            • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction ID: d185b866ff33126594a6f4853e9e7592bde1fcd2126b7e484436ac6d4a898b50
                                            • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction Fuzzy Hash: E1018436248B075AF7246B7DA850D3F7BEC8F52978714943ED5C0D7988EF24E001AA71
                                            Function 0138EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_init.GETSCREEN-156413884-X86(?), ref: 0138F58A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_init
                                            • String ID:
                                            • API String ID: 4140821900-0
                                            • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction ID: 264eb4e0bc3d73e58ac888e216b6bfd6b9dd9e59fcff56fba44a4aff49372d38
                                            • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction Fuzzy Hash: C0516F72D0021A9BDF18DFA9C884AEEBBF9FF48308F14452AF519E7244E7359945CB60
                                            Function 0138AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CreateCompatibleDC.GETSCREEN-156413884-X86(?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?,?,?,?,?,0138A899), ref: 0138AAE7
                                            • gdi_CreateCompatibleBitmap.GETSCREEN-156413884-X86(?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB0E
                                            • gdi_CreateBitmapEx.GETSCREEN-156413884-X86(?,?,?,?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB2A
                                            • gdi_SelectObject.GETSCREEN-156413884-X86(?,?), ref: 0138AB60
                                            • gdi_CreateRectRgn.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000), ref: 0138ABA5
                                            • gdi_DeleteObject.GETSCREEN-156413884-X86(?), ref: 0138AC39
                                            • gdi_DeleteDC.GETSCREEN-156413884-X86(?), ref: 0138AC48
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                            • String ID:
                                            • API String ID: 412453062-0
                                            • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction ID: 0fb9888efb7931af809adae1a062039f67dc79181bf685930612d9e38b17da90
                                            • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction Fuzzy Hash: 7E5103752007059FDB25DF69C884EA6BBE1FF1C314B0549AEE98A8BB61E771E841CF40
                                            Function 013DEA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?), ref: 013DEABD
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEAE7
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB14
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                            • API String ID: 1431749950-2760771567
                                            • Opcode ID: 4367375da26c34a20822842544648ae041387860335d95f78d30e89fc30aac96
                                            • Instruction ID: 5e3dba4c0725a2be43c9c9f05425b76a93ab3884538e9cec03990b78d6a41c60
                                            • Opcode Fuzzy Hash: 4367375da26c34a20822842544648ae041387860335d95f78d30e89fc30aac96
                                            • Instruction Fuzzy Hash: B931D677908722BFDB256BAAB849D6E7F68FB5156C310003DE5019F610DB30A814C7B1
                                            Function 00DC8EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8F0A
                                            • GetLastError.KERNEL32 ref: 00DC8F38
                                            • TlsGetValue.KERNEL32 ref: 00DC8F46
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8F4F
                                            • RtlAcquireSRWLockExclusive.NTDLL(01601284), ref: 00DC8F61
                                            • RtlReleaseSRWLockExclusive.NTDLL(01601284), ref: 00DC8F73
                                            • TlsSetValue.KERNEL32(00000000,?,?,00000000,00DAB080), ref: 00DC8FB5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                            • String ID:
                                            • API String ID: 389898287-0
                                            • Opcode ID: 468c8ffe5dde079aef6852a1c11c351282caeb972d4949d713e9c97e67be19fb
                                            • Instruction ID: 249735312486a94351990552ad44d75c1e1b0c4a0b7581e90a44cdefec978509
                                            • Opcode Fuzzy Hash: 468c8ffe5dde079aef6852a1c11c351282caeb972d4949d713e9c97e67be19fb
                                            • Instruction Fuzzy Hash: E221F2B06002169FDB216FA5EC08FAF3B65BF06704F49402DF805C7264DB7198549BB2
                                            Function 013DF61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(00000002,00000002,00000011), ref: 013DF673
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF68A
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF6AB
                                            • closesocket.WS2_32(?), ref: 013DF6E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$closesocketsocket
                                            • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                            • API String ID: 65193492-3368084233
                                            • Opcode ID: 5c1afda4ff16c5e332eb12364f7b4be0f9687f80a7c1db45f69b6168fbfe033f
                                            • Instruction ID: 37441cab6b8bb7b8aec0e610bef0a0d95f6e128e879c3f5d7d82f63709224333
                                            • Opcode Fuzzy Hash: 5c1afda4ff16c5e332eb12364f7b4be0f9687f80a7c1db45f69b6168fbfe033f
                                            • Instruction Fuzzy Hash: CC21DE33144B12ABE3345B7AAC89A167FA8FF4072CB50041EF2439A9B0DBB0A4468B41
                                            Function 013E001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(winsta.dll,?,013D78D9,01687120), ref: 013E0023
                                            • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 013E003C
                                            • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 013E0052
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                            • API String ID: 2238633743-2382846951
                                            • Opcode ID: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction ID: ef5d444c0e560ba448fc8b36d8399bafb4abc3c66a94cdd69eaa126e5b218283
                                            • Opcode Fuzzy Hash: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction Fuzzy Hash: F90129B47113558FDB1C9FB19C0DA623FE4BB0435CF0940B9F449DB2A6DAB084599F14
                                            Function 0136CB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_free.GETSCREEN-156413884-X86(?), ref: 0136CB1E
                                            • brush_cache_free.GETSCREEN-156413884-X86(?,?), ref: 0136CB26
                                            • pointer_cache_free.GETSCREEN-156413884-X86(?,?,?), ref: 0136CB2E
                                            • bitmap_cache_free.GETSCREEN-156413884-X86(?,?,?,?), ref: 0136CB36
                                            • offscreen_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 0136CB3E
                                            • palette_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?), ref: 0136CB46
                                            • nine_grid_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?,?), ref: 0136CB4E
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                            • String ID:
                                            • API String ID: 637575458-0
                                            • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction ID: 8e9aba3c9f4f97ecbbef73598ee1a11f665ce30e1cafe14076421dff4adf04fc
                                            • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction Fuzzy Hash: ECE09230001A17ABCA323F69CC01C4ABFAEAF31658300C428E48662479CB22BC60AF90
                                            Function 013ADFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 013AE040
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE04F
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 013AE062
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE0A3
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?), ref: 013AE0C8
                                            • gdi_RectToCRgn.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013AE147
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-0
                                            • Opcode ID: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction ID: fbbd1590eca75635813602885ed1f0f4b3aea22f144ecc163ffdc90e97a0d727
                                            • Opcode Fuzzy Hash: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction Fuzzy Hash: 8351C076E0122EEFCF14CF99C8808EEBBB9FF48714B54402AE515A7250D775AA51CFA0
                                            Function 01381D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,000007C0,?), ref: 01381DA2
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000001), ref: 01381DCC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381DE8
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381DFC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381E19
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381E2D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                            • String ID:
                                            • API String ID: 4272850885-0
                                            • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction ID: 500943f86ac32f97420b61c336ef68b5b1ffec6c49e91746df5be320985c6a68
                                            • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction Fuzzy Hash: 2F118E62B853067DF9603A6C5C82F7B36AC4BB295CF440025FF0CA51C4E995B20684A6
                                            Function 013A8AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 013A8C2B
                                            Strings
                                            • com.freerdp.color, xrefs: 013A8D98
                                            • 1bpp and 4bpp icons are not supported, xrefs: 013A8DB5
                                            • freerdp_image_copy_from_icon_data, xrefs: 013A8DBA
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A8DBF
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                            • API String ID: 1523062921-332027372
                                            • Opcode ID: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction ID: b3c80ff7611f479b94a534a5c03df8c4fc709099846a6a53c6b527a17d53725c
                                            • Opcode Fuzzy Hash: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction Fuzzy Hash: 2A51D9B260021DAADF249F19CC51BFE7BA8EF14208F4481ADFE14A6190D7708A85CFA4
                                            Function 013C8423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: kbd-lang-list$kbd-list$monitor-list
                                            • API String ID: 0-1393584692
                                            • Opcode ID: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction ID: 1815499a2fcad54aa70fa22f353ad94e7bed8959eae0eba790e154755f7717ec
                                            • Opcode Fuzzy Hash: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction Fuzzy Hash: DB31E732A012299ADB20DB69DD45DCAB7A8AB15728F0401AAF908A71D1D770DE40CBD0
                                            Function 01399962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01399AF0
                                            • com.freerdp.codec, xrefs: 01399AD0
                                            • interleaved_compress, xrefs: 01399AF5
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01399AFA
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                            • API String ID: 0-4054760794
                                            • Opcode ID: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction ID: 622174f53f7a1bf29e55418faad0b0ab36f820957b93108b3dd8206b473540d5
                                            • Opcode Fuzzy Hash: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction Fuzzy Hash: 0F214C72200206BBFF255E5EDC46FAB3F59EB1465CF08422CFA055A190E67AEC60CB51
                                            Function 013CE492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                            • API String ID: 689400697-743139187
                                            • Opcode ID: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction ID: 2c42d4f0d5645ebb6af76c5dd663b66885aba2be9207ea8aa57bbe426507fe40
                                            • Opcode Fuzzy Hash: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction Fuzzy Hash: 3421ABB3240245BFEF225E5AEC02E9B3F69FB65B55F040158FA04690E0C562DD70DBA1
                                            Function 013CE489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3DA3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                            • API String ID: 689400697-1744466472
                                            • Opcode ID: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction ID: 02a62b35606ec655c006856512e6257c57f8e9fdb5df97027751ab6aab914b75
                                            • Opcode Fuzzy Hash: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction Fuzzy Hash: DF21C6B7240205BFEF225E9AFC02DAB3F69FB99B14F000158FA04690E0C662CD61D7A1
                                            Function 013511D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 013511FA
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01351248
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelDetached$freerdp
                                            • API String ID: 3987305115-436519898
                                            • Opcode ID: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction ID: d74e0c556aaaf0c316e4534870d09e625b3ec817d441928eb4b5215d5a96b2be
                                            • Opcode Fuzzy Hash: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction Fuzzy Hash: 322130B1A00209AFDB55DF98C884F9EBBF9FF18744F104469E944EB251D770AA50DF90
                                            Function 01350B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 01350B64
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01350BB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelAttached$freerdp
                                            • API String ID: 3987305115-2646891115
                                            • Opcode ID: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction ID: 771fab76d09c638d0fafe160a4b56140bf73a164e229b2e216136ccc17d0ef7d
                                            • Opcode Fuzzy Hash: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction Fuzzy Hash: 66213271A0020AEFDF15DF98C884FAEBBF5FF08748F104469F948AB251D771AA509B90
                                            Function 013CE413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3227
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                            • API String ID: 689400697-2657764935
                                            • Opcode ID: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction ID: 282d89c9de534930e6f6239bc300c3d2673591249330c5178d8a5b5a73ec5e6d
                                            • Opcode Fuzzy Hash: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction Fuzzy Hash: A211B7B36442057FEF215E5AEC06EAB3F69FBA9B18F100158FA14690D0D562CD20D7B1
                                            Function 013CE40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D32F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                            • API String ID: 689400697-1172745827
                                            • Opcode ID: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction ID: b07c76d0c7175639f0e1f62923067537993acd32edee6e0c8b12638249cc3299
                                            • Opcode Fuzzy Hash: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction Fuzzy Hash: 3E11E4B32442057BEF215E5AEC06EAB3F69FB95B24F000058FA00691E0CE62CD20D7B1
                                            Function 013CE401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D384E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                            • API String ID: 689400697-2008077614
                                            • Opcode ID: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction ID: 9e941cc5d00f9adcef50f667d2f731b1906a0073b9186e24004e2fd4be0a9a07
                                            • Opcode Fuzzy Hash: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction Fuzzy Hash: 9211DAB72402057BEF215E5AEC07EAB3FA9FB95B14F100168FA00A91E0D561CD31D7B1
                                            Function 013CE476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3548
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                            • API String ID: 689400697-3257054040
                                            • Opcode ID: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction ID: f0d00a5465505872dd19ff335fa6ece98be48e75ef17b7f81c317385ea879d2f
                                            • Opcode Fuzzy Hash: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction Fuzzy Hash: 3F11ABB73402057AEB315A5ABC07F5B3E5DF791A54F104158FA009E1D0D961DD20D7B5
                                            Function 013CE46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D360B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                            • API String ID: 689400697-848437295
                                            • Opcode ID: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction ID: 934c7c00e9e6fe622a30c314a18c899b2efb568d73a26c412f954f097b23fdd9
                                            • Opcode Fuzzy Hash: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction Fuzzy Hash: 031127B73803057AEB215A5ABC47E6B3F6CFB92A29F100158FA00AD1D0C961CD20C7B5
                                            Function 013CE452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D33CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                            • API String ID: 689400697-3640258815
                                            • Opcode ID: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction ID: 8ac8f6ae221fdc01d91dfe8b03cd829dd7519ccc951b10d66da4b4a34ab493c0
                                            • Opcode Fuzzy Hash: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction Fuzzy Hash: D111EBB73803057AEB311A5AFC07E6B3E6CFB92B14F404058FA00AE1D0D9658D20C7B1
                                            Function 013CE49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4481
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                            • API String ID: 689400697-3834539683
                                            • Opcode ID: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction ID: 1830fe0f1d2f575a12795db60fddef7d7b4089932d18b096a6163c3876376eab
                                            • Opcode Fuzzy Hash: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction Fuzzy Hash: F81127773802057EEB301A5ABC03E6B3F6DEB92B14F100068FA00AD9D1D9A1CE60C7B0
                                            Function 013CE4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4544
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                            • API String ID: 689400697-1495805676
                                            • Opcode ID: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction ID: 2da07699e9fca94e2e4646fb7538e5aa12c535265ad99812fc74418e7426048f
                                            • Opcode Fuzzy Hash: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction Fuzzy Hash: 5A11C8773802057AEB21595ABC07E5B3E9DF7A1A14F400068FA00999D1D561D920C7B4
                                            Function 013CE4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D40BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                            • API String ID: 689400697-247170817
                                            • Opcode ID: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction ID: 138e0b15d04b24f97d727f8a400d6340cae0761711245f7a4efb9eff360a8fc8
                                            • Opcode Fuzzy Hash: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction Fuzzy Hash: 8E11C4773802057BEB212A6ABC07E6B3E6CFBA2A19F00415CFA00AD5D1D561CE20C7B0
                                            Function 013CE4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D417E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                            • API String ID: 689400697-1164902870
                                            • Opcode ID: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction ID: 86d7679b8c2d4cebac55deb217671f0c24208ed6fc226e9e1db3c3fea8a47bbe
                                            • Opcode Fuzzy Hash: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction Fuzzy Hash: B911AB773443157BEB316A6ABC07E5B3E6CF7A5A19F00006CFA009D5D1D961CA60C7B0
                                            Function 013A1A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • ncrush_context_reset.GETSCREEN-156413884-X86(00000000,00000000), ref: 013A1B36
                                            Strings
                                            • ncrush_context_new, xrefs: 013A1B14
                                            • com.freerdp.codec, xrefs: 013A1AF1
                                            • ncrush_context_new: failed to initialize tables, xrefs: 013A1B0F
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 013A1B19
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ncrush_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                            • API String ID: 2838332675-904927664
                                            • Opcode ID: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction ID: acdae00c4c4af0aa5d44c0fc365b57227a9cb1eaf0c9e9d659c43378311e05bb
                                            • Opcode Fuzzy Hash: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction Fuzzy Hash: 7E1108B23407033AF315AB5AEC41FD6B798EB60758F40412DF5149A684EBB2A95087A0
                                            Function 013CE4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D36CE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                            • API String ID: 689400697-3413647607
                                            • Opcode ID: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction ID: be9317a4fa6a4fd30fbe1a4eceb7135781ba5d6163dc15acafd64b53f4665913
                                            • Opcode Fuzzy Hash: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction Fuzzy Hash: B71194F73803517AEA21565ABC47E6B3E9CFBA2B55F100058FA10AD1D0D9A18D20C7B2
                                            Function 013CE4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D378E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                            • API String ID: 689400697-3754301720
                                            • Opcode ID: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction ID: b76558983257192ccb242193deb46cc20f04a42be3075b5623646df381f4d280
                                            • Opcode Fuzzy Hash: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction Fuzzy Hash: 4C11A7F73803057AEB21565ABC47E6B3F9CF7A2A55F100068FA149D1D0D961CD60C7B1
                                            Function 013CE4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3E7E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                            • API String ID: 689400697-2578917824
                                            • Opcode ID: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction ID: 0078f9ef0b7ec19db0589fb002ad5f6533fbb1aac3269719063c3981ddea06d0
                                            • Opcode Fuzzy Hash: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction Fuzzy Hash: 3711E7B73842057BEB31565ABC07E6B3E6CFBA6E29F00015CF614AD1D0D5628E20C3B1
                                            Function 013CE4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3F3E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                            • API String ID: 689400697-3211427146
                                            • Opcode ID: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction ID: f3b887a9a1cf89e638e70d282a7d7431d6d83c394f2a690b8e0b30af2c1a27bc
                                            • Opcode Fuzzy Hash: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction Fuzzy Hash: 111198B73443157BEB21265ABC06E6B3E6DF795E15F10419CF600AD1D1D961CE20C7B1
                                            Function 013A954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 013A95B5
                                            Strings
                                            • com.freerdp.color, xrefs: 013A95C8
                                            • SmartScaling requested but compiled without libcairo support!, xrefs: 013A95E6
                                            • freerdp_image_scale, xrefs: 013A95EB
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A95F0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                            • API String ID: 1523062921-212429655
                                            • Opcode ID: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction ID: fe8980f493cb094a6de82cd79eecaa96a22aac27f89beb73841ae6e49b5bb5f1
                                            • Opcode Fuzzy Hash: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction Fuzzy Hash: 9521B17224020EBBEF169E58DD13FED3BA9EB14718F448119FD04AA190E371E920DB80
                                            Function 013CE425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D39DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                            • API String ID: 689400697-1972714555
                                            • Opcode ID: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction ID: f4c8a5057fbc380b01701830371402cbbaa5d9bd0bb3f61a8671b1f102c7a90b
                                            • Opcode Fuzzy Hash: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction Fuzzy Hash: D111CAB77802117AFA21565BBC07E6B3E5DFB92E54F100168F6049E1D0D9518D10C7B2
                                            Function 013CE41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3920
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                            • API String ID: 689400697-2845897268
                                            • Opcode ID: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction ID: be0fa33b64ca1f8875b244285ef539c84b11eac729c5261c7dbdc367e11c3ffe
                                            • Opcode Fuzzy Hash: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction Fuzzy Hash: 4C1177B73842157AEB21155ABC07F6B3E9CF792A54F10016CF5009E5D0D9618D60D7B5
                                            Function 013CE449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2F33
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                            • API String ID: 689400697-255015424
                                            • Opcode ID: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction ID: d5a3ebd68911a535aeeb0b7c2a34c046f59ea55eb9a4be41106c9a425836e38f
                                            • Opcode Fuzzy Hash: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction Fuzzy Hash: 8B11E3B73843053EEA20666BBC07E6B3E5CEBA6E24F0000A8FA04AE4D0D9518D10C3B0
                                            Function 013CE440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2FF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                            • API String ID: 689400697-1149382491
                                            • Opcode ID: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction ID: c147acf2263b6c7537b668f898509ddb737586bd95fa448640316aa73ad04942
                                            • Opcode Fuzzy Hash: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction Fuzzy Hash: 711191B73842157AE730562ABC06E6B3E5CFBA2A68F000068FA05AD5D0D9518D50C3B1
                                            Function 013CE4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D30AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                            • API String ID: 689400697-2261828479
                                            • Opcode ID: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction ID: e193f44991604b807c5770e0623a6486ba0efc542a8da411534963c15fbc7f6e
                                            • Opcode Fuzzy Hash: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction Fuzzy Hash: 2D11CAB73843157AEA30662BBC07E6B3E6CF7A6E18F100168F6149E1D0D991CD50C3B1
                                            Function 013CE4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D316A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                            • API String ID: 689400697-3351603741
                                            • Opcode ID: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction ID: c929f952f091c9d3abf8b48691903ed613fc7f3a6540702611c4cd8645ae5fdf
                                            • Opcode Fuzzy Hash: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction Fuzzy Hash: 3B11CAB73842057AEA31665ABC07E6B3E6CF7A6B14F000168FA109E1D1D591DD21C7B5
                                            Function 013CE4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3FFE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                            • API String ID: 689400697-2156878011
                                            • Opcode ID: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction ID: 4dc28cbed8cbd1e76ca147199481ec4a28713421ef12abbb7c069bfe4c1f2875
                                            • Opcode Fuzzy Hash: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction Fuzzy Hash: 0E11A3B73843057BE631266ABC07E6B3E6CEB92A18F10416CF604AE5D1D9A18910C3B0
                                            Function 013CE510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D348E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                            • API String ID: 689400697-3116451197
                                            • Opcode ID: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction ID: 729eb5e262a689ee81060c5dd95a339eecc5005e3bdf4a177380a16ee1ab0981
                                            • Opcode Fuzzy Hash: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction Fuzzy Hash: B011C6BB3843117AEA31156ABC07E2B3E6CF792A54F104168F600AE1D0D955CD50C3B5
                                            Function 013CE507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3A9A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                            • API String ID: 689400697-4185332897
                                            • Opcode ID: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction ID: c178f4a39daeeffa0d6e6a84d3807c62299036f1de2a17239aca9061ca3cdec6
                                            • Opcode Fuzzy Hash: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction Fuzzy Hash: CF11A0B77803157AE631565BBC07E6B3E9CFBA2A18F10016CFA04AE1D0D9918D1087B2
                                            Function 013CE464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3C0E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                            • API String ID: 689400697-4242683877
                                            • Opcode ID: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction ID: 23800e62f724abafc8b409ea4c20ab94c05c7d83a8beed787f1719943e4f0d0f
                                            • Opcode Fuzzy Hash: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction Fuzzy Hash: 921186F73802117AEA21265BBC47E6B3E5CF7A2A54F100168FA009E5E1D991CE51C3B5
                                            Function 013CE45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3B54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                            • API String ID: 689400697-1791514552
                                            • Opcode ID: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction ID: 9ad6c95ddfabacc7665aea0fa9ada8186571716aa21c0d6eca89923629443ef4
                                            • Opcode Fuzzy Hash: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction Fuzzy Hash: 5C11A5B73843117AEA21159BBC07E6B3E9CF7A2F59F1001A8FA00AE5D0D9A1CD10C7B5
                                            Function 013CE4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4241
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                            • API String ID: 689400697-954186549
                                            • Opcode ID: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction ID: a7fe0d85e8b21110b056b3b14284ee82adcf29955d6a88fdd52ba1ee4e5ceb04
                                            • Opcode Fuzzy Hash: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction Fuzzy Hash: BE11C6773802057AF621255BBC07E6B3E5CE7A2E55F100069FA00AE9D1D9A18E50C7B4
                                            Function 014565C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 014565CB
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 01456633
                                            • com.freerdp.codec, xrefs: 0145660B
                                            • error when decoding lines, xrefs: 01456629
                                            • yuv_process_work_callback, xrefs: 0145662E
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: primitives_get
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                            • API String ID: 2017034601-2620645302
                                            • Opcode ID: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction ID: f5ae369ee5c2942e50893042ea44bf7d40f63702763722015f39cdff8a0a4e8b
                                            • Opcode Fuzzy Hash: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction Fuzzy Hash: 0C0184B1640306AFDB159F59DC41E9A7BACFF04718F00415EF9089B241E671E9508BA4
                                            Function 01451D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %zd;NAME=%s%zd;PASS=%s
                                            • API String ID: 4218353326-3114484625
                                            • Opcode ID: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction ID: 3e749f08cb06d938524569cb4386494e0ad9bdf064c4512bd2e38717b923d40e
                                            • Opcode Fuzzy Hash: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction Fuzzy Hash: 5A015B71A00208BFDF54AFA4C881B9D7BA4EB18204F00886EEE059A322E2799654DB40
                                            Function 013A9EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9F06
                                            • region16_extents.GETSCREEN-156413884-X86(?,?), ref: 013A9F12
                                            • region16_n_rects.GETSCREEN-156413884-X86(?,?,?), ref: 013A9F1D
                                            • region16_n_rects.GETSCREEN-156413884-X86(?), ref: 013A9F7D
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_extentsregion16_n_rects
                                            • String ID:
                                            • API String ID: 2062899502-0
                                            • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction ID: aba05ed040633ab9c2a85beb471273d6576c67906f60491e7d764fc8eb9e5ca7
                                            • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction Fuzzy Hash: 84512976D0022AAFCB14DF99C8409AEF7F5FF18754B55816AE859E7350E334AE40CBA0
                                            Function 0145408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strncpy
                                            • String ID:
                                            • API String ID: 2961919466-0
                                            • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction ID: 9bc75039f6a7905dcf9943e88435edab747272ca8948c5b6d09a72d323632bb0
                                            • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction Fuzzy Hash: B5119AB5400707AED7315E55D844B93FBBCEF28204F14491FD999C7661F331A558C7A1
                                            Function 00DC8E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8E6A
                                            • GetLastError.KERNEL32 ref: 00DC8E7F
                                            • TlsGetValue.KERNEL32 ref: 00DC8E8D
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8E96
                                            • TlsAlloc.KERNEL32 ref: 00DC8EC3
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLastOnce$AllocExecuteInitValue
                                            • String ID:
                                            • API String ID: 2822033501-0
                                            • Opcode ID: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction ID: c6d8dce2ba7c17218e9a3e6543bd31135eeb7542f8117c423804dd858714fb0b
                                            • Opcode Fuzzy Hash: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction Fuzzy Hash: 480126756002099FCF209FB5EC08F6B7BBCFB09714B44412AF815D3264EB3198548BA1
                                            Function 00DAA790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                            • API String ID: 4218353326-3992632484
                                            • Opcode ID: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction ID: 293f2463c3dfe0f764a2504d82ed4a12d0b5830eeb0b9dd1b696862e9e74fb6f
                                            • Opcode Fuzzy Hash: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction Fuzzy Hash: A4414672F0031616EB205A698C41FBE7329FFE6344F58432DED45A7281FB788E45C2A2
                                            Function 014549E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_print.GETSCREEN-156413884-X86(?,?,?), ref: 01454A72
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_print
                                            • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                            • API String ID: 2744001552-3527835062
                                            • Opcode ID: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction ID: 562aebc54ae76dbb7b8593e4fcfa839605d457ae74abeb7991d28baa08d000ae
                                            • Opcode Fuzzy Hash: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction Fuzzy Hash: 8411D67264031637DB61AE1A5C46FAF2F5CAF71E64F48001EFD046B192F6B5DA4083E9
                                            Function 013C783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: audin$rdpsnd
                                            • API String ID: 0-930729200
                                            • Opcode ID: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction ID: 4c9795d63d76e3a78d7f186cc70a2ab4e1e21a1a7ebe166579e6f13d78f6174c
                                            • Opcode Fuzzy Hash: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction Fuzzy Hash: DE119331A00B16ABE725CF2CC48069AFBA4BB04F45F15422EEA6456140D7316850CFD1
                                            Function 01384029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 0138403A
                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01384060
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01384076
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreatePointer_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 4211031630-2916857029
                                            • Opcode ID: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction ID: 381c51d33e24c53357b96191ce7170b0469a98985975db59006ed86296b4e4b1
                                            • Opcode Fuzzy Hash: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction Fuzzy Hash: 58016236201210BBDB212BA6EC4EEA77F69EF45778F148155FA189D0E1D722C852D7A0
                                            Function 01454701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?), ref: 01454737
                                            Strings
                                            • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 0145473E
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 01454748
                                            • audio_format_print, xrefs: 01454743
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string
                                            • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                            • API String ID: 2866491501-3564663344
                                            • Opcode ID: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction ID: 4d3cc1b02c4a41811b38431a1373be714141d6e6a231df157a76bcf1ad8519a6
                                            • Opcode Fuzzy Hash: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction Fuzzy Hash: 6CF09675140205BADB401F46CC01E763B6DEB24B14B24804EFD1C8C0A1E677D9A2D3A0
                                            Function 01342713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?), ref: 01342725
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 01342745
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342734
                                            • freerdp_abort_connect, xrefs: 01342739
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                            • API String ID: 3690923134-629580617
                                            • Opcode ID: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction ID: 780ff261c06bc48f883fade53332c5b6b2476ccd844acd2a968f0f22de3fa92b
                                            • Opcode Fuzzy Hash: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction Fuzzy Hash: 22E0D835240215EFEB616E19EC01F56BFD4AF10B98F20045DF6C476462E76174808684
                                            Function 0145632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0145633F
                                            • primitives_flags.GETSCREEN-156413884-X86(00000000), ref: 01456353
                                            • TpWaitForWork.NTDLL(00000000,00000000), ref: 014564A9
                                            • TpReleaseWork.NTDLL(00000000), ref: 014564B2
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                            • String ID:
                                            • API String ID: 704174238-0
                                            • Opcode ID: 6ce774886ead7e25bc30ea03bd5928117af76f13ec209f5379ee9bc3df9209ae
                                            • Instruction ID: d9f0c99ce5cf63a5b1e12375c16a99ecf4366011f718a65047e6f6f0b5ad0e20
                                            • Opcode Fuzzy Hash: 6ce774886ead7e25bc30ea03bd5928117af76f13ec209f5379ee9bc3df9209ae
                                            • Instruction Fuzzy Hash: CE6139B5A0060AEFCB14CF68C9819AEBBF5FF58310B15856AE915E7321D730E951CF90
                                            Function 013AC297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_SetRgn.GETSCREEN-156413884-X86(?,?,?,?,00000000,00000001,?,?), ref: 013AC324
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_
                                            • String ID:
                                            • API String ID: 2273374161-0
                                            • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction ID: 1f52663d081b8fba09c00a6db078a19e8747deeb431cd4dda427110fb5127d8c
                                            • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction Fuzzy Hash: 1A31C7B1900209EFDB10DF98C9849AEBBF9FF48214F54806AE915E7250D335EA45CFA0
                                            Function 013D5C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 013D5C16
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C34
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C54
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C9A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Leave$Enter
                                            • String ID:
                                            • API String ID: 2978645861-0
                                            • Opcode ID: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction ID: 6c8160d4a94bd88029e7668633473bdcf0b6a98b89b100415c0ab11d05e72274
                                            • Opcode Fuzzy Hash: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction Fuzzy Hash: 0121CF32600605EFEF24CF18D980A69BBF8FF4536AF15462DE882A7260D770B981CB50
                                            Function 0142B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0143F42C: GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                              • Part of subcall function 0143F42C: SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                            • CloseHandle.KERNEL32(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B711
                                            • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B727
                                            • RtlExitUserThread.NTDLL(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B730
                                            • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0142B76E
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                            • String ID:
                                            • API String ID: 1062721995-0
                                            • Opcode ID: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction ID: 5244581fe6ff735b4c11b26be4ea97906a3d4c7666ae54fe677bc28ddb87bbc0
                                            • Opcode Fuzzy Hash: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction Fuzzy Hash: 40119671900224ABDB209B6ADC04A5B7FA8DFD4760F58412BFA15D73B0DB70D945C791
                                            Function 013A9BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,00000000), ref: 013A9BDC
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9BEC
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9BF7
                                              • Part of subcall function 013A97FD: rectangles_intersection.GETSCREEN-156413884-X86(?,?,?), ref: 013A980C
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9C1A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                            • String ID:
                                            • API String ID: 3854534691-0
                                            • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction ID: f8ec99a550dcc8481c7017ee043332e9b4491628539506e417e6fe172d5fefda
                                            • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction Fuzzy Hash: 8401C433114A1969EF24DB5DD8C0BBBF7DCDB4456CF94401AE918B6040EB35E881C3B4
                                            Function 013C1F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_new.GETSCREEN-156413884-X86 ref: 013C1F56
                                            • freerdp_context_new.GETSCREEN-156413884-X86(00000000,00000000,?,?), ref: 013C1FA4
                                            • freerdp_register_addin_provider.GETSCREEN-156413884-X86(?,00000000), ref: 013C1FC7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                            • String ID:
                                            • API String ID: 3731710698-0
                                            • Opcode ID: 41dc8aa9e92bcf05dbd02e16b0894aa54977aaad41c3bf4add8d685c8f64aea6
                                            • Instruction ID: a1a17a3c6adcac49a707be13d191953146c7e3f5c8bdc6e6cd74f0191733f9da
                                            • Opcode Fuzzy Hash: 41dc8aa9e92bcf05dbd02e16b0894aa54977aaad41c3bf4add8d685c8f64aea6
                                            • Instruction Fuzzy Hash: D311E331604B13EBD324AF7AD800F9ABBE9BF70A28F10451EE45887251EB70F851DB90
                                            Function 0145621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID:
                                            • API String ID: 733272558-0
                                            • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction ID: 653c06db864b53c376e4040653804ab83f5bd281b5c57cbd09c17127d62a6851
                                            • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction Fuzzy Hash: 63E0DF32040B207FCA717BA6CD00D9BBB98BF78601300041AF88697630CA33A8528BC0
                                            Function 01356AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_free.GETSCREEN-156413884-X86(00000000), ref: 01357326
                                              • Part of subcall function 01357F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 01357FCC
                                              • Part of subcall function 01357F9B: freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000680,?), ref: 01357FFC
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(00000000,00000086,?), ref: 01356D8C
                                            Strings
                                            • C:\Windows\System32\mstscax.dll, xrefs: 01356F3F
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                            • String ID: C:\Windows\System32\mstscax.dll
                                            • API String ID: 2334115954-183970058
                                            • Opcode ID: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction ID: 9e91f0b4fd58cee27cd03cd22d5f841d7e4cbdfb9462bbd71c24c6718714c978
                                            • Opcode Fuzzy Hash: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction Fuzzy Hash: B5E1D8B0504B009EE324DF39D895B93BBE4FF18311F91592EE5AE8B391D7B1A584CB48
                                            Function 013AD99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-3916222277
                                            • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction ID: 35c16b48eae4dfdb2886fb0bc315170ca8c54eb0522c590ca10cebc9d28bfd99
                                            • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction Fuzzy Hash: 3351A3B300014ABBDF02DE94CD40DEB7BAEFF18248F494256FE1991420E732E6659BA1
                                            Function 013D68CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013D697B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: %s: unknown handler type %u$WLog_Appender_New
                                            • API String ID: 2593887523-3466059274
                                            • Opcode ID: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction ID: 045603b24084d45e782251ca89a28e5b85f2358a0d6697204453bb550e78f160
                                            • Opcode Fuzzy Hash: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction Fuzzy Hash: 5A114CF350821767E6227ABD7C87DFF5F6C9B5393CB04401EF525AA550DE30E10141A2
                                            Function 01343FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s%s-client.%s$DeviceServiceEntry
                                            • API String ID: 0-2733899524
                                            • Opcode ID: 83170852360681949620ea4a22652b2dbbf304cad826e7edb1f960b5ead95a4c
                                            • Instruction ID: ad26b422da8b47cd049169b701be9ea8e2c1fdc0ebe83c870a6fde087fe8a876
                                            • Opcode Fuzzy Hash: 83170852360681949620ea4a22652b2dbbf304cad826e7edb1f960b5ead95a4c
                                            • Instruction Fuzzy Hash: FD119476A00219ABFB109E9DC880BAFBBECEF50A58F14402EFE14D7240D770E9118B90
                                            Function 013CEBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,013CE987), ref: 013CEBF6
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,013CE987), ref: 013CEC1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILTER
                                            • API String ID: 1431749950-2006202657
                                            • Opcode ID: bbc797c9c21a53c3aee698e3ed55f9c23a8909ca3a961553b8f06043182be4fb
                                            • Instruction ID: 23829b4781b5ec053d71c6dc6f29d870354d0287abbeab3a86d8256aecd6931f
                                            • Opcode Fuzzy Hash: bbc797c9c21a53c3aee698e3ed55f9c23a8909ca3a961553b8f06043182be4fb
                                            • Instruction Fuzzy Hash: 97F021332152657BD720276AFC89C6F7F6DEAA6ABC351403EF404C7114EB754C4187A1
                                            Function 013CBC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: .msrcIncident$.rdp
                                            • API String ID: 4218353326-1437571178
                                            • Opcode ID: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction ID: 2dedb52d1feb61a4fe27bc53ea19b4e30870e6810465bfe3cc792999e0d2a39b
                                            • Opcode Fuzzy Hash: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction Fuzzy Hash: 6FF02873A1492B6ACD2499BDDC0386BB74CEA129F8710832EE43AD75D0DE32DC1087D0
                                            Function 013D4BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BCC
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WINPR_NATIVE_SSPI
                                            • API String ID: 1431749950-1020623567
                                            • Opcode ID: b1c5bf6fb30a980127cac7cfd57a789b22db2e82708c167f018bb0507f434731
                                            • Instruction ID: 816ab11a40be2ab034225549062833fb89e05e5101713531481e5a99bb21681b
                                            • Opcode Fuzzy Hash: b1c5bf6fb30a980127cac7cfd57a789b22db2e82708c167f018bb0507f434731
                                            • Instruction Fuzzy Hash: 0CF0273365523336E935316A7C05F7B9E68DBB7E2CB15012DF501DB884CA60444346D1
                                            Function 0139A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • rfx_context_new.GETSCREEN-156413884-X86(?), ref: 0139A2ED
                                              • Part of subcall function 0138E4DD: GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                              • Part of subcall function 0138E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                              • Part of subcall function 0138E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • progressive_context_free.GETSCREEN-156413884-X86(00000000), ref: 0139A36D
                                            Strings
                                            • com.freerdp.codec.progressive, xrefs: 0139A2CA
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                            • String ID: com.freerdp.codec.progressive
                                            • API String ID: 2699998398-3622116780
                                            • Opcode ID: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction ID: b903ba57351ec306bb47c57f361eef0bbc234dd5903d3337a18a4bf8388ca9ac
                                            • Opcode Fuzzy Hash: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction Fuzzy Hash: 75F0E932A057131AF7247BBE9841F4B7FD8DF52A74F14012EF648AB580DAB194018360
                                            Function 01381ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_get_key_for_name.GETSCREEN-156413884-X86(?), ref: 01381EEF
                                            • freerdp_settings_get_type_for_key.GETSCREEN-156413884-X86(00000000), ref: 01381F51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                            • String ID: TRUE
                                            • API String ID: 1888880752-3412697401
                                            • Opcode ID: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction ID: 25d52f0e006ed1afefd704ce1bc38db49ac92e3eef42a2633b70413bd4a5f87d
                                            • Opcode Fuzzy Hash: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction Fuzzy Hash: 23E0E572304715AEDA117BDEDC81D9F371CEB55EA9B11012AF60467240E770D90656B0
                                            Function 013815BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: e6d98743d7029b773d77c85850a27bda5af939a58a08fc9162a2f9d6a63c6ca9
                                            • Instruction ID: cf3832540a1a8c38c237d136510522c526fbee2589fdee85625e56d4c22a2fb9
                                            • Opcode Fuzzy Hash: e6d98743d7029b773d77c85850a27bda5af939a58a08fc9162a2f9d6a63c6ca9
                                            • Instruction Fuzzy Hash: A2F082B140031BBFDB217FA68C81DAB7B5DFF28294B450025FD0896221E735DA21D6E0
                                            Function 01381493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: e9c0b2ad25ebe76748f8a1f3e73c57ade23263a0ab0a85541460ba835b4eac3e
                                            • Instruction ID: b0cbd28eee89c9f9112022bab4031aa3c83bd418a782fb116d89730d1bdd7555
                                            • Opcode Fuzzy Hash: e9c0b2ad25ebe76748f8a1f3e73c57ade23263a0ab0a85541460ba835b4eac3e
                                            • Instruction Fuzzy Hash: 35F089B14003177BDB217FA6DC41DAB7A6DFF25154B450424FD04A7221E735DD21D6E1
                                            Function 013D717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,013D7163), ref: 013D7190
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,013D7163), ref: 013D71B1
                                              • Part of subcall function 013D7310: LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                              • Part of subcall function 013D7310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                            • String ID: WTSAPI_LIBRARY
                                            • API String ID: 3590464466-1122459656
                                            • Opcode ID: 6f3979194e05c285360a6523d2d9f46b5e7153525b4539607dd297ec751352d3
                                            • Instruction ID: 7441bf2974fc97e8c13fddd70787de18a6548a41442f3a284a154d77796e6aec
                                            • Opcode Fuzzy Hash: 6f3979194e05c285360a6523d2d9f46b5e7153525b4539607dd297ec751352d3
                                            • Instruction Fuzzy Hash: 90E09B3310563379E632216DBC4BF9FBA15DBD3A6DF65021DF4005B1D4AF60544182A6
                                            Function 013D7310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                            • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitWtsApi
                                            • API String ID: 2574300362-3428673357
                                            • Opcode ID: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction ID: 072ac635a8ee2cbf33a5a4639453ee5b4b504269c70a302cd996b0db578b38f2
                                            • Opcode Fuzzy Hash: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction Fuzzy Hash: 3FD01772644605ABEF20AFF6BC0691A3FADAB4094D3086926E829C6564EB71C16087A1
                                            Function 0143F42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0142B650,01580388,0000000C), ref: 0143F430
                                            • SetLastError.KERNEL32(00000000), ref: 0143F4D2
                                            • GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                            • SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                              • Part of subcall function 0143F066: HeapFree.KERNEL32(00000000,00000000,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F07C
                                              • Part of subcall function 0143F066: GetLastError.KERNEL32(?,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F087
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.4131501753.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000001.00000002.4130824540.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4131501753.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.4145806464.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FreeHeap
                                            • String ID:
                                            • API String ID: 3197834085-0
                                            • Opcode ID: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction ID: 275aef4f51c561095fb4ef2a3d52f5b552f496daa72ef52b60e430bac8d23e29
                                            • Opcode Fuzzy Hash: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction Fuzzy Hash: 62412B35E156126FEA213B7DAD84D2B364C9FBC674B160237F620DA2F1DB30980E4A13

                                            Execution Graph

                                            Execution Coverage:0.5%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:77
                                            Total number of Limit Nodes:6
                                            execution_graph 12967 159b62b 12968 159b637 12967->12968 12969 159b64b 12968->12969 12970 159b63e GetLastError RtlExitUserThread 12968->12970 12973 15af42c GetLastError 12969->12973 12970->12969 12972 159b650 12974 15af442 12973->12974 12984 15af44c SetLastError 12974->12984 13000 15af717 12974->13000 12977 15af4dc 12977->12972 12978 15af479 12979 15af4b9 12978->12979 12980 15af481 12978->12980 13008 15af25a 12979->13008 13004 15af066 12980->13004 12981 15af4e1 12988 15af717 RtlAllocateHeap 12981->12988 12989 15af4fe 12981->12989 12984->12977 12984->12981 12986 15af503 12986->12972 12987 15af066 __aligned_free 2 API calls 12987->12984 12992 15af522 12988->12992 12989->12986 12990 15af57d GetLastError 12989->12990 12991 15af593 12990->12991 12996 15af622 SetLastError 12991->12996 12993 15af55e 12992->12993 12994 15af52a 12992->12994 12995 15af25a 2 API calls 12993->12995 12997 15af066 __aligned_free 2 API calls 12994->12997 12998 15af569 12995->12998 12996->12972 12997->12989 12999 15af066 __aligned_free 2 API calls 12998->12999 12999->12986 13003 15af730 13000->13003 13001 15af74f RtlAllocateHeap 13002 15af764 13001->13002 13001->13003 13002->12978 13003->13001 13003->13002 13005 15af071 HeapFree 13004->13005 13007 15af093 __aligned_free 13004->13007 13006 15af086 GetLastError 13005->13006 13005->13007 13006->13007 13007->12984 13013 15af0ee 13008->13013 13014 15af0fa 13013->13014 13025 159f2a5 RtlEnterCriticalSection 13014->13025 13016 15af104 13026 15af134 13016->13026 13019 15af200 13020 15af20c 13019->13020 13030 159f2a5 RtlEnterCriticalSection 13020->13030 13022 15af216 13031 15af24e 13022->13031 13025->13016 13029 159f2ed RtlLeaveCriticalSection 13026->13029 13028 15af122 13028->13019 13029->13028 13030->13022 13034 159f2ed RtlLeaveCriticalSection 13031->13034 13033 15af23c 13033->12987 13034->13033 13035 26229e0 13037 26229f8 13035->13037 13036 2622b03 LoadLibraryA 13036->13037 13037->13036 13039 2622b48 VirtualProtect VirtualProtect 13037->13039 13040 2622b2c GetProcAddress 13037->13040 13041 2622bc0 13039->13041 13040->13037 13042 2622b42 ExitProcess 13040->13042 13043 159b6e0 13045 159b6eb 13043->13045 13044 159b72d RtlExitUserThread 13046 15af717 RtlAllocateHeap 13044->13046 13045->13044 13049 159b717 13045->13049 13051 159b710 CloseHandle 13045->13051 13047 159b748 13046->13047 13048 15af066 __aligned_free 2 API calls 13047->13048 13050 159b755 13048->13050 13049->13044 13054 159b723 FreeLibraryAndExitThread 13049->13054 13052 159b779 13050->13052 13053 159b75c GetModuleHandleExW 13050->13053 13051->13049 13057 159b6a9 13052->13057 13053->13052 13054->13044 13058 159b6b5 13057->13058 13064 159b6d9 13057->13064 13059 159b6bb CloseHandle 13058->13059 13060 159b6c4 13058->13060 13059->13060 13061 159b6ca FreeLibrary 13060->13061 13062 159b6d3 13060->13062 13061->13062 13063 15af066 __aligned_free 2 API calls 13062->13063 13063->13064

                                            Executed Functions

                                            Function 026229E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 26229e0-26229f0 1 2622a02-2622a07 0->1 2 2622a09 1->2 3 2622a0b 2->3 4 26229f8-26229fd 2->4 5 2622a10-2622a12 3->5 6 26229fe-2622a00 4->6 7 2622a14-2622a19 5->7 8 2622a1b-2622a1f 5->8 6->1 6->2 7->8 9 2622a21 8->9 10 2622a2c-2622a2f 8->10 11 2622a23-2622a2a 9->11 12 2622a4b-2622a50 9->12 13 2622a31-2622a36 10->13 14 2622a38-2622a3a 10->14 11->10 11->12 15 2622a52-2622a5b 12->15 16 2622a63-2622a65 12->16 13->14 14->5 19 2622ad2-2622ad5 15->19 20 2622a5d-2622a61 15->20 17 2622a67-2622a6c 16->17 18 2622a6e 16->18 17->18 22 2622a70-2622a73 18->22 23 2622a3c-2622a3e 18->23 21 2622ada 19->21 20->18 24 2622adc-2622ade 21->24 25 2622a75-2622a7a 22->25 26 2622a7c 22->26 27 2622a40-2622a45 23->27 28 2622a47-2622a49 23->28 29 2622ae0-2622ae3 24->29 30 2622af7 24->30 25->26 26->23 31 2622a7e-2622a80 26->31 27->28 32 2622a9d-2622aac 28->32 29->24 33 2622ae5-2622af5 29->33 34 2622afd-2622b01 30->34 35 2622a82-2622a87 31->35 36 2622a89-2622a8d 31->36 37 2622aae-2622ab5 32->37 38 2622abc-2622ac9 32->38 33->21 39 2622b03-2622b19 LoadLibraryA 34->39 40 2622b48-2622b4b 34->40 35->36 36->31 41 2622a8f 36->41 37->37 42 2622ab7 37->42 38->38 43 2622acb-2622acd 38->43 44 2622b1a-2622b1f 39->44 47 2622b4e-2622b55 40->47 45 2622a91-2622a98 41->45 46 2622a9a 41->46 42->6 43->6 44->34 50 2622b21-2622b23 44->50 45->31 45->46 46->32 48 2622b57-2622b59 47->48 49 2622b79-2622bbd VirtualProtect * 2 47->49 51 2622b5b-2622b6a 48->51 52 2622b6c-2622b77 48->52 55 2622bc0-2622bc1 49->55 53 2622b25-2622b2b 50->53 54 2622b2c-2622b39 GetProcAddress 50->54 51->47 52->51 53->54 56 2622b42 ExitProcess 54->56 57 2622b3b-2622b40 54->57 58 2622bc5-2622bc9 55->58 57->44 58->58 59 2622bcb 58->59
                                            APIs
                                            • LoadLibraryA.KERNEL32(?), ref: 02622B13
                                            • GetProcAddress.KERNELBASE(?,025FCFF9), ref: 02622B31
                                            • ExitProcess.KERNEL32(?,025FCFF9), ref: 02622B42
                                            • VirtualProtect.KERNELBASE(00ED0000,00001000,00000004,?,00000000), ref: 02622B90
                                            • VirtualProtect.KERNELBASE(00ED0000,00001000), ref: 02622BA5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                            • String ID:
                                            • API String ID: 1996367037-0
                                            • Opcode ID: 02477c0342de0530febef63c2ea729e306af823261418d24ac1350c0cddb8965
                                            • Instruction ID: 931eda92582c1faf2841cbb6bfc30180d387f1f245cff7b7a436174cbf785b6c
                                            • Opcode Fuzzy Hash: 02477c0342de0530febef63c2ea729e306af823261418d24ac1350c0cddb8965
                                            • Instruction Fuzzy Hash: 1C510772A10B325AE7308E78CCE0775B795EB452257180738DDE2DB7C6E7A4544E8B60
                                            Function 0159B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 015AF42C: GetLastError.KERNEL32(00000000,?,01595FDD,015AF0E3,?,?,0153F77A,0000000C,?,?,?,?,014B27D2,?,?,?), ref: 015AF581
                                              • Part of subcall function 015AF42C: SetLastError.KERNEL32(00000000,00000006), ref: 015AF623
                                            • CloseHandle.KERNEL32(?,?,?,0159B817,?,?,0159B689,00000000), ref: 0159B711
                                            • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,0159B817,?,?,0159B689,00000000), ref: 0159B727
                                            • RtlExitUserThread.NTDLL(?,?,?,0159B817,?,?,0159B689,00000000), ref: 0159B730
                                            • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0159B76E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                            • String ID:
                                            • API String ID: 1062721995-0
                                            • Opcode ID: 1ae5906dd76bceef27958f1a5365de3cdc17ad9d21bd179b06565684d4c17deb
                                            • Instruction ID: 1bb607be42640fee4dea4c308fabf5dcb8540421d7dbcf9b4cf0f2fd5024aefd
                                            • Opcode Fuzzy Hash: 1ae5906dd76bceef27958f1a5365de3cdc17ad9d21bd179b06565684d4c17deb
                                            • Instruction Fuzzy Hash: 9811B471501205ABEF309B69EC48E5E7FA8FF80760F184215FA258F690DB70D905CB91
                                            Function 0159B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetLastError.KERNEL32(016F0388,0000000C), ref: 0159B63E
                                            • RtlExitUserThread.NTDLL(00000000), ref: 0159B645
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ErrorExitLastThreadUser
                                            • String ID:
                                            • API String ID: 1750398979-0
                                            • Opcode ID: dada964f1e56b659a5e92ac363e2d45f44099246035dfdb5e8e6ffd02b034ea9
                                            • Instruction ID: 010b9f0e23a7267123a6a094a96e6bf87cb6142b6ddf15efdf7d03361b4707ad
                                            • Opcode Fuzzy Hash: dada964f1e56b659a5e92ac363e2d45f44099246035dfdb5e8e6ffd02b034ea9
                                            • Instruction Fuzzy Hash: 33F0C271940607AFEF21AFB4E489EAE7B75FF90610F114159E0129F281CB346941DFA2

                                            Non-executed Functions

                                            Function 0153E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015443BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                            • API String ID: 689400697-3976766517
                                            • Opcode ID: 98f1aad40bd3d66bbc99b74617f488360f9ef376e50095c445beccee676bc54e
                                            • Instruction ID: addf14d7d079623e978fbced7dc8c096e8b0dc54d20d054305afa5803c35b354
                                            • Opcode Fuzzy Hash: 98f1aad40bd3d66bbc99b74617f488360f9ef376e50095c445beccee676bc54e
                                            • Instruction Fuzzy Hash: BB1186353C02067BEB256E5AEC07F6B3F6DFBD1A64F00405CFA00AB191D9A199109764
                                            Function 0153E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015442FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                            • API String ID: 689400697-3301108232
                                            • Opcode ID: cb4bcd0f9fecfe33712dc6176fec89e7f8e9d9631d00dcab5564e7f5b32e26cc
                                            • Instruction ID: 24e4e5c3654e6c77b325c59f23efaaf6f515b44a25664d4d2dd46c2899a9a1cd
                                            • Opcode Fuzzy Hash: cb4bcd0f9fecfe33712dc6176fec89e7f8e9d9631d00dcab5564e7f5b32e26cc
                                            • Instruction Fuzzy Hash: FF1193352803067BEB251A5AEC07F6B3FACFBD5A24F00405CFA00AB190DAA18A5097A4
                                            Function 014E5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_fingerprint.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014E5E1C
                                              • Part of subcall function 014E576E: crypto_cert_fingerprint_by_hash.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,sha256), ref: 014E5779
                                            • crypto_cert_issuer.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014E5E30
                                            • crypto_cert_subject.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 014E5E3A
                                            • certificate_data_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,00000000,00000000,00000000,?,?), ref: 014E5E4A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                            • String ID:
                                            • API String ID: 1865246629-0
                                            • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction ID: be979231b06e24c76734310e98f443e38ad57a53705c40af5771e2626888ca8b
                                            • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction Fuzzy Hash: 49E01279100209BEDF112F5ADC08C9F7EEDDFA55E9B14812AB9085A230D6718D11D660
                                            Function 01547449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 631 1547449-154745b LoadLibraryA 632 154745d 631->632 633 154745e-15478e4 GetProcAddress * 63 call 155001b 631->633
                                            APIs
                                            • LoadLibraryA.KERNEL32(wtsapi32.dll,01547168), ref: 0154744E
                                            • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0154746B
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0154747D
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0154748F
                                            • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 015474A1
                                            • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 015474B3
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 015474C5
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 015474D7
                                            • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 015474E9
                                            • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 015474FB
                                            • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0154750D
                                            • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0154751F
                                            • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01547531
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01547543
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01547555
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01547567
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01547579
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0154758B
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0154759D
                                            • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 015475AF
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 015475C1
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 015475D3
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 015475E5
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 015475F7
                                            • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01547609
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                            • API String ID: 2238633743-2998606599
                                            • Opcode ID: d131891211190eae9f527a9ffbf7143a636df84645538cbfaae5bdb728b96162
                                            • Instruction ID: 323cc8eb082c960f16ca813e52777dcc4831f94c331fa75865a720f541129600
                                            • Opcode Fuzzy Hash: d131891211190eae9f527a9ffbf7143a636df84645538cbfaae5bdb728b96162
                                            • Instruction Fuzzy Hash: F0B117B4D41315ABDF399F76AD4A8473FABF788778300C81EE8055A218D7BA4068DF90
                                            Function 015314E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 738 15314e3-15314fb 739 1531501-1531509 738->739 740 15316dd 738->740 739->740 742 153150f-1531523 freerdp_error_info 739->742 741 15316df-15316e3 740->741 743 15316e4-15316f0 742->743 744 1531529-153152f 742->744 745 15316f2-15316f9 call 153e717 743->745 746 15316fe-153170a call 153e9a3 743->746 744->740 747 1531535-153153c 744->747 745->746 757 1531710-1531736 call 153ed82 746->757 758 153158e-1531595 746->758 750 153154e-153155a call 153e9a3 747->750 751 153153e-1531549 call 153e717 747->751 760 1531589 750->760 761 153155c-1531586 freerdp_get_error_info_string call 153ed82 750->761 751->750 757->758 758->740 762 153159b-15315a3 758->762 760->758 761->760 765 15315b3-15315ba 762->765 766 15315a5-15315ad 762->766 769 15315c8-15315d4 call 153e9a3 765->769 770 15315bc-15315c3 call 153e717 765->770 766->740 766->765 775 1531600-1531609 freerdp_reconnect 769->775 776 15315d6-15315fd call 153ed82 769->776 770->769 778 153173b-153173e 775->778 779 153160f-153161c freerdp_get_last_error 775->779 776->775 778->741 781 153166b 779->781 782 153161e-1531625 779->782 783 153166d-1531671 781->783 784 1531633-153163f call 153e9a3 782->784 785 1531627-153162e call 153e717 782->785 786 1531673-153167a 783->786 787 153167c-1531688 Sleep 783->787 795 1531641-1531664 call 153ed82 784->795 796 1531667 784->796 785->784 786->740 786->787 787->783 790 153168a-153168e 787->790 790->762 794 1531694-153169b 790->794 797 15316a9-15316b5 call 153e9a3 794->797 798 153169d-15316a4 call 153e717 794->798 795->796 796->781 797->740 805 15316b7-15316da call 153ed82 797->805 798->797 805->740
                                            APIs
                                            • freerdp_error_info.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,015314DF,?,00000000), ref: 01531519
                                            • freerdp_get_error_info_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,?,?,?,?,?,?,015314DF,?,00000000), ref: 0153155D
                                            • freerdp_reconnect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,015314DF,?,00000000), ref: 01531601
                                            • freerdp_get_last_error.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,015314DF,?,00000000), ref: 01531611
                                            • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,015314DF,?,00000000), ref: 0153167E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                            • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                            • API String ID: 968149013-2963753137
                                            • Opcode ID: 7c6c93e556f51f404a7bcd3592b1f78b27af700270721bb105d7fcf32d139f5a
                                            • Instruction ID: 35cbd1d3ec5349226dc8ae8814822b9e0dc6b3a7ce9450e63aab20bb042390c5
                                            • Opcode Fuzzy Hash: 7c6c93e556f51f404a7bcd3592b1f78b27af700270721bb105d7fcf32d139f5a
                                            • Instruction Fuzzy Hash: ED51A57174070276EB227A7EEC86FAE3BA8BBE4A60F14412DF601EF4C2DB7195805754
                                            Function 014FA89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • gdi_get_pixel_format.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,014FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 014FA8B3
                                            • gdi_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,014FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 014FAA40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: gdi_freegdi_get_pixel_format
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                            • API String ID: 1251975138-534786182
                                            • Opcode ID: cf4b9052a83a484f585df8c4cfe16f7c6e1d1a25171f61764963d1b9ac36e909
                                            • Instruction ID: 611f01a0d57488a5ae9012b7ef3403511c4414963f0b7add53d3105278369b35
                                            • Opcode Fuzzy Hash: cf4b9052a83a484f585df8c4cfe16f7c6e1d1a25171f61764963d1b9ac36e909
                                            • Instruction Fuzzy Hash: 5E41A371600703AFDB11AF39DC41B5A7BE5FF64210F24842EE65D9B3A1EF32A8558B60
                                            Function 01536C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 864 1536c86-1536ca5 call 15a35f0 867 1536ca7-1536caa 864->867 868 1536cdf-1536cef call 15a35f0 864->868 869 1536d43 867->869 870 1536cb0-1536cc5 867->870 877 1536da3-1536db3 call 15a35f0 868->877 878 1536cf5-1536cfa 868->878 874 1536d45-1536d49 869->874 872 1536cc7 870->872 873 1536cca-1536cdd call 153706d 870->873 872->873 873->874 885 1536db9-1536dbe 877->885 886 1536e3d-1536e4d call 15a35f0 877->886 878->869 881 1536cfc-1536d0b 878->881 883 1536d11-1536d20 call 1595feb 881->883 884 1537066-1537068 881->884 883->869 892 1536d22-1536d3a call 1595ff6 883->892 884->874 885->869 888 1536dc0-1536de0 call 1595feb 885->888 896 1536e53-1536e58 886->896 897 1536faf-1536fbf call 15a35f0 886->897 888->869 898 1536de6-1536def 888->898 904 1536d4a-1536d4d 892->904 905 1536d3c-1536d3d call 1595f15 892->905 896->869 900 1536e5e-1536e7e call 1595feb 896->900 897->869 911 1536fc5-1536fca 897->911 902 1536df1-1536dfc call 15a3680 898->902 903 1536e19-1536e26 freerdp_device_collection_add 898->903 900->869 919 1536e84-1536e89 900->919 924 1536e16 902->924 925 1536dfe-1536e0f call 1595ff6 902->925 903->884 914 1536e2c-1536e32 call 1595f15 903->914 912 1536d73 904->912 913 1536d4f-1536d60 call 1595ff6 904->913 918 1536d42 905->918 911->869 920 1536fd0-1536ff0 call 1595feb 911->920 916 1536d75-1536d82 freerdp_device_collection_add 912->916 913->916 936 1536d62-1536d6a call 1595f15 913->936 922 1536e37-1536e38 914->922 916->884 923 1536d88-1536da1 call 1595f15 * 3 916->923 918->869 926 1536f5f-1536f62 919->926 927 1536e8f-1536ea5 call 1595ff6 919->927 920->869 943 1536ff6-1536fff 920->943 930 1536d6b-1536d71 call 1595f15 922->930 923->869 924->903 925->903 949 1536e11 925->949 934 1536f65-1536f78 freerdp_device_collection_add 926->934 927->905 950 1536eab-1536eae 927->950 930->918 934->884 942 1536f7e-1536faa call 1595f15 * 5 934->942 936->930 942->869 944 1537001-1537017 call 1595ff6 943->944 945 153703d-153704d freerdp_device_collection_add 943->945 944->905 964 153701d-1537020 944->964 945->884 953 153704f-1537061 call 1595f15 * 2 945->953 949->905 950->926 955 1536eb4-1536eca call 1595ff6 950->955 953->884 967 1536ede-1536ee1 955->967 968 1536ecc-1536ed9 call 1595f15 955->968 964->945 970 1537022-1537033 call 1595ff6 964->970 967->926 974 1536ee3-1536ef9 call 1595ff6 967->974 968->922 970->945 983 1537035 970->983 985 1536efb-1536f12 call 1595f15 * 2 974->985 986 1536f18-1536f1b 974->986 983->945 985->986 986->934 989 1536f1d-1536f2e call 1595ff6 986->989 989->934 994 1536f30-1536f5a call 1595f15 * 4 989->994 994->869
                                            APIs
                                            • freerdp_device_collection_add.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 01536D79
                                            • _strlen.LIBCMT ref: 01536DF4
                                            • freerdp_device_collection_add.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000), ref: 01536E1D
                                            • freerdp_device_collection_add.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000), ref: 01536F6F
                                            • freerdp_device_collection_add.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000), ref: 01537044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_device_collection_add$_strlen
                                            • String ID: drive$parallel$printer$serial$smartcard
                                            • API String ID: 2230162058-807955808
                                            • Opcode ID: 9b08e45805a6173fc891bf168ec52d9f9f242eb566f8ba76854016853ba465a1
                                            • Instruction ID: ae9c8c68191f27284b3e240d57c5a29a3d6fe2fdd08d13da73d03eb61dd2e0b3
                                            • Opcode Fuzzy Hash: 9b08e45805a6173fc891bf168ec52d9f9f242eb566f8ba76854016853ba465a1
                                            • Instruction Fuzzy Hash: EEB1C3B1914607AFDF169F1CD84095E7BA1FF88324B14846EE8249F252FF32DA618F91
                                            Function 014C0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1004 14c0e1f-14c0e32 1005 14c0e34-14c0e3b 1004->1005 1006 14c0e82-14c0e8f call 14c1585 1004->1006 1008 14c0e4d-14c0e59 call 153e9a3 1005->1008 1009 14c0e3d-14c0e48 call 153e717 1005->1009 1014 14c0ee4-14c0f8c call 15929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1006->1014 1015 14c0e91-14c0e98 1006->1015 1017 14c0fdf-14c0fe2 1008->1017 1018 14c0e5f-14c0e7d 1008->1018 1009->1008 1032 14c0ede 1014->1032 1034 14c0f92-14c0f99 1014->1034 1020 14c0eaa-14c0eb6 call 153e9a3 1015->1020 1021 14c0e9a-14c0ea5 call 153e717 1015->1021 1022 14c0ee0-14c0ee3 1017->1022 1023 14c0fd7-14c0fdc call 153ed82 1018->1023 1020->1032 1033 14c0eb8-14c0edb call 153ed82 1020->1033 1021->1020 1023->1017 1032->1022 1033->1032 1036 14c0fab-14c0fb7 call 153e9a3 1034->1036 1037 14c0f9b-14c0fa6 call 153e717 1034->1037 1036->1017 1043 14c0fb9-14c0fd1 1036->1043 1037->1036 1043->1023
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 014C0F64
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 014C0F79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                            • API String ID: 3168844106-1571615648
                                            • Opcode ID: e3a990c0e74c5456f8666bb70602966ae9776ca7dbdb2dcec704c6cd1a6883a6
                                            • Instruction ID: 823e7a3a2bc1eeb93f3f1baef53a82f363e083195214536e2a5942d857fcea0e
                                            • Opcode Fuzzy Hash: e3a990c0e74c5456f8666bb70602966ae9776ca7dbdb2dcec704c6cd1a6883a6
                                            • Instruction Fuzzy Hash: A941F079A40306ABEB24EF69DC46F9A77E4FB48B24F00801EF615FB294D770E5408B94
                                            Function 014F42E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1087 14f42e5-14f43dd call 15a3680 call 154010e CreateFileA GetFileSize call 1595f30 1097 14f4507-14f4514 CloseHandle 1087->1097 1098 14f43e3-14f43f4 ReadFile 1087->1098 1099 14f43fa-14f43fd 1098->1099 1100 14f4500-14f4506 call 1595f15 1098->1100 1099->1100 1101 14f4403-14f4408 1099->1101 1100->1097 1101->1100 1103 14f440e-14f448f SetFilePointer SetEndOfFile 1101->1103 1103->1100 1106 14f4515-14f451e 1103->1106 1107 14f469c-14f46b0 call 154536b 1106->1107 1110 14f4523-14f452c call 15a3680 1107->1110 1111 14f47b3-14f47d8 call 153e9a3 1107->1111 1110->1107 1116 14f4532-14f454e call 14f484b 1110->1116 1111->1100 1119 14f47de-14f47ed call 1595fd8 * 2 call 15a3e39 1111->1119 1116->1107 1122 14f4554-14f4624 call 14f4878 call 15a35f0 call 14b8b2e 1116->1122 1122->1100 1135 14f462a-14f463c call 1595f30 1122->1135 1135->1107 1135->1111
                                            APIs
                                            • _strlen.LIBCMT ref: 014F42FA
                                            • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 014F4320
                                            • GetFileSize.KERNEL32(00000000,?), ref: 014F433A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: File$CreateSize_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 2645226956-2916857029
                                            • Opcode ID: 24cea4c19c324cb187358540706ed61244385e8825a1cbb517ab7a447cb09608
                                            • Instruction ID: be9ccd65abcc5a43d05849c6a934bdde8e23af8313872c1e9703b2c6a2717b2e
                                            • Opcode Fuzzy Hash: 24cea4c19c324cb187358540706ed61244385e8825a1cbb517ab7a447cb09608
                                            • Instruction Fuzzy Hash: 1A5166B1900216AEEF21AFB8DC459BF7BBCEF55624F14412FFA11EA750EB3099008761
                                            Function 014C0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1138 14c0c4d-14c0c61 1139 14c0cb1-14c0cbf call 14c155c 1138->1139 1140 14c0c63-14c0c6a 1138->1140 1147 14c0d15-14c0dc4 call 15929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1139->1147 1148 14c0cc1-14c0cc8 1139->1148 1142 14c0c7c-14c0c88 call 153e9a3 1140->1142 1143 14c0c6c-14c0c77 call 153e717 1140->1143 1154 14c0c8e-14c0cac 1142->1154 1155 14c0e17-14c0e1a 1142->1155 1143->1142 1165 14c0d0e 1147->1165 1168 14c0dca-14c0dd1 1147->1168 1152 14c0cda-14c0ce6 call 153e9a3 1148->1152 1153 14c0cca-14c0cd5 call 153e717 1148->1153 1152->1165 1166 14c0ce8-14c0d0b call 153ed82 1152->1166 1153->1152 1156 14c0e0f-14c0e14 call 153ed82 1154->1156 1157 14c0d10-14c0d14 1155->1157 1156->1155 1165->1157 1166->1165 1170 14c0de3-14c0def call 153e9a3 1168->1170 1171 14c0dd3-14c0dde call 153e717 1168->1171 1170->1155 1177 14c0df1-14c0e09 1170->1177 1171->1170 1177->1156
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 014C0D92
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 014C0DB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                            • API String ID: 3168844106-4217659166
                                            • Opcode ID: 4220534ee8c2d6fedd6ddc0993d692f116c86b3d28ad70c5e83d2c5d80f1197f
                                            • Instruction ID: 4919c1df97e945fb4c11d1837afc914032ccd3574130a662a983ef8e2e428212
                                            • Opcode Fuzzy Hash: 4220534ee8c2d6fedd6ddc0993d692f116c86b3d28ad70c5e83d2c5d80f1197f
                                            • Instruction Fuzzy Hash: CF51A379A40306EFEB24DF69DC46F9A7BE4EB44B24F10401EFA15AB291E770E540CB58
                                            Function 015C5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 015C5F24
                                            • avc444_ensure_buffer, xrefs: 015C5F1F
                                            • YUV buffer not initialized! check your decoder settings, xrefs: 015C5F1A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                            • API String ID: 733272558-18228272
                                            • Opcode ID: a78ad0de7ef639e6350eb314eb566ae6aefee95d9b5b4017a948377d59dfc7a6
                                            • Instruction ID: 313d23d36bc51be3d9e3a9195040eb89fde9e1d7763621d62dd4dedbd1f53c37
                                            • Opcode Fuzzy Hash: a78ad0de7ef639e6350eb314eb566ae6aefee95d9b5b4017a948377d59dfc7a6
                                            • Instruction Fuzzy Hash: 5A41BE71650303AFDB259FA9CC81A5ABBE5FB54714F54883EE686CE660E3B1F850CB40
                                            Function 015C3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000400,00000001), ref: 015C3B87
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000401,00000000), ref: 015C3BB7
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000404,?), ref: 015C3BDB
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000402,00000000), ref: 015C3BFA
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000014,?), ref: 015C3C12
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000006C1,?), ref: 015C3C2B
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000403,?), ref: 015C3C44
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000015,00000000), ref: 015C3C60
                                            • freerdp_settings_set_uint32.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000013,?), ref: 015C3C82
                                            • freerdp_target_net_addresses_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 015C3C93
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                            • String ID:
                                            • API String ID: 949014189-0
                                            • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction ID: a0d20169ba40a43183eaf7f8c5b844f67b01cd81bdd93f859290a4a4090278e5
                                            • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction Fuzzy Hash: 6D41B270600A0BBFFB615FA9CC44FAA7B94BF14754F04402DEB058A6A0E773E460C795
                                            Function 01571612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 01545CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01571701,00000001), ref: 01545CF9
                                            • zgfx_context_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 01571874
                                              • Part of subcall function 015C693A: zgfx_context_reset.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000,00000000,?,01571879,00000000), ref: 015C6964
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                            • API String ID: 3732774510-3243565116
                                            • Opcode ID: 7faaa77e5e76f1f2abbe18d5a01094967aaaec4a7b3bb3202f33c01d4d0f7069
                                            • Instruction ID: fd30b33bbcbafd9dfc865c4cf398bf22f84607e96ca8ca2caac651f28cf201ed
                                            • Opcode Fuzzy Hash: 7faaa77e5e76f1f2abbe18d5a01094967aaaec4a7b3bb3202f33c01d4d0f7069
                                            • Instruction Fuzzy Hash: 8A71B6B1684B036FE7269F2AEC83B9977E4FB55764F10042DF6469F680EB70A4408B84
                                            Function 014FE4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 01546B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,014FE59B,00000001,00006060,00000010), ref: 01546B3E
                                            • GetVersionExA.KERNEL32(?), ref: 014FE5CD
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 014FE5E7
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 014FE612
                                            • primitives_get.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE ref: 014FE6DC
                                            • CreateThreadpool.KERNEL32(00000000), ref: 014FE6E2
                                            Strings
                                            • com.freerdp.codec.rfx, xrefs: 014FE530
                                            • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 014FE605
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                            • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                            • API String ID: 3882483829-2530424157
                                            • Opcode ID: 54f105a37a948638a84c086b1813e415e5c5b9ef38e8929c0fec613b04529860
                                            • Instruction ID: 4c9fcabebd52254a1c1adc21ad601953664d70063988d9d9ca98066a2ee8540e
                                            • Opcode Fuzzy Hash: 54f105a37a948638a84c086b1813e415e5c5b9ef38e8929c0fec613b04529860
                                            • Instruction Fuzzy Hash: 0D41C1B1A00717AFEB24AF75DC85B56BBF8FF45204F10442EE619AB751EB30D8448B50
                                            Function 0153E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0153E8B2
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0153E8D6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                            • API String ID: 1431749950-225596728
                                            • Opcode ID: 8e69d72577d5db30a74fab09063bfdd8a1eb4a627caf1adb83e507799cd20e35
                                            • Instruction ID: 29419c1f7702b6e7e071697cf953012cf47df64033950df7c92ef566a9308705
                                            • Opcode Fuzzy Hash: 8e69d72577d5db30a74fab09063bfdd8a1eb4a627caf1adb83e507799cd20e35
                                            • Instruction Fuzzy Hash: 8421C4332583576ABB65626AAC4BE3F1BDDFBD2974710002EF416AF080EF9498414772
                                            Function 014B3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 014C48D9
                                            • freerdp_set_last_error_ex.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 014C498F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_set_last_error_ex
                                            • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                            • API String ID: 270715978-29603548
                                            • Opcode ID: 3261ad75eaa8fadd28e9a7355d8fb8a2d6f451f140bf0e900a156d03cc466818
                                            • Instruction ID: 0436b222de3cdba21231e95165669dbfece97b76b4591b87ecdd09784108f6ec
                                            • Opcode Fuzzy Hash: 3261ad75eaa8fadd28e9a7355d8fb8a2d6f451f140bf0e900a156d03cc466818
                                            • Instruction Fuzzy Hash: 5E21FC75A40312B6E7106F69DC52FEB7BA8BB61F10F04405FFA097B291E7B09540CAA1
                                            Function 015C58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,?,?,015C5425,?,?,?,?,00000000,?), ref: 015C58FA
                                            • audio_format_get_tag_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000001,00000000,?,?,015C5425,?,?,?,?,00000000,?), ref: 015C5902
                                            • audio_format_compatible.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(015C5425,?,?,?,?,015C5425,?,?,?,?,00000000,?), ref: 015C594D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string$audio_format_compatible
                                            • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                            • API String ID: 204136587-155179076
                                            • Opcode ID: a7937afa72bea64ab1064336fe36de4e3aeda866c88bcfd28e84d4d95c9f109d
                                            • Instruction ID: 267ab91ea2c114a78ded22aa04d3fe0bb243eb1d004cc3f032a8ec691a33a114
                                            • Opcode Fuzzy Hash: a7937afa72bea64ab1064336fe36de4e3aeda866c88bcfd28e84d4d95c9f109d
                                            • Instruction Fuzzy Hash: F621DDA1B543066EE7255EE9EC83FBA33D8EB91E24F11041EF649EF1C4F690A5408768
                                            Function 01544B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(secur32.dll,?,01544AEC), ref: 01544B18
                                            • LoadLibraryA.KERNEL32(security.dll,?,01544AEC), ref: 01544B28
                                            • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01544B42
                                            • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01544B51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                            • API String ID: 2574300362-4081094439
                                            • Opcode ID: 9e3a9b77062fa74d51b6364a506e209d3ee635793f37e1e369d98a3f61151f8c
                                            • Instruction ID: 8510c2012443bcf58bd88b2ee2e448baa6c8b14182e72a85d06807713ec5aa21
                                            • Opcode Fuzzy Hash: 9e3a9b77062fa74d51b6364a506e209d3ee635793f37e1e369d98a3f61151f8c
                                            • Instruction Fuzzy Hash: C1F01976D51766579F369BBEBC00A5B3FECAE84564306815BD840D7208EFB0C4414FA1
                                            Function 014D501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_read_universal_tag.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000002,00000000), ref: 014D502A
                                            • ber_read_length.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 014D503F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ber_read_lengthber_read_universal_tag
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                            • API String ID: 3186670568-2454464461
                                            • Opcode ID: 7984911f308d00a983eb0f9f2df4e0f3da778e269dd5bbc21177a047e50d1d93
                                            • Instruction ID: 4b86b6ade7e7c1a9e2b6f307d930171b3192841c2f935663e195012d0e74b8a2
                                            • Opcode Fuzzy Hash: 7984911f308d00a983eb0f9f2df4e0f3da778e269dd5bbc21177a047e50d1d93
                                            • Instruction Fuzzy Hash: DE416DB1B043126BDF218F39CC61B2A3BF5EB92621F04856FE5558F399DA34D600CB60
                                            Function 01519C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 01519C6E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: region16_rects
                                            • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                            • API String ID: 844131241-2640574824
                                            • Opcode ID: d7dcced16613d2aeb19c9c966c59688a5daf6bdd6aa4c0b8339b04a4ab2354ea
                                            • Instruction ID: 217c75b00155a574f1c93f7f10b6ee1467afdb3203e1347daae03218df89910b
                                            • Opcode Fuzzy Hash: d7dcced16613d2aeb19c9c966c59688a5daf6bdd6aa4c0b8339b04a4ab2354ea
                                            • Instruction Fuzzy Hash: 2C3193B278030376F631666AAC53F6A37D9EBA4B25F20011DF945AE1C4FA9299408360
                                            Function 014B2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 014B2C14
                                            • clearChannelError.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 014B2C1B
                                              • Part of subcall function 014B26E1: ResetEvent.KERNEL32(?), ref: 014B270A
                                              • Part of subcall function 014C8142: ResetEvent.KERNEL32(?,?,014B2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 014C814E
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 014B2BFC
                                            • ConnectionResult, xrefs: 014B3077
                                            • freerdp_connect, xrefs: 014B2C01
                                            • freerdp, xrefs: 014B3062
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                            • API String ID: 3632380314-3564821047
                                            • Opcode ID: 966864c9e1c05a7fbe67300770881e6bb668118ec2de71a9c42063a8f6de54c1
                                            • Instruction ID: 612aba4b3b74139cb31e158d5e02eb6836b8209a8c1c73dfce69670cb7a20405
                                            • Opcode Fuzzy Hash: 966864c9e1c05a7fbe67300770881e6bb668118ec2de71a9c42063a8f6de54c1
                                            • Instruction Fuzzy Hash: 0B318371600206AFE710DF6AD8C5FEAB7E8BF58350F10006AE904EB265DB71A950CB60
                                            Function 014D53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_write_universal_tag.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000002,00000000), ref: 014D5415
                                            • ber_write_length.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000001,?,00000002,00000000), ref: 014D541D
                                            • ber_write_universal_tag.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000002,00000000), ref: 014D5440
                                            • ber_write_length.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000002,?,00000002,00000000), ref: 014D5448
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ber_write_lengthber_write_universal_tag
                                            • String ID:
                                            • API String ID: 1889070510-0
                                            • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction ID: 2691b0e413f15afa00d3f8f6a8bb4ba23a85487fa041f5747c46ef267262e5a2
                                            • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction Fuzzy Hash: A721FB30201740AFDF125B05CD61BAB7775EF21B01F04446FF94A5F6A2CA31BA01CBA2
                                            Function 014DCB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCB79
                                            • brush_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCB86
                                            • pointer_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCB94
                                            • bitmap_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCBA2
                                            • offscreen_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCBB0
                                            • palette_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCBBE
                                            • nine_grid_cache_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCBCC
                                            • cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 014DCBDE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                            • String ID:
                                            • API String ID: 2332728789-0
                                            • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction ID: 7be024e733ca1143f8c062cf12a734407fa11527cbe9057333509cdc6ea97049
                                            • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction Fuzzy Hash: 6D016535144B075AFB256A7AB8A0D2B6BE88F62970710443FD541D6BA0EF30D001E771
                                            Function 014FEFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_init.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014FF58A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: region16_init
                                            • String ID:
                                            • API String ID: 4140821900-0
                                            • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction ID: 28899ddc3163d33fc4b683a1dd7c9daab9df7de61ae35033e17bac76bb548945
                                            • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction Fuzzy Hash: 2C518E72D0021A9BDB15DFA9C8809EEBBF9FF48304F04452EF609E7254E7359945CB60
                                            Function 014FAA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CreateCompatibleDC.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000,?,?,?,014FA9C7,00000000,?,?,?,?,?,?,?,?,014FA899), ref: 014FAAE7
                                            • gdi_CreateCompatibleBitmap.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,00000000,?,?,?,014FA9C7,00000000,?,?,?,?), ref: 014FAB0E
                                            • gdi_CreateBitmapEx.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,00000000,?,?,?,014FA9C7,00000000,?,?,?,?), ref: 014FAB2A
                                            • gdi_SelectObject.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 014FAB60
                                            • gdi_CreateRectRgn.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000,00000000,00000000), ref: 014FABA5
                                            • gdi_DeleteObject.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014FAC39
                                            • gdi_DeleteDC.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014FAC48
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                            • String ID:
                                            • API String ID: 412453062-0
                                            • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction ID: 2bae19f3287d7c4dd3cb3955b5c179262253e4a68ef46db894e0d2d5f7ace873
                                            • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction Fuzzy Hash: CA5129752007069FD726DF28C884EA6BBE0FF5C310B0545AEEA8A8B761E771E841CF40
                                            Function 0154EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01546939,?,?,?,?,01546A0A,?), ref: 0154EABD
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01546939,?,?,?,?,01546A0A,?,?,00000000), ref: 0154EAE7
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01546939,?,?,?,?,01546A0A,?,?,00000000), ref: 0154EB14
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01546939,?,?,?,?,01546A0A,?,?,00000000), ref: 0154EB37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                            • API String ID: 1431749950-2760771567
                                            • Opcode ID: faefd7f7992f1a2f48c4c73218b7e87563a1325ba1b9836d5216664f3708979d
                                            • Instruction ID: fe0a3a95a13b51552e73f548d488ce83eb5761f9718c8adbd66f14df1e88eb00
                                            • Opcode Fuzzy Hash: faefd7f7992f1a2f48c4c73218b7e87563a1325ba1b9836d5216664f3708979d
                                            • Instruction Fuzzy Hash: 2C31F5B1911713BFDB255FA99C4AC6E7FA8FF8166C3100419E9059F600EB789C15CBB1
                                            Function 00F38EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01771278,Function_00068C90,00F38EC0,00000000), ref: 00F38F0A
                                            • GetLastError.KERNEL32 ref: 00F38F38
                                            • TlsGetValue.KERNEL32 ref: 00F38F46
                                            • SetLastError.KERNEL32(00000000), ref: 00F38F4F
                                            • RtlAcquireSRWLockExclusive.NTDLL(01771284), ref: 00F38F61
                                            • RtlReleaseSRWLockExclusive.NTDLL(01771284), ref: 00F38F73
                                            • TlsSetValue.KERNEL32(00000000,?,?,00000000,00F1B080), ref: 00F38FB5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                            • String ID:
                                            • API String ID: 389898287-0
                                            • Opcode ID: 17536b872573095b7cd1229f49daca3a3371d997317555f6fb15b0d49fd63be2
                                            • Instruction ID: 6575f856f2188cb5d29a8cb97d55b73ed24cb85d4e7e0cd3243a94670970ccfd
                                            • Opcode Fuzzy Hash: 17536b872573095b7cd1229f49daca3a3371d997317555f6fb15b0d49fd63be2
                                            • Instruction Fuzzy Hash: B52104B1B00306AFDB205FB8EC48BAE7BA5FB447B1F410034F915DA244DF719944ABA1
                                            Function 0154F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(00000002,00000002,00000011), ref: 0154F673
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01546921,?,?,?,?,01546A0A,?,?,00000000,?,0153E976,00000000), ref: 0154F68A
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01546921,?,?,?,?,01546A0A,?,?,00000000,?,0153E976,00000000), ref: 0154F6AB
                                            • closesocket.WS2_32(?), ref: 0154F6E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$closesocketsocket
                                            • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                            • API String ID: 65193492-3368084233
                                            • Opcode ID: fcd139b9d85c59c0c75823b1903084157f11bc0ab3618505941bb47bb99f0f3d
                                            • Instruction ID: 00980c4c65a7c7d8ffb1bc20569fb8fd16e6e8812626ed8634f9d134ff635a35
                                            • Opcode Fuzzy Hash: fcd139b9d85c59c0c75823b1903084157f11bc0ab3618505941bb47bb99f0f3d
                                            • Instruction Fuzzy Hash: 4721D171104B526BE3355F7D9C09A1B7BE4FB8076CF10081FF6529E9A0EBB1A4018B51
                                            Function 0155001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(winsta.dll,?,015478D9,017F7120), ref: 01550023
                                            • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0155003C
                                            • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 01550052
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                            • API String ID: 2238633743-2382846951
                                            • Opcode ID: 0b8ea709fd3080e2a21af2c294b1940c7847a02ed093b14e172eba0e6904b638
                                            • Instruction ID: a51440b3ad9e2456b92e30b7e3683c695d16cbc10e80962c14ebabfb0e4ee00f
                                            • Opcode Fuzzy Hash: 0b8ea709fd3080e2a21af2c294b1940c7847a02ed093b14e172eba0e6904b638
                                            • Instruction Fuzzy Hash: 66015EB05013448FDB999FB5D81DAA53BE4BB05354F4A48BAF84ACF2A2DF319045DF10
                                            Function 014DCB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014DCB1E
                                            • brush_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 014DCB26
                                            • pointer_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?), ref: 014DCB2E
                                            • bitmap_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?), ref: 014DCB36
                                            • offscreen_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?), ref: 014DCB3E
                                            • palette_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?), ref: 014DCB46
                                            • nine_grid_cache_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?), ref: 014DCB4E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                            • String ID:
                                            • API String ID: 637575458-0
                                            • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction ID: 0ccc7dc87dab98ef784106c1a615ddcaa4b8fb3fd596fec7c1439905ef0948bf
                                            • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction Fuzzy Hash: 1CE06D31411A16ABCE323F63DC51C0EBBA6AF31650700492EF59A255708B32AC60AE81
                                            Function 0151DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CRgnToRect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0151E040
                                            • gdi_RgnToRect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?), ref: 0151E04F
                                            • gdi_CRgnToRect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0151E062
                                            • gdi_RgnToRect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?), ref: 0151E0A3
                                            • gdi_CRgnToRect.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,?,?,?), ref: 0151E0C8
                                            • gdi_RectToCRgn.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0151E147
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-0
                                            • Opcode ID: 33aed42aaf610ad2d6803f782e36d0a3f0a066ce84c1f93463a71dd4f35fd4ca
                                            • Instruction ID: 3f5cfd8ddb3617520a9f104ac1b2a12263014d881e00dbba009d209919279ded
                                            • Opcode Fuzzy Hash: 33aed42aaf610ad2d6803f782e36d0a3f0a066ce84c1f93463a71dd4f35fd4ca
                                            • Instruction Fuzzy Hash: DF51E571D0121EEFDF16DF98C8818EEBBB9FF88710B10441AE915AB254D771AA41CFA0
                                            Function 014F1D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_uint32.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C0,?), ref: 014F1DA2
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C8,00000001), ref: 014F1DCC
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C8,00000000), ref: 014F1DE8
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C9,00000000), ref: 014F1DFC
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C8,00000000), ref: 014F1E19
                                            • freerdp_settings_set_bool.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,000007C9,00000000), ref: 014F1E2D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                            • String ID:
                                            • API String ID: 4272850885-0
                                            • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction ID: c95df1a26e2f1ac0d4cd9f86f505aec060ac358aa8f76c5087b53cc1b0090b86
                                            • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction Fuzzy Hash: CF11C862F85203F5F96024698C91F6B2A5C4F71D65F05042FFF0CA53E0E9B5B20284B6
                                            Function 01518AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01518C2B
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01518DBF
                                            • freerdp_image_copy_from_icon_data, xrefs: 01518DBA
                                            • 1bpp and 4bpp icons are not supported, xrefs: 01518DB5
                                            • com.freerdp.color, xrefs: 01518D98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                            • API String ID: 1523062921-332027372
                                            • Opcode ID: 27f2932cd56159f82139fe944e642f849ba98f4fa9b4c0e1c0e6f4276ef2d5ff
                                            • Instruction ID: 90f3c35845d8f59676c7ad4f8b881189fb271715361c3f9c5715b926e531b228
                                            • Opcode Fuzzy Hash: 27f2932cd56159f82139fe944e642f849ba98f4fa9b4c0e1c0e6f4276ef2d5ff
                                            • Instruction Fuzzy Hash: 3251C9B1600219AAEF259F19CC51BFE7BA8FF58210F4481A9FA15AA184D7709A84CF64
                                            Function 01538423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: kbd-lang-list$kbd-list$monitor-list
                                            • API String ID: 0-1393584692
                                            • Opcode ID: 9a996e04f57bd900301f5c4d34f7037d89d860d0ba1057d850e7b3ceeef5ac32
                                            • Instruction ID: d1d8eb8062a649729e5a3bc44d3b5a1da66fba217cc48f5943133eb4a19199f5
                                            • Opcode Fuzzy Hash: 9a996e04f57bd900301f5c4d34f7037d89d860d0ba1057d850e7b3ceeef5ac32
                                            • Instruction Fuzzy Hash: A431D63290121AABCF24DAA9DD45DDFB7ECFB94324F0406A5F908AB191D770DA40DAE0
                                            Function 01509962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01509AF0
                                            • com.freerdp.codec, xrefs: 01509AD0
                                            • interleaved_compress, xrefs: 01509AF5
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01509AFA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                            • API String ID: 0-4054760794
                                            • Opcode ID: 625e6d730b43e26939756c1d5aa7fee8a316c5a69bdd0614704a5920f32017eb
                                            • Instruction ID: 20debe4f6b90bf5a2b0be50fa24e0dd650e49d8cd855d1c7c17b46a3e989b8f9
                                            • Opcode Fuzzy Hash: 625e6d730b43e26939756c1d5aa7fee8a316c5a69bdd0614704a5920f32017eb
                                            • Instruction Fuzzy Hash: AB216572304206BBFF269E9ADC46FEF3B58FF54668F484118FA085E195E671E850CB50
                                            Function 0153E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                            • API String ID: 689400697-743139187
                                            • Opcode ID: 10b941859767658055756aab27d3a6fabfcaf3a146d96796f2fc450a674aedee
                                            • Instruction ID: e5196a567d6f9ae469c71e51e08cd0dfd292da1985ccc0a6b1518031bd677687
                                            • Opcode Fuzzy Hash: 10b941859767658055756aab27d3a6fabfcaf3a146d96796f2fc450a674aedee
                                            • Instruction Fuzzy Hash: 9E219632280245BBEF665E96DC06E9B3F6DFF95B64F04405CFA04AE0A0C672D960D7A4
                                            Function 0153E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543DA3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                            • API String ID: 689400697-1744466472
                                            • Opcode ID: f787b7f58ebd07696ddb33432554044b0da363d470e80a3b141a13ebb1ff9f30
                                            • Instruction ID: 1ec401e978d4d10eb07d5e88a33ff164e1efcbbcb542a22ee255b50c94b8f9c8
                                            • Opcode Fuzzy Hash: f787b7f58ebd07696ddb33432554044b0da363d470e80a3b141a13ebb1ff9f30
                                            • Instruction Fuzzy Hash: A7213936240205BFDF265E9AEC06EAB3F6DFF99664F044058FA046A1B0D672D960D760
                                            Function 014C11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 014C11FA
                                            • getChannelError.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014C1248
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelDetached$freerdp
                                            • API String ID: 3987305115-436519898
                                            • Opcode ID: 01e249e25ebfc67bd08abbde6a650ce89e0691fd8573b0971db40bb609b203c6
                                            • Instruction ID: d7f6b812674eda540d08b581cabe8a7ab00945bf8cc2f17223fcd04ebc3818c5
                                            • Opcode Fuzzy Hash: 01e249e25ebfc67bd08abbde6a650ce89e0691fd8573b0971db40bb609b203c6
                                            • Instruction Fuzzy Hash: 8C216275A00209EFDB50DF98C884F9EBBF5FF48740F10446AE944EB252D770AA50CB90
                                            Function 014C0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 014C0B64
                                            • getChannelError.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014C0BB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelAttached$freerdp
                                            • API String ID: 3987305115-2646891115
                                            • Opcode ID: 894068e4514f09d9ea31e0ece003cef43355b67ed19fefdffc3945b5217013f5
                                            • Instruction ID: 6fd968ac847435fec1614e478b92659e125ad501db82f3bbcdf98ff44c4f96ee
                                            • Opcode Fuzzy Hash: 894068e4514f09d9ea31e0ece003cef43355b67ed19fefdffc3945b5217013f5
                                            • Instruction Fuzzy Hash: 23212375A0020AEFDF15DF98C884FAEBBF4BF48744F10455AE944AB251D770AA509B90
                                            Function 0153E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543227
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                            • API String ID: 689400697-2657764935
                                            • Opcode ID: e804d28b1f6eb0bff471e4b43b340d2cd1c53e126ce0b779b1a525ce551f8ec4
                                            • Instruction ID: b51e363bcf30f020e1d4f601dff2b6923e3adebfd6ae8320072e8c55e05ea2d4
                                            • Opcode Fuzzy Hash: e804d28b1f6eb0bff471e4b43b340d2cd1c53e126ce0b779b1a525ce551f8ec4
                                            • Instruction Fuzzy Hash: F5119D363442067BDF251E5ADC07EAB3F6DFF94724F00405CFA046A1A0D671D920DB64
                                            Function 0153E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154384E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                            • API String ID: 689400697-2008077614
                                            • Opcode ID: 5c14b1dd7d303f1187cfdb31d54b6a6b9e7157afc88bf21993847a60c99e1c94
                                            • Instruction ID: fcbcb91b92d6974cf37099fec948dcfe9dbf4a94f02c1724675520fd0502d2f6
                                            • Opcode Fuzzy Hash: 5c14b1dd7d303f1187cfdb31d54b6a6b9e7157afc88bf21993847a60c99e1c94
                                            • Instruction Fuzzy Hash: E111BC762402067BEF255E56EC07EAB3F7DFF95B24F00405DFA04AA1A0D672D920D7A4
                                            Function 0153E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015432F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                            • API String ID: 689400697-1172745827
                                            • Opcode ID: 7d9b8abc7090fa50a070e87a9f06466d033a6610ebbc6c6414d87db8bf3a36a4
                                            • Instruction ID: 537942c81ae5353123fddc22f434da6a96695f46ccfa503dc349caa5cfc89ab8
                                            • Opcode Fuzzy Hash: 7d9b8abc7090fa50a070e87a9f06466d033a6610ebbc6c6414d87db8bf3a36a4
                                            • Instruction Fuzzy Hash: 5D11B7362402067BEF251E5ADC07E9B3FADFF95624F00405CFA046A1A0DA72D560DBA4
                                            Function 0153E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015433CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                            • API String ID: 689400697-3640258815
                                            • Opcode ID: e3854daf0b49b32561f7dd5e4d50452710aa0acbc45a252ed6ebbc0b0ee5587f
                                            • Instruction ID: 1f9bffaca7fe5d54b7421f8e56f2e583a0ecdf735d4d8e3931d2eab5b65e5902
                                            • Opcode Fuzzy Hash: e3854daf0b49b32561f7dd5e4d50452710aa0acbc45a252ed6ebbc0b0ee5587f
                                            • Instruction Fuzzy Hash: 291158353802157BEB651A5AEC0BE6B3F6DFFD1A64F00405CFA00AF190DAA19550D764
                                            Function 0153E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543548
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                            • API String ID: 689400697-3257054040
                                            • Opcode ID: e7bebd7514da30cf49b55e5647e0a71471000ddc506bc6e5aa987303bde26bcc
                                            • Instruction ID: ec5772e95e1d84b6ba8d56d8836a9deb6005f9518613c97885af6e29b60e1874
                                            • Opcode Fuzzy Hash: e7bebd7514da30cf49b55e5647e0a71471000ddc506bc6e5aa987303bde26bcc
                                            • Instruction Fuzzy Hash: F71158353802167BEF755A5AEC0BF6B3B6DFB91A64F00405CFA009F1D0D9A1D95097A4
                                            Function 0153E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154360B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                            • API String ID: 689400697-848437295
                                            • Opcode ID: 6dcbeaccd748882ce7d0adff8c635f47c586ebf20aa3aa9d6d855fc363d3aca6
                                            • Instruction ID: e72fc0497be84ffd17929634a7a03900fa9fa282ef11514b04d7e28d20a6d69a
                                            • Opcode Fuzzy Hash: 6dcbeaccd748882ce7d0adff8c635f47c586ebf20aa3aa9d6d855fc363d3aca6
                                            • Instruction Fuzzy Hash: D91198753803177BEB255A5AEC07E6B3FADFB91A24F00005CFA04AE1A0DAA1D95097A4
                                            Function 0153E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015440BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                            • API String ID: 689400697-247170817
                                            • Opcode ID: 23e33236ebfaede2038edd422cdebf44d6410861f702b9b4ba693950a287a02a
                                            • Instruction ID: 3d03263c1aa08b72778e6d5134b97b4392b13b1eb78559c5d64f1554ad8825ab
                                            • Opcode Fuzzy Hash: 23e33236ebfaede2038edd422cdebf44d6410861f702b9b4ba693950a287a02a
                                            • Instruction Fuzzy Hash: A81198363C02067BEB252A5AEC07F6B3FADFFE1A25F00405CFA00AF190D9A1D9109765
                                            Function 0153E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01544544
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                            • API String ID: 689400697-1495805676
                                            • Opcode ID: 25274fe24991335fc109c161a39c849789d1607e12550420c83ae416ec457772
                                            • Instruction ID: cd40d59e512ebcd92d1c1e4ac4bb5e4d871b32471d3769abc79fb7e7298d484f
                                            • Opcode Fuzzy Hash: 25274fe24991335fc109c161a39c849789d1607e12550420c83ae416ec457772
                                            • Instruction Fuzzy Hash: A71186763802067BEF255A5BAC07F9B3FADFB91A64F00405CFA00AE594D9A1D91087A4
                                            Function 0153E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154417E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                            • API String ID: 689400697-1164902870
                                            • Opcode ID: 66649d30dfdfcf8f6bd626ad31e58ac248ec4f174eab8e6ab7f9b688e2f7dade
                                            • Instruction ID: 0492b25e32eeb44326143399462d282b4fcca2ed83e2fff5f604e306627464d6
                                            • Opcode Fuzzy Hash: 66649d30dfdfcf8f6bd626ad31e58ac248ec4f174eab8e6ab7f9b688e2f7dade
                                            • Instruction Fuzzy Hash: 331198363C42067BEB255A5AEC07F5B3F6DFBE5A24F00405CFA01AF190D9A1D6509764
                                            Function 0153E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01544481
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                            • API String ID: 689400697-3834539683
                                            • Opcode ID: 782b88509d43866d52b41a2b8c63276d202c720d940c94856ddb6d1447ccf2e5
                                            • Instruction ID: 9e95a04bba8ef3660039e469d6a504c581056f57c9094b11cd2c0510700eddac
                                            • Opcode Fuzzy Hash: 782b88509d43866d52b41a2b8c63276d202c720d940c94856ddb6d1447ccf2e5
                                            • Instruction Fuzzy Hash: 6D1198753802067BEF251A5AAC07F5B3F6DFBD1A24F00805DFA00AF5D1D9A1DA5097A4
                                            Function 01511A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • ncrush_context_reset.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000), ref: 01511B36
                                            Strings
                                            • com.freerdp.codec, xrefs: 01511AF1
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01511B19
                                            • ncrush_context_new: failed to initialize tables, xrefs: 01511B0F
                                            • ncrush_context_new, xrefs: 01511B14
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ncrush_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                            • API String ID: 2838332675-904927664
                                            • Opcode ID: 73d34e9a8778802a147ebc1888dc7fb9c432039f52f3b33287a512efab9cf605
                                            • Instruction ID: 42e6904218c0b6ef9f49949f3a9fdc658e453055e5089942f0634974942e86e9
                                            • Opcode Fuzzy Hash: 73d34e9a8778802a147ebc1888dc7fb9c432039f52f3b33287a512efab9cf605
                                            • Instruction Fuzzy Hash: 9B110B722007033AF716AB26EC82FD777A8FB90754F10411DF6195B184EFB1A95087B1
                                            Function 0153E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154378E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                            • API String ID: 689400697-3754301720
                                            • Opcode ID: 60d7969daa733dde9d9d5294372858a9c06fefe08d5ab944d94d61c783aae01c
                                            • Instruction ID: 5da011b45053a56baa4e2216185545a8b244c13db2e1e9634c473e613b99825e
                                            • Opcode Fuzzy Hash: 60d7969daa733dde9d9d5294372858a9c06fefe08d5ab944d94d61c783aae01c
                                            • Instruction Fuzzy Hash: 3911A7753803067BEB25565AEC07E6B3FADFBD1A65F00405CFA04AF1D0DAB2DA508764
                                            Function 0153E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015436CE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                            • API String ID: 689400697-3413647607
                                            • Opcode ID: cf2036bdc7ab6e6290355ab8f0338ab0f79e7754be6d7410404d8f43ebb39b3f
                                            • Instruction ID: 32a93f8a3c05e964c2a851652c1fc9d760733d50afaabb40b5230ee1d07dea06
                                            • Opcode Fuzzy Hash: cf2036bdc7ab6e6290355ab8f0338ab0f79e7754be6d7410404d8f43ebb39b3f
                                            • Instruction Fuzzy Hash: 1D11AB753803567BEB25565AEC47E6B3F9CFBD1A25F00405CFA00AF190DAB1DA10C764
                                            Function 0153E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543F3E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                            • API String ID: 689400697-3211427146
                                            • Opcode ID: 10dade960fbe547dab94b8813aaa12536ff1967f90a3ce635ed50212e92b160b
                                            • Instruction ID: 03d5810c29b5e14d39e3d0baf9da74b0aabbc46a2080e31e4fa987ece422c1be
                                            • Opcode Fuzzy Hash: 10dade960fbe547dab94b8813aaa12536ff1967f90a3ce635ed50212e92b160b
                                            • Instruction Fuzzy Hash: 591154353843157BEB252A5AEC07E6B3FADFFD5A24F00405CFA10AF1D0D9A5D9108764
                                            Function 0153E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543E7E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                            • API String ID: 689400697-2578917824
                                            • Opcode ID: e2d9b594213c95f2a44302161591a1cd053e353090186ed0792a46a2e6b707c6
                                            • Instruction ID: d18d8307fe598e025559c1765cda22cb8ac1f94afc6b988d5c814361060c23ec
                                            • Opcode Fuzzy Hash: e2d9b594213c95f2a44302161591a1cd053e353090186ed0792a46a2e6b707c6
                                            • Instruction Fuzzy Hash: 0D11EB363802057BEB75165BEC07E2B3B6CFBD5A24F00405CF5049F190D962C910C760
                                            Function 0151954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 015195B5
                                            Strings
                                            • freerdp_image_scale, xrefs: 015195EB
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 015195F0
                                            • SmartScaling requested but compiled without libcairo support!, xrefs: 015195E6
                                            • com.freerdp.color, xrefs: 015195C8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                            • API String ID: 1523062921-212429655
                                            • Opcode ID: 34d432d487871130c35efe815142f5fc491fec58ebd333344dbb986b4e31522c
                                            • Instruction ID: 4b7f456328606d422231ab84e2c4af2c7269b90710cc95ef5d20ce6f0be6df6c
                                            • Opcode Fuzzy Hash: 34d432d487871130c35efe815142f5fc491fec58ebd333344dbb986b4e31522c
                                            • Instruction Fuzzy Hash: 2621B47224020EBBEF16AF14DC52FAE3BA5FB94714F148109FD056A154E372D910DB40
                                            Function 0153E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01542FF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                            • API String ID: 689400697-1149382491
                                            • Opcode ID: 671dbf72b4f4fabcf5221dcefb5126b9cda254ec1d05cc68ab14f20540fe1b9c
                                            • Instruction ID: 9fb9cfd23fad8b34a0d9a4ca7df6cfcc5eb8bf7d78cde19f70a4d64448dfcddd
                                            • Opcode Fuzzy Hash: 671dbf72b4f4fabcf5221dcefb5126b9cda254ec1d05cc68ab14f20540fe1b9c
                                            • Instruction Fuzzy Hash: B71173353842157BEB35565AEC0BE6B3FADFFD1A68F00405CFA04AE1D0D9A1995087A4
                                            Function 0153E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01542F33
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                            • API String ID: 689400697-255015424
                                            • Opcode ID: e2dc127431ded236d1172eb0b2e488e95d4f94b73783a1c936096425d1a8a3e2
                                            • Instruction ID: 64e355c32a1d85a4e20b441396fa429d020d6d3c60d97749f5c99040bba16b99
                                            • Opcode Fuzzy Hash: e2dc127431ded236d1172eb0b2e488e95d4f94b73783a1c936096425d1a8a3e2
                                            • Instruction Fuzzy Hash: 8211A3353843063BEB25665ABC07E6B3FACFBD1B24F00405CFA15AE190D9A1D95087A4
                                            Function 0153E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543920
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                            • API String ID: 689400697-2845897268
                                            • Opcode ID: efe764f23a3b90957488dd5f42732f73d2db0764c01ade216d679bc862a03bd4
                                            • Instruction ID: 6f191326bac3d99ce2f2b2ed66a14e32676e6f5284ac039c903db1a0a5f137db
                                            • Opcode Fuzzy Hash: efe764f23a3b90957488dd5f42732f73d2db0764c01ade216d679bc862a03bd4
                                            • Instruction Fuzzy Hash: 81118A7538421677EB651A5BEC07E6B3FADFBD1A64F00405CFA00AF1E0DAA1D95087A4
                                            Function 0153E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015439DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                            • API String ID: 689400697-1972714555
                                            • Opcode ID: 3477fc5b67f02c07a9f823332ec7f72f2eb60c16e87fdd8b29ae8b3ab02be44b
                                            • Instruction ID: 396397177108b946f932bb0dd8d871cfffe1c66fe71e1d7dbc682a0389367f25
                                            • Opcode Fuzzy Hash: 3477fc5b67f02c07a9f823332ec7f72f2eb60c16e87fdd8b29ae8b3ab02be44b
                                            • Instruction Fuzzy Hash: 5E1177353C031677EB25565BEC07E6B3FADFBD1A64B00405CF6009F1D0DAA1991087A4
                                            Function 0153E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154316A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                            • API String ID: 689400697-3351603741
                                            • Opcode ID: 1b4ffc639d2dd28b88886d9977202b5c5df574d75afcaf88c2f84039d579aea6
                                            • Instruction ID: c508dba15ac728a309557722e43fe187a37ad5825cbf08e98e2621fd43269a20
                                            • Opcode Fuzzy Hash: 1b4ffc639d2dd28b88886d9977202b5c5df574d75afcaf88c2f84039d579aea6
                                            • Instruction Fuzzy Hash: 541186353842167BEB75265BEC07E6B3FACFBD1A24B00405CFA01AF1D1DAA2D910C7A4
                                            Function 0153E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 015430AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                            • API String ID: 689400697-2261828479
                                            • Opcode ID: 1421a8379bea908c5061a8bf9c056bfa6f92b6bf8653847710cd2f48ce7d6533
                                            • Instruction ID: 1b82a1828c4a7d5783dc1123be1d4b57fdb69d48633a6ac3028a78aab45f29e8
                                            • Opcode Fuzzy Hash: 1421a8379bea908c5061a8bf9c056bfa6f92b6bf8653847710cd2f48ce7d6533
                                            • Instruction Fuzzy Hash: 031173353843157BEB25165BEC0BE6B3BADFBD5A28F00405CFA04AF190D9A1D95087A4
                                            Function 0153E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543FFE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                            • API String ID: 689400697-2156878011
                                            • Opcode ID: 09dd6da86e9f3a9dbc096a7846198c28ae962212bc5941283fdbb35b033f727e
                                            • Instruction ID: 10e6a2bcf7d93607d4714a77ed713958048f706e39246e74913d045de2ca7f70
                                            • Opcode Fuzzy Hash: 09dd6da86e9f3a9dbc096a7846198c28ae962212bc5941283fdbb35b033f727e
                                            • Instruction Fuzzy Hash: 261151353843057BEB25265BAC07F6B3BADFBD1A28B00405CFA05AF191D9A2D95087A4
                                            Function 0153E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 0154348E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                            • API String ID: 689400697-3116451197
                                            • Opcode ID: 6c766e4db4c447fad42fe85373b0d4ebe8e67e08c6b6c0615ecead50a7dc0395
                                            • Instruction ID: c799b1805a658969ab00703b5c8692da5f8abc7caf7a6c797a975ae348549530
                                            • Opcode Fuzzy Hash: 6c766e4db4c447fad42fe85373b0d4ebe8e67e08c6b6c0615ecead50a7dc0395
                                            • Instruction Fuzzy Hash: B21186393843167BEA35162BAC0BF6B3BACFBD1A64F00405CFA04AF1D0D9A1D95087A4
                                            Function 0153E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543A9A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                            • API String ID: 689400697-4185332897
                                            • Opcode ID: 037dcf562afe9e5c54077407b864938a1e5d6bb8275a864fce6a4c763c89d3d9
                                            • Instruction ID: 7c7467287ec9a4bbed0bb9fcb8f6f8ca768516064f2e21eb70419c74a86fd323
                                            • Opcode Fuzzy Hash: 037dcf562afe9e5c54077407b864938a1e5d6bb8275a864fce6a4c763c89d3d9
                                            • Instruction Fuzzy Hash: 0A1186753803167BEA35565BAD07F6B3B9CFBD1A68B00405CFA04AF1D4D9E1991087A4
                                            Function 0153E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543B54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                            • API String ID: 689400697-1791514552
                                            • Opcode ID: 6be71096d458429ac1ce88e149dfddbbd398b90dd0f5b992c28dddc5ab5ee9fb
                                            • Instruction ID: 07304865b2280c11bf52465fa4a7ffa9c095cb0702740518081ffd2bde947a49
                                            • Opcode Fuzzy Hash: 6be71096d458429ac1ce88e149dfddbbd398b90dd0f5b992c28dddc5ab5ee9fb
                                            • Instruction Fuzzy Hash: E811863538431677EB25165BAC0BF6B3F9CFBD1A64F00809DFA00AF5D0D9A1991087A4
                                            Function 0153E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01543C0E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                            • API String ID: 689400697-4242683877
                                            • Opcode ID: 5e0f456dab1f23470befcbd1833f1029e0e18fd9bdb5402a229f68c7e7fb3e60
                                            • Instruction ID: e0e74c66b984ee122e9e1e64168fc0c5d933533036548dab7f341a55aa617a28
                                            • Opcode Fuzzy Hash: 5e0f456dab1f23470befcbd1833f1029e0e18fd9bdb5402a229f68c7e7fb3e60
                                            • Instruction Fuzzy Hash: 4C1186353802167BEA25266BED47F673F9DFFD1A64B00405CFA00AF1E0D9A1DA5087A8
                                            Function 0153E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(017F70C8,01544AA1,00000000,00000000), ref: 01544241
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                            • API String ID: 689400697-954186549
                                            • Opcode ID: 6d50d0f5c8af7f39a93641719dec1dd38c23b778b72b1445e2a8be79e7d6f54b
                                            • Instruction ID: 38d09b2c825d2d496831e09f177dd25e7102d9c35562cb5ae0b908388973af3d
                                            • Opcode Fuzzy Hash: 6d50d0f5c8af7f39a93641719dec1dd38c23b778b72b1445e2a8be79e7d6f54b
                                            • Instruction Fuzzy Hash: 801170753C42067BEA25265BBC07F6B3BADFBE1A64F00405DFA00AF180D9A19A5086A4
                                            Function 015C65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE ref: 015C65CB
                                            Strings
                                            • error when decoding lines, xrefs: 015C6629
                                            • yuv_process_work_callback, xrefs: 015C662E
                                            • com.freerdp.codec, xrefs: 015C660B
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 015C6633
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: primitives_get
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                            • API String ID: 2017034601-2620645302
                                            • Opcode ID: cfa3d50a6f46537a342ecc1c2534eab906b0e20d000e1c77e941b838259ccd27
                                            • Instruction ID: c758fc3d8eb4e3e19e02b047610672ce1bbd0cc701687bfc0027dd425bbda12c
                                            • Opcode Fuzzy Hash: cfa3d50a6f46537a342ecc1c2534eab906b0e20d000e1c77e941b838259ccd27
                                            • Instruction Fuzzy Hash: 0F0184B1A0020BAFDB15DF55DC42F997BA8FF48614F00415DE9099F281EA71E6808B94
                                            Function 015C1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %zd;NAME=%s%zd;PASS=%s
                                            • API String ID: 4218353326-3114484625
                                            • Opcode ID: cc873dc032583602500ac37a99d7ed14e35231f58a0cc72f58e9b2a84ce1a0c3
                                            • Instruction ID: 6ed20c961553da09b6b03a96c08dd480173e71024c5bee821623020671697ecb
                                            • Opcode Fuzzy Hash: cc873dc032583602500ac37a99d7ed14e35231f58a0cc72f58e9b2a84ce1a0c3
                                            • Instruction Fuzzy Hash: D8018071E0020AFFDF45AFE4CC81AADBFB4FF14204F45846DEA059A202E2B68650DB41
                                            Function 01519EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_extents.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 01519F06
                                            • region16_extents.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?), ref: 01519F12
                                            • region16_n_rects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?), ref: 01519F1D
                                            • region16_n_rects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 01519F7D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: region16_extentsregion16_n_rects
                                            • String ID:
                                            • API String ID: 2062899502-0
                                            • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction ID: aaca2e8d21136176561c9282a1b0d0de407943a92a2f021531f5152f660d94b7
                                            • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction Fuzzy Hash: BC512A75D0022AAFDB15DF99C8408AEF7F5FF58350B55806AE859EB354E334AE40CBA0
                                            Function 015C408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strncpy
                                            • String ID:
                                            • API String ID: 2961919466-0
                                            • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction ID: 1ee04f44681f9575eb11f5a8f519da3e52c0225f0d57c7c637310a69a1751dc4
                                            • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction Fuzzy Hash: 491196B9400707AEDB315E94D844F96FBFCFF58208F04492AE5994B511F335A558CBA1
                                            Function 00F38E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01771278,00F38C90,00F38EC0,00000000), ref: 00F38E6A
                                            • GetLastError.KERNEL32 ref: 00F38E7F
                                            • TlsGetValue.KERNEL32 ref: 00F38E8D
                                            • SetLastError.KERNEL32(00000000), ref: 00F38E96
                                            • TlsAlloc.KERNEL32 ref: 00F38EC3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ErrorLastOnce$AllocExecuteInitValue
                                            • String ID:
                                            • API String ID: 2822033501-0
                                            • Opcode ID: 19a635d9ce4ec40a584d3843c119800c0b6d82875d3d03083116e603addabc72
                                            • Instruction ID: 67562610a5ad6c81f5c61759b84113bfbbca2d0588ee3234cd497554974c45dd
                                            • Opcode Fuzzy Hash: 19a635d9ce4ec40a584d3843c119800c0b6d82875d3d03083116e603addabc72
                                            • Instruction Fuzzy Hash: 7D010075A003099FCB209FB8EC48A6A7BB8FB48770F414129F924DB644EF3098448BA1
                                            Function 00F1A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                            • API String ID: 4218353326-3992632484
                                            • Opcode ID: 4ec8ab85bf24cabfe943e727842bebc26aaac8d57b041c9a1a34384322080535
                                            • Instruction ID: d3cb67f9d70f4890df860bf6202151523840a35dd5d8058edb3e417b5cc449bf
                                            • Opcode Fuzzy Hash: 4ec8ab85bf24cabfe943e727842bebc26aaac8d57b041c9a1a34384322080535
                                            • Instruction Fuzzy Hash: FB412472E0035616EB24AA648C41BFE7329FBE5364F144228ED44EA281FB749AD5C2D2
                                            Function 015C49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_print.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?), ref: 015C4A72
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: audio_format_print
                                            • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                            • API String ID: 2744001552-3527835062
                                            • Opcode ID: 41aa86c03c0937af984e17b94e6ad85000f975f63d15ba447889d6e7d6089f86
                                            • Instruction ID: dce8e06b94b7afda400c5a0986e89cd198b931a635cb91a637389bc1eac10a98
                                            • Opcode Fuzzy Hash: 41aa86c03c0937af984e17b94e6ad85000f975f63d15ba447889d6e7d6089f86
                                            • Instruction Fuzzy Hash: 4A11B472A403173BDA11AD5E9C46FAF2B9CFFA6E60F44000DFD046A081EBE1D65082A9
                                            Function 0153783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: audin$rdpsnd
                                            • API String ID: 0-930729200
                                            • Opcode ID: 43c09e70914e7f69c43bc29d162ca6b4226838f4141399fb2088be312139f293
                                            • Instruction ID: 3c30e61351adb41018e714ae6501f8d81f6d209baf1bba1363053f16da3a252c
                                            • Opcode Fuzzy Hash: 43c09e70914e7f69c43bc29d162ca6b4226838f4141399fb2088be312139f293
                                            • Instruction Fuzzy Hash: 28119071E00A1AEBEB29CF29888069EF7B4BB48B51F14822EE2585B100DB706590CBD1
                                            Function 014F4029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 014F403A
                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 014F4060
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 014F4076
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: File$CreatePointer_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 4211031630-2916857029
                                            • Opcode ID: 2dff6907fb8718628d7b9efe70f5d2fb55e3a6da7c6f10ad7b78c25107399e72
                                            • Instruction ID: b08891669866300982cc95a92267463f9ad6a6d1660deb8af47979387b633272
                                            • Opcode Fuzzy Hash: 2dff6907fb8718628d7b9efe70f5d2fb55e3a6da7c6f10ad7b78c25107399e72
                                            • Instruction Fuzzy Hash: F501A235201120BBDB312A66DC4AEA77F2DEF46774F258219FA189D1E2D732C852D7B0
                                            Function 015C4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,?,?,?,?), ref: 015C4737
                                            Strings
                                            • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 015C473E
                                            • audio_format_print, xrefs: 015C4743
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 015C4748
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string
                                            • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                            • API String ID: 2866491501-3564663344
                                            • Opcode ID: c53f372a34db5a5bb6e5fe71b94ca4660d57c6e86115a9721b28bb77640840b8
                                            • Instruction ID: dfbfdf6da079436f140bea9f360982608779e2032bdb87e8868e9ef240a305ba
                                            • Opcode Fuzzy Hash: c53f372a34db5a5bb6e5fe71b94ca4660d57c6e86115a9721b28bb77640840b8
                                            • Instruction Fuzzy Hash: 75F03076140209BADB411F96CC02E7637ADFB98A14B24804DFD1C8C191E677D9A2E764
                                            Function 014B2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_get_last_error.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014B2725
                                            • freerdp_set_last_error_ex.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 014B2745
                                            Strings
                                            • freerdp_abort_connect, xrefs: 014B2739
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 014B2734
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                            • API String ID: 3690923134-629580617
                                            • Opcode ID: 0299e49d3ac495802bfe12a0730bf2765e313b7dbd10a43e1ce917cd736aa246
                                            • Instruction ID: 79dcf8337f5a9bc9169854af95b8a44b6fea592d0f777dcc1032c6bcc3bd3124
                                            • Opcode Fuzzy Hash: 0299e49d3ac495802bfe12a0730bf2765e313b7dbd10a43e1ce917cd736aa246
                                            • Instruction Fuzzy Hash: 80E04835240217EAEA212D5ADC81FD6B798EF20B90F10041FA68576171EBB178509594
                                            Function 015C632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE ref: 015C633F
                                            • primitives_flags.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 015C6353
                                            • TpWaitForWork.NTDLL(00000000,00000000), ref: 015C64A9
                                            • TpReleaseWork.NTDLL(00000000), ref: 015C64B2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                            • String ID:
                                            • API String ID: 704174238-0
                                            • Opcode ID: a70a2a3261e8faaaec330964adf243de34374b2e7e83c5a2030446936ab29051
                                            • Instruction ID: 765b089f211e13ae518e6941ee9eb9e659703bb047786cf6241162ca789834d2
                                            • Opcode Fuzzy Hash: a70a2a3261e8faaaec330964adf243de34374b2e7e83c5a2030446936ab29051
                                            • Instruction Fuzzy Hash: 6861F8B5A0060A9FCB15CFA8C98199EFBF5FF48710B14856AE955EB340D730EA51CF90
                                            Function 0151C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_SetRgn.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?,?,00000000,00000001,?,?), ref: 0151C324
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: gdi_
                                            • String ID:
                                            • API String ID: 2273374161-0
                                            • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction ID: 1205eed08d4f2189d6eb129b2544907cb0d9518ac827000eef066c8d8d0af1f3
                                            • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction Fuzzy Hash: 0A31CB71900209EFDB11DF98C984AAEBBF9FF48210F14846AE915E7214D335EA45CFA1
                                            Function 01545C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01545C16
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01545C34
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01545C54
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01545C9A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Leave$Enter
                                            • String ID:
                                            • API String ID: 2978645861-0
                                            • Opcode ID: df956e86a9e759f878c20151a3df529fff9fba5acfa1a5dc0cf46d3e65c7f4e5
                                            • Instruction ID: 19f1355144d13545a1bb53b8c7823bd9cc9142a2a5dbb985965b13100ff8e7ec
                                            • Opcode Fuzzy Hash: df956e86a9e759f878c20151a3df529fff9fba5acfa1a5dc0cf46d3e65c7f4e5
                                            • Instruction Fuzzy Hash: D121C231120606EFDB20CF18C984B6D7BF4FF85329F114629E992AB240E770B945CB54
                                            Function 01519BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000), ref: 01519BDC
                                            • region16_extents.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 01519BEC
                                            • rectangles_intersects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,?), ref: 01519BF7
                                              • Part of subcall function 015197FD: rectangles_intersection.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,?,?), ref: 0151980C
                                            • rectangles_intersects.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,?), ref: 01519C1A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                            • String ID:
                                            • API String ID: 3854534691-0
                                            • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction ID: 490ab75ba9de7f58161f74d0002769f0f3aaefca75dca85911a4ac93d510bbf0
                                            • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction Fuzzy Hash: 5401263311021A69FB27DB59C8A0EBF77DCFF8016CF14401AE9989E048EB34EE81C1A0
                                            Function 01531F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE ref: 01531F56
                                            • freerdp_context_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000000,?,?), ref: 01531FA4
                                            • freerdp_register_addin_provider.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000000), ref: 01531FC7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                            • String ID:
                                            • API String ID: 3731710698-0
                                            • Opcode ID: c57893ecae2f8270185b80a414267af442f91e93599136287dea98a1619494f7
                                            • Instruction ID: 138c5cccb1580cd3196ffff4f55eb0ae7ccfefd28e2fb8cedcdc06830c20cc36
                                            • Opcode Fuzzy Hash: c57893ecae2f8270185b80a414267af442f91e93599136287dea98a1619494f7
                                            • Instruction Fuzzy Hash: F511C471504F035BD725AF7BD880B9ABBE5BFF0260F14041EE5688B250EB31E450C6B4
                                            Function 015C621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID:
                                            • API String ID: 733272558-0
                                            • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction ID: bb85765aa3e60599449cb3f97a21b1335188f512eb72b16b379c3587aca74172
                                            • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction Fuzzy Hash: CDE04F31441B167FCE737BA4CD1095FBBDABF607157440414E5469B630C6A1A951DBC1
                                            Function 014C6AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 014C7326
                                              • Part of subcall function 014C7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 014C7FCC
                                              • Part of subcall function 014C7F9B: freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?,00000680,?), ref: 014C7FFC
                                            • freerdp_settings_set_string.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000,00000086,?), ref: 014C6D8C
                                            Strings
                                            • C:\Windows\System32\mstscax.dll, xrefs: 014C6F3F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                            • String ID: C:\Windows\System32\mstscax.dll
                                            • API String ID: 2334115954-183970058
                                            • Opcode ID: 09c00d2f7ef24c3b16c98cb139dff7009045929bd2f7be50a0f55e4b8c494801
                                            • Instruction ID: 156beaad395cbeacf317252194c0fdd5bc1ce1d2e0d3b36b19372d5895fb9684
                                            • Opcode Fuzzy Hash: 09c00d2f7ef24c3b16c98cb139dff7009045929bd2f7be50a0f55e4b8c494801
                                            • Instruction Fuzzy Hash: BCE1C6B4514B019FE324DF38D885B93BBE4FF08321F50592EE5AE8B391D771A5848B48
                                            Function 0151D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-3916222277
                                            • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction ID: fa87d13b9fb7497c45f73ef4e09ac1ec4caf49403bcd51c6f4e63b169b731c99
                                            • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction Fuzzy Hash: 8951B37300014ABBEF03DE94CD44DEF7BBABF58244B054256FE1A99024E732E9259BA1
                                            Function 015468CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01546A0A,?,?,00000000,?,0153E976,00000000), ref: 0154697B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: %s: unknown handler type %u$WLog_Appender_New
                                            • API String ID: 2593887523-3466059274
                                            • Opcode ID: 0f77b10efb593f5cadc8debafa7e4a37db8fb26f86ff770b5b04d818a703de85
                                            • Instruction ID: 97d43f75af48ca7036bf044391ac70eb12b330b9982729a86522251369d91ba8
                                            • Opcode Fuzzy Hash: 0f77b10efb593f5cadc8debafa7e4a37db8fb26f86ff770b5b04d818a703de85
                                            • Instruction Fuzzy Hash: A111023F10C21367AA2A3A7D9C49BFF6BACFB9393CB04081AF505AE544DBB5D4016162
                                            Function 014B3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s%s-client.%s$DeviceServiceEntry
                                            • API String ID: 0-2733899524
                                            • Opcode ID: 0bacfa538992fed6681fd6e1b6c5450bc1554a666a92349991e41b32cad72599
                                            • Instruction ID: 8fd47134836956854a8c61f70a29fddf4d8fc730db787e1c175e16220d0603d3
                                            • Opcode Fuzzy Hash: 0bacfa538992fed6681fd6e1b6c5450bc1554a666a92349991e41b32cad72599
                                            • Instruction Fuzzy Hash: 59116072A00219ABAB119E9D8CC5AEF7BACEF94654F18401BFE1197351D770D90187A0
                                            Function 0153EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0153E987), ref: 0153EBF6
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0153E987), ref: 0153EC1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILTER
                                            • API String ID: 1431749950-2006202657
                                            • Opcode ID: e11621b82724f5ba0b1eb1c6b5139dc15609d73509fd5a977154d968a66ba41a
                                            • Instruction ID: f9d8c70b2a93aeb18d5b9a383c12f06667bab63645cae24b828c2051ce434bc7
                                            • Opcode Fuzzy Hash: e11621b82724f5ba0b1eb1c6b5139dc15609d73509fd5a977154d968a66ba41a
                                            • Instruction Fuzzy Hash: CFF0F63321521A2B9B312766FC49C1F7FEDFAD56B8350002EF409CB104FA694C4187A5
                                            Function 0153BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: .msrcIncident$.rdp
                                            • API String ID: 4218353326-1437571178
                                            • Opcode ID: 0d734ae99fc178f817bf98c0c66e389f840046cbecf8c53ddbf5b40c41bb7246
                                            • Instruction ID: d7ea3383532c08f09fc242741941dd753ab8e2b39c878b6bb3bd79d991f3c197
                                            • Opcode Fuzzy Hash: 0d734ae99fc178f817bf98c0c66e389f840046cbecf8c53ddbf5b40c41bb7246
                                            • Instruction Fuzzy Hash: ACF02272E1491F6B8A359AB9DD02A2B7788FA82074314072AE83ACB1D0DE21D81186D2
                                            Function 01544BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01544AE3), ref: 01544BCC
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01544AE3), ref: 01544BEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WINPR_NATIVE_SSPI
                                            • API String ID: 1431749950-1020623567
                                            • Opcode ID: 78789d2c3db29120c35054b8869c29683ab6cdbc64d7e4f89f962f1e136a3785
                                            • Instruction ID: 28e42a5e94f061f9fc34afce27883b88bc86e2e3ffe813c9fef052747bb517f8
                                            • Opcode Fuzzy Hash: 78789d2c3db29120c35054b8869c29683ab6cdbc64d7e4f89f962f1e136a3785
                                            • Instruction Fuzzy Hash: CCF027336E513327EA35216DBC04F2F5EA8EBC2E39B15011DF506DF485DE6044438AD5
                                            Function 0150A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • rfx_context_new.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 0150A2ED
                                              • Part of subcall function 014FE4DD: GetVersionExA.KERNEL32(?), ref: 014FE5CD
                                              • Part of subcall function 014FE4DD: GetNativeSystemInfo.KERNEL32(?), ref: 014FE5E7
                                              • Part of subcall function 014FE4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 014FE612
                                            • progressive_context_free.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 0150A36D
                                            Strings
                                            • com.freerdp.codec.progressive, xrefs: 0150A2CA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                            • String ID: com.freerdp.codec.progressive
                                            • API String ID: 2699998398-3622116780
                                            • Opcode ID: d7be11baceb95697bf7ff883e5afb66e95a923e3d33a2e0ade4e3828d46ce199
                                            • Instruction ID: 4cb9ece8896000fe6ef7f4a9710c82a5e1c5cb500a2ce7141c4e92e9fb5f53cd
                                            • Opcode Fuzzy Hash: d7be11baceb95697bf7ff883e5afb66e95a923e3d33a2e0ade4e3828d46ce199
                                            • Instruction Fuzzy Hash: 0FF05B3250575316E22567B99C01F8F7BD9FFD2570F14402EE645AF5C0D97094018265
                                            Function 014F1ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_get_key_for_name.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(?), ref: 014F1EEF
                                            • freerdp_settings_get_type_for_key.APIIRPCEWSHYUSLQYLILSJZMFGZDTRV-ELEVATE(00000000), ref: 014F1F51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                            • String ID: TRUE
                                            • API String ID: 1888880752-3412697401
                                            • Opcode ID: b92c855f3924760014870c69a4333f15a2cca538dca7e07ec0d01dcefd24f276
                                            • Instruction ID: da8257b580312b76a68dd13e880121451f1a4dfe3400f0592bdced5f5b7ee5c5
                                            • Opcode Fuzzy Hash: b92c855f3924760014870c69a4333f15a2cca538dca7e07ec0d01dcefd24f276
                                            • Instruction Fuzzy Hash: 03E0E532300215AB9A119A9EDC96D9B765CEBA5EA1B11006FF70456310A770D90046B0
                                            Function 014F15BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: bd5cc837a2637cf96c6f66ac5ba385d19d302f7af06eea83eeacd1cda2b07c52
                                            • Instruction ID: 350baf55f7d9cede89bbfbedba93ecde231431d81e3cf3120b71646c68e65950
                                            • Opcode Fuzzy Hash: bd5cc837a2637cf96c6f66ac5ba385d19d302f7af06eea83eeacd1cda2b07c52
                                            • Instruction Fuzzy Hash: B4F0BEB140021BBBDB116EA58C81D9B7A5CFF241A4B450025FE1486321E776D92187E0
                                            Function 014F1493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: 15dbdd4aa0fe746e39535d102cd41e98ad91c6d215f6e557ea5b1774a34a0ca8
                                            • Instruction ID: 210ec19029ae113b1b65587fa5cd14cbb00f72765bde2688a5b59a0271b048f6
                                            • Opcode Fuzzy Hash: 15dbdd4aa0fe746e39535d102cd41e98ad91c6d215f6e557ea5b1774a34a0ca8
                                            • Instruction Fuzzy Hash: 2EF0B8B240021BBBCB21AEA58C81D9B7A9DFF64298B450424FE0493321E776E83187E1
                                            Function 0154717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01547163), ref: 01547190
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01547163), ref: 015471B1
                                              • Part of subcall function 01547310: LoadLibraryA.KERNEL32(?,?,015471C4,00000000,?,?,01547163), ref: 01547316
                                              • Part of subcall function 01547310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0154732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                            • String ID: WTSAPI_LIBRARY
                                            • API String ID: 3590464466-1122459656
                                            • Opcode ID: d41014f04012dc98658ebd84252e090260633fa953443af8eba4b8d27fd411db
                                            • Instruction ID: 48e4b0d355baa11519efc43bf51da97964cc3a73256bce95a247bf08e3eb074a
                                            • Opcode Fuzzy Hash: d41014f04012dc98658ebd84252e090260633fa953443af8eba4b8d27fd411db
                                            • Instruction Fuzzy Hash: C9E0E5321021232FE632265CAC09F5F7A29EBC1B7CF20000DF4015E084AB70045582A2
                                            Function 01547310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,015471C4,00000000,?,?,01547163), ref: 01547316
                                            • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0154732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitWtsApi
                                            • API String ID: 2574300362-3428673357
                                            • Opcode ID: 96ef9731852aee2be3df73185fdad4ed968ee5a1301d0ea6412a98eaef8c5d7f
                                            • Instruction ID: 6e9cf79fd1034b8bbf54ef86e5ed8a9e01817ad83d50fef179c6a81ab81b4ffc
                                            • Opcode Fuzzy Hash: 96ef9731852aee2be3df73185fdad4ed968ee5a1301d0ea6412a98eaef8c5d7f
                                            • Instruction Fuzzy Hash: 3BD05B315447055B9F249FFFAC0651B3FDDE7845643054439EC1DC9504EF71C554A750
                                            Function 015AF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0159B650,016F0388,0000000C), ref: 015AF430
                                            • SetLastError.KERNEL32(00000000), ref: 015AF4D2
                                            • GetLastError.KERNEL32(00000000,?,01595FDD,015AF0E3,?,?,0153F77A,0000000C,?,?,?,?,014B27D2,?,?,?), ref: 015AF581
                                            • SetLastError.KERNEL32(00000000,00000006), ref: 015AF623
                                              • Part of subcall function 015AF066: HeapFree.KERNEL32(00000000,00000000,?,01595F2D,?,?,?,0153FA9A,?,?,?,?,?,014B293F,?,?), ref: 015AF07C
                                              • Part of subcall function 015AF066: GetLastError.KERNEL32(?,?,01595F2D,?,?,?,0153FA9A,?,?,?,?,?,014B293F,?,?), ref: 015AF087
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.1673385548.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00ED0000, based on PE: true
                                            • Associated: 00000002.00000002.1673364375.0000000000ED0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001654000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000165C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000016FB000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000170E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000171F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000176C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.0000000001808000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019EC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000019F1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000023F3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.000000000255A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1673385548.00000000025FD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 00000002.00000002.1679843796.0000000002623000.00000004.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_ed0000_apiirpcewshyuslqylilsjzmfgzdtrv-elevate.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FreeHeap
                                            • String ID:
                                            • API String ID: 3197834085-0
                                            • Opcode ID: fa604995d1e0ad527a92c8ac94efe307e0fc891c930d3a0ddb208f480d4c9790
                                            • Instruction ID: ffea748f79aaad22bf64d762b17abc6304498d5e3e7cc33ef61b08ca67630459
                                            • Opcode Fuzzy Hash: fa604995d1e0ad527a92c8ac94efe307e0fc891c930d3a0ddb208f480d4c9790
                                            • Instruction Fuzzy Hash: 49412B35685B13BFDA727A7CBCC4DAE3688BF95270B904722F661DE1D0DFA489058270

                                            Execution Graph

                                            Execution Coverage:0.5%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:77
                                            Total number of Limit Nodes:6
                                            execution_graph 12891 142b6e0 12896 142b6eb 12891->12896 12892 142b72d RtlExitUserThread 12905 143f717 12892->12905 12894 142b748 12909 143f066 12894->12909 12896->12892 12897 142b717 12896->12897 12899 142b710 CloseHandle 12896->12899 12897->12892 12900 142b723 FreeLibraryAndExitThread 12897->12900 12898 142b755 12901 142b779 12898->12901 12902 142b75c GetModuleHandleExW 12898->12902 12899->12897 12900->12892 12913 142b6a9 12901->12913 12902->12901 12908 143f730 12905->12908 12906 143f74f RtlAllocateHeap 12907 143f764 12906->12907 12906->12908 12907->12894 12908->12906 12908->12907 12910 143f071 HeapFree 12909->12910 12912 143f093 __aligned_free 12909->12912 12911 143f086 GetLastError 12910->12911 12910->12912 12911->12912 12912->12898 12914 142b6b5 12913->12914 12920 142b6d9 12913->12920 12915 142b6c4 12914->12915 12916 142b6bb CloseHandle 12914->12916 12917 142b6d3 12915->12917 12918 142b6ca FreeLibrary 12915->12918 12916->12915 12919 143f066 __aligned_free 2 API calls 12917->12919 12918->12917 12919->12920 12921 142b62b 12922 142b637 12921->12922 12923 142b64b 12922->12923 12924 142b63e GetLastError RtlExitUserThread 12922->12924 12927 143f42c GetLastError 12923->12927 12924->12923 12926 142b650 12928 143f442 12927->12928 12930 143f717 RtlAllocateHeap 12928->12930 12938 143f44c SetLastError 12928->12938 12932 143f479 12930->12932 12931 143f4dc 12931->12926 12934 143f481 12932->12934 12935 143f4b9 12932->12935 12933 143f4e1 12941 143f717 RtlAllocateHeap 12933->12941 12943 143f4fe 12933->12943 12937 143f066 __aligned_free 2 API calls 12934->12937 12954 143f25a 12935->12954 12937->12938 12938->12931 12938->12933 12940 143f066 __aligned_free 2 API calls 12940->12938 12942 143f522 12941->12942 12946 143f52a 12942->12946 12947 143f55e 12942->12947 12944 143f57d GetLastError 12943->12944 12953 143f503 12943->12953 12945 143f593 12944->12945 12949 143f622 SetLastError 12945->12949 12950 143f066 __aligned_free 2 API calls 12946->12950 12948 143f25a 2 API calls 12947->12948 12951 143f569 12948->12951 12949->12926 12950->12943 12952 143f066 __aligned_free 2 API calls 12951->12952 12952->12953 12953->12926 12959 143f0ee 12954->12959 12960 143f0fa 12959->12960 12971 142f2a5 RtlEnterCriticalSection 12960->12971 12962 143f104 12972 143f134 12962->12972 12965 143f200 12966 143f20c 12965->12966 12976 142f2a5 RtlEnterCriticalSection 12966->12976 12968 143f216 12977 143f24e 12968->12977 12971->12962 12975 142f2ed RtlLeaveCriticalSection 12972->12975 12974 143f122 12974->12965 12975->12974 12976->12968 12980 142f2ed RtlLeaveCriticalSection 12977->12980 12979 143f23c 12979->12940 12980->12979 12981 24b29e0 12983 24b29f8 12981->12983 12982 24b2b03 LoadLibraryA 12982->12983 12983->12982 12985 24b2b48 VirtualProtect VirtualProtect 12983->12985 12986 24b2b2c GetProcAddress 12983->12986 12988 24b2bc0 12985->12988 12986->12983 12987 24b2b42 ExitProcess 12986->12987

                                            Executed Functions

                                            Function 024B29E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 24b29e0-24b29f0 1 24b2a02-24b2a07 0->1 2 24b2a09 1->2 3 24b2a0b 2->3 4 24b29f8-24b29fd 2->4 6 24b2a10-24b2a12 3->6 5 24b29fe-24b2a00 4->5 5->1 5->2 7 24b2a1b-24b2a1f 6->7 8 24b2a14-24b2a19 6->8 9 24b2a2c-24b2a2f 7->9 10 24b2a21 7->10 8->7 13 24b2a38-24b2a3a 9->13 14 24b2a31-24b2a36 9->14 11 24b2a4b-24b2a50 10->11 12 24b2a23-24b2a2a 10->12 15 24b2a63-24b2a65 11->15 16 24b2a52-24b2a5b 11->16 12->9 12->11 13->6 14->13 19 24b2a6e 15->19 20 24b2a67-24b2a6c 15->20 17 24b2a5d-24b2a61 16->17 18 24b2ad2-24b2ad5 16->18 17->19 21 24b2ada 18->21 22 24b2a3c-24b2a3e 19->22 23 24b2a70-24b2a73 19->23 20->19 24 24b2adc-24b2ade 21->24 27 24b2a40-24b2a45 22->27 28 24b2a47-24b2a49 22->28 25 24b2a7c 23->25 26 24b2a75-24b2a7a 23->26 30 24b2ae0-24b2ae3 24->30 31 24b2af7 24->31 25->22 32 24b2a7e-24b2a80 25->32 26->25 27->28 29 24b2a9d-24b2aac 28->29 33 24b2aae-24b2ab5 29->33 34 24b2abc-24b2ac9 29->34 30->24 35 24b2ae5-24b2af5 30->35 36 24b2afd-24b2b01 31->36 37 24b2a89-24b2a8d 32->37 38 24b2a82-24b2a87 32->38 33->33 39 24b2ab7 33->39 34->34 40 24b2acb-24b2acd 34->40 35->21 41 24b2b48-24b2b4b 36->41 42 24b2b03-24b2b19 LoadLibraryA 36->42 37->32 43 24b2a8f 37->43 38->37 39->5 40->5 44 24b2b4e-24b2b55 41->44 45 24b2b1a-24b2b1f 42->45 46 24b2a9a 43->46 47 24b2a91-24b2a98 43->47 48 24b2b79-24b2bbd VirtualProtect * 2 44->48 49 24b2b57-24b2b59 44->49 45->36 50 24b2b21-24b2b23 45->50 46->29 47->32 47->46 57 24b2bc0-24b2bc1 48->57 51 24b2b5b-24b2b6a 49->51 52 24b2b6c-24b2b77 49->52 53 24b2b2c-24b2b39 GetProcAddress 50->53 54 24b2b25-24b2b2b 50->54 51->44 52->51 55 24b2b3b-24b2b40 53->55 56 24b2b42 ExitProcess 53->56 54->53 55->45 58 24b2bc5-24b2bc9 57->58 58->58 59 24b2bcb 58->59
                                            APIs
                                            • LoadLibraryA.KERNEL32(?), ref: 024B2B13
                                            • GetProcAddress.KERNELBASE(?,0248CFF9), ref: 024B2B31
                                            • ExitProcess.KERNEL32(?,0248CFF9), ref: 024B2B42
                                            • VirtualProtect.KERNELBASE(00D60000,00001000,00000004,?,00000000), ref: 024B2B90
                                            • VirtualProtect.KERNELBASE(00D60000,00001000), ref: 024B2BA5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                            • String ID:
                                            • API String ID: 1996367037-0
                                            • Opcode ID: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction ID: d0ae418350bdc67fde13f2f37d00c39ec521af3bd17cc9c7e9247e9c20d2f06e
                                            • Opcode Fuzzy Hash: b50c02fb1e5addd90c1ef320e52c503daa375d14adc542cb3435a2c3637ed5af
                                            • Instruction Fuzzy Hash: 8351F2726147125AE732CEB8CCC07E6B791EF4A224718072ADDE2D73C6EBE459468370
                                            Function 0142B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 0143F42C: GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                              • Part of subcall function 0143F42C: SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                            • CloseHandle.KERNEL32(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B711
                                            • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B727
                                            • RtlExitUserThread.NTDLL(?,?,?,0142B817,?,?,0142B689,00000000), ref: 0142B730
                                            • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0142B76E
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                            • String ID:
                                            • API String ID: 1062721995-0
                                            • Opcode ID: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction ID: 5244581fe6ff735b4c11b26be4ea97906a3d4c7666ae54fe677bc28ddb87bbc0
                                            • Opcode Fuzzy Hash: b2f89471aba34c5d33d878e2d96b58d9861e76eccdd753a9be19e1f7ec005260
                                            • Instruction Fuzzy Hash: 40119671900224ABDB209B6ADC04A5B7FA8DFD4760F58412BFA15D73B0DB70D945C791
                                            Function 0142B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetLastError.KERNEL32(01580388,0000000C), ref: 0142B63E
                                            • RtlExitUserThread.NTDLL(00000000), ref: 0142B645
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExitLastThreadUser
                                            • String ID:
                                            • API String ID: 1750398979-0
                                            • Opcode ID: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction ID: 6086993c94fc618f31227310ec58130ff8e3fcd83ce0aada473f565c26069d54
                                            • Opcode Fuzzy Hash: 9e14465dcb7316c599b274ec658852350ac334bbcbb811a9ff39daba6c28fc50
                                            • Instruction Fuzzy Hash: 3DF0C271A00216AFDF21AFB1C409A6E7B74EF65710F14415EF405A72B1CB306981CBA2

                                            Non-executed Functions

                                            Function 013CE437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D43BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                            • API String ID: 689400697-3976766517
                                            • Opcode ID: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction ID: 3d3c1bd64a95e4e8c8ca3d5ec4fd612ade2c6b9b7535c10fd32eb1328bc63899
                                            • Opcode Fuzzy Hash: fc7f2fec4718d16c61fcfc653265d9b454419de52d21be76c82872c5a45660b2
                                            • Instruction Fuzzy Hash: 6D1198773802057FEB216E5AFC47E6B3E6CEB91A55F100068FA00A95D1D961CA60D7B0
                                            Function 013CE42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D42FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                            • API String ID: 689400697-3301108232
                                            • Opcode ID: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction ID: 810d866c165060910277caf65d0c1a3bb98ce342e222a01aaaabe4eeb6144924
                                            • Opcode Fuzzy Hash: 351054de14786e072c38b3193fd3e18c1ccc350005c6e18652feb7dac9235114
                                            • Instruction Fuzzy Hash: C511B2773803057BEB216A5ABC47E6B3E6CFB96A15F000168FA00A95D1D961CA20D7B0
                                            Function 01375E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • crypto_cert_fingerprint.GETSCREEN-156413884-X86(?), ref: 01375E1C
                                              • Part of subcall function 0137576E: crypto_cert_fingerprint_by_hash.GETSCREEN-156413884-X86(?,sha256), ref: 01375779
                                            • crypto_cert_issuer.GETSCREEN-156413884-X86(?), ref: 01375E30
                                            • crypto_cert_subject.GETSCREEN-156413884-X86(?,?), ref: 01375E3A
                                            • certificate_data_new.GETSCREEN-156413884-X86(?,?,00000000,00000000,00000000,?,?), ref: 01375E4A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                            • String ID:
                                            • API String ID: 1865246629-0
                                            • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction ID: a404041bf680b9b395dfa63bbf5ebd5c4f2f21a51e34ae9ab9cb459bad4371a5
                                            • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                            • Instruction Fuzzy Hash: A1E0DF35000209BFCF252F2DCC04CAF7EADEF816E8B048128BC0856220EA32CD1096A0
                                            Function 013D7449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 631 13d7449-13d745b LoadLibraryA 632 13d745d 631->632 633 13d745e-13d78e4 GetProcAddress * 63 call 13e001b 631->633
                                            APIs
                                            • LoadLibraryA.KERNEL32(wtsapi32.dll,013D7168), ref: 013D744E
                                            • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 013D746B
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 013D747D
                                            • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 013D748F
                                            • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 013D74A1
                                            • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 013D74B3
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 013D74C5
                                            • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 013D74D7
                                            • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 013D74E9
                                            • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 013D74FB
                                            • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 013D750D
                                            • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 013D751F
                                            • GetProcAddress.KERNEL32(WTSCloseServer), ref: 013D7531
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 013D7543
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 013D7555
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 013D7567
                                            • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 013D7579
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 013D758B
                                            • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 013D759D
                                            • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 013D75AF
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 013D75C1
                                            • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 013D75D3
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 013D75E5
                                            • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 013D75F7
                                            • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 013D7609
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                            • API String ID: 2238633743-2998606599
                                            • Opcode ID: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction ID: 3896cb70a0008139251e06703b9c09ebde9e8c76644898bb80b48b41fc6e08c9
                                            • Opcode Fuzzy Hash: deb68a957c69fa177e458b1c4a84ac32fac6032421480632235281e1bd3f1d23
                                            • Instruction Fuzzy Hash: 0BB1ADB5D40334BACF315F72AC8A80E3E63F7156767287A1AE4845AB58D7B54070DFA0
                                            Function 013C14E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 738 13c14e3-13c14fb 739 13c16dd 738->739 740 13c1501-13c1509 738->740 742 13c16df-13c16e3 739->742 740->739 741 13c150f-13c1523 freerdp_error_info 740->741 743 13c1529-13c152f 741->743 744 13c16e4-13c16f0 741->744 743->739 745 13c1535-13c153c 743->745 746 13c16fe-13c170a call 13ce9a3 744->746 747 13c16f2-13c16f9 call 13ce717 744->747 750 13c154e-13c155a call 13ce9a3 745->750 751 13c153e-13c1549 call 13ce717 745->751 756 13c158e-13c1595 746->756 757 13c1710-13c1736 call 13ced82 746->757 747->746 762 13c155c-13c1586 freerdp_get_error_info_string call 13ced82 750->762 763 13c1589 750->763 751->750 756->739 760 13c159b-13c15a3 756->760 757->756 764 13c15a5-13c15ad 760->764 765 13c15b3-13c15ba 760->765 762->763 763->756 764->739 764->765 768 13c15bc-13c15c3 call 13ce717 765->768 769 13c15c8-13c15d4 call 13ce9a3 765->769 768->769 775 13c15d6-13c15fd call 13ced82 769->775 776 13c1600-13c1609 freerdp_reconnect 769->776 775->776 778 13c160f-13c161c freerdp_get_last_error 776->778 779 13c173b-13c173e 776->779 780 13c161e-13c1625 778->780 781 13c166b 778->781 779->742 783 13c1627-13c162e call 13ce717 780->783 784 13c1633-13c163f call 13ce9a3 780->784 785 13c166d-13c1671 781->785 783->784 794 13c1667 784->794 795 13c1641-13c1664 call 13ced82 784->795 788 13c167c-13c1688 Sleep 785->788 789 13c1673-13c167a 785->789 788->785 790 13c168a-13c168e 788->790 789->739 789->788 790->760 793 13c1694-13c169b 790->793 797 13c169d-13c16a4 call 13ce717 793->797 798 13c16a9-13c16b5 call 13ce9a3 793->798 794->781 795->794 797->798 798->739 805 13c16b7-13c16da call 13ced82 798->805 805->739
                                            APIs
                                            • freerdp_error_info.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1519
                                            • freerdp_get_error_info_string.GETSCREEN-156413884-X86(00000000,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C155D
                                            • freerdp_reconnect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1601
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C1611
                                            • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,013C14DF,?,00000000), ref: 013C167E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                            • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                            • API String ID: 968149013-2963753137
                                            • Opcode ID: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction ID: 6f57ed85601c1ed12580f7841f3b666beb615a4ce0743806257e00425fefb1a2
                                            • Opcode Fuzzy Hash: 68123cb54b299169f5540c6248901a18231e49756f38580905f700f04bb491b1
                                            • Instruction Fuzzy Hash: 0651AB72780306B7F7226E2DEC46F6A2A98AB20F2CF14412DFA05EE1C6D6B49D505754
                                            Function 0138A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • gdi_get_pixel_format.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138A8B3
                                            • gdi_free.GETSCREEN-156413884-X86(?,?,?,?,?,0138A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0138AA40
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_freegdi_get_pixel_format
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                            • API String ID: 1251975138-534786182
                                            • Opcode ID: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction ID: 159ed97255acf3df06af589bec5dadd90c9c30064dd8a8638358d342e0afeb15
                                            • Opcode Fuzzy Hash: b262a07856bdb95c4113bcec65168303647cc0e2f1f26ce767b521784d3ddbca
                                            • Instruction Fuzzy Hash: 3B41D371200703AFEB11BF38DC40BA9BBA5FF50318F14842EEA589B555EF72A8508B50
                                            Function 013C6C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 864 13c6c86-13c6ca5 call 14335f0 867 13c6cdf-13c6cef call 14335f0 864->867 868 13c6ca7-13c6caa 864->868 877 13c6cf5-13c6cfa 867->877 878 13c6da3-13c6db3 call 14335f0 867->878 869 13c6cb0-13c6cc5 868->869 870 13c6d43 868->870 872 13c6cca-13c6cdd call 13c706d 869->872 873 13c6cc7 869->873 874 13c6d45-13c6d49 870->874 872->874 873->872 877->870 880 13c6cfc-13c6d0b 877->880 886 13c6e3d-13c6e4d call 14335f0 878->886 887 13c6db9-13c6dbe 878->887 882 13c7066-13c7068 880->882 883 13c6d11-13c6d20 call 1425feb 880->883 882->874 883->870 891 13c6d22-13c6d3a call 1425ff6 883->891 896 13c6faf-13c6fbf call 14335f0 886->896 897 13c6e53-13c6e58 886->897 887->870 890 13c6dc0-13c6de0 call 1425feb 887->890 890->870 899 13c6de6-13c6def 890->899 902 13c6d3c-13c6d3d call 1425f15 891->902 903 13c6d4a-13c6d4d 891->903 896->870 911 13c6fc5-13c6fca 896->911 897->870 900 13c6e5e-13c6e7e call 1425feb 897->900 904 13c6e19-13c6e26 freerdp_device_collection_add 899->904 905 13c6df1-13c6dfc call 1433680 899->905 900->870 918 13c6e84-13c6e89 900->918 916 13c6d42 902->916 912 13c6d4f-13c6d60 call 1425ff6 903->912 913 13c6d73 903->913 904->882 914 13c6e2c-13c6e32 call 1425f15 904->914 923 13c6dfe-13c6e0f call 1425ff6 905->923 924 13c6e16 905->924 911->870 919 13c6fd0-13c6ff0 call 1425feb 911->919 915 13c6d75-13c6d82 freerdp_device_collection_add 912->915 935 13c6d62-13c6d6a call 1425f15 912->935 913->915 929 13c6e37-13c6e38 914->929 915->882 922 13c6d88-13c6da1 call 1425f15 * 3 915->922 916->870 925 13c6f5f-13c6f62 918->925 926 13c6e8f-13c6ea5 call 1425ff6 918->926 919->870 942 13c6ff6-13c6fff 919->942 922->870 923->904 946 13c6e11 923->946 924->904 933 13c6f65-13c6f78 freerdp_device_collection_add 925->933 926->902 947 13c6eab-13c6eae 926->947 936 13c6d6b-13c6d71 call 1425f15 929->936 933->882 941 13c6f7e-13c6faa call 1425f15 * 5 933->941 935->936 936->916 941->870 949 13c703d-13c704d freerdp_device_collection_add 942->949 950 13c7001-13c7017 call 1425ff6 942->950 946->902 947->925 954 13c6eb4-13c6eca call 1425ff6 947->954 949->882 952 13c704f-13c7061 call 1425f15 * 2 949->952 950->902 962 13c701d-13c7020 950->962 952->882 969 13c6ecc-13c6ed9 call 1425f15 954->969 970 13c6ede-13c6ee1 954->970 962->949 967 13c7022-13c7033 call 1425ff6 962->967 967->949 982 13c7035 967->982 969->929 970->925 974 13c6ee3-13c6ef9 call 1425ff6 970->974 985 13c6f18-13c6f1b 974->985 986 13c6efb-13c6f12 call 1425f15 * 2 974->986 982->949 985->933 989 13c6f1d-13c6f2e call 1425ff6 985->989 986->985 989->933 995 13c6f30-13c6f5a call 1425f15 * 4 989->995 995->870
                                            APIs
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,?), ref: 013C6D79
                                            • _strlen.LIBCMT ref: 013C6DF4
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6E1D
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C6F6F
                                            • freerdp_device_collection_add.GETSCREEN-156413884-X86(?,00000000), ref: 013C7044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_device_collection_add$_strlen
                                            • String ID: drive$parallel$printer$serial$smartcard
                                            • API String ID: 2230162058-807955808
                                            • Opcode ID: 1d85a621f1dde8e66923ce991a9316ea76b848ab9a048d32270712ec6bca43d1
                                            • Instruction ID: af469f7c7d7865033e1512754ab9a6ed36f447a73bb594dc56e28c7fd9e0ae65
                                            • Opcode Fuzzy Hash: 1d85a621f1dde8e66923ce991a9316ea76b848ab9a048d32270712ec6bca43d1
                                            • Instruction Fuzzy Hash: 95B1F2725042279FDF15AF19C851DADBBA1FF14718B15806EE9085F262EF32DD918F80
                                            Function 01350E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1004 1350e1f-1350e32 1005 1350e34-1350e3b 1004->1005 1006 1350e82-1350e8f call 1351585 1004->1006 1007 1350e4d-1350e59 call 13ce9a3 1005->1007 1008 1350e3d-1350e48 call 13ce717 1005->1008 1015 1350ee4-1350f8c call 14229c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1006->1015 1016 1350e91-1350e98 1006->1016 1019 1350fdf-1350fe2 1007->1019 1020 1350e5f-1350e7d 1007->1020 1008->1007 1030 1350ede 1015->1030 1034 1350f92-1350f99 1015->1034 1017 1350eaa-1350eb6 call 13ce9a3 1016->1017 1018 1350e9a-1350ea5 call 13ce717 1016->1018 1017->1030 1031 1350eb8-1350edb call 13ced82 1017->1031 1018->1017 1024 1350ee0-1350ee3 1019->1024 1025 1350fd7-1350fdc call 13ced82 1020->1025 1025->1019 1030->1024 1031->1030 1036 1350fab-1350fb7 call 13ce9a3 1034->1036 1037 1350f9b-1350fa6 call 13ce717 1034->1037 1036->1019 1043 1350fb9-1350fd1 1036->1043 1037->1036 1043->1025
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350F64
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350F79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                            • API String ID: 3168844106-1571615648
                                            • Opcode ID: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction ID: 5f0f12fb799cee8d87f7b1fe246568b1f5c8198efb26002170337a39528fea28
                                            • Opcode Fuzzy Hash: c263f24b2c53e90028cd35a2d7a0ea1e14cd739cde179c6af31967ded23967c1
                                            • Instruction Fuzzy Hash: 34419071A44306AEDB599FADDC46F9D77F4AB08B18F10402DFA18AB180D771A904CB94
                                            Function 013842E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1087 13842e5-13843dd call 1433680 call 13d010e CreateFileA GetFileSize call 1425f30 1097 13843e3-13843f4 ReadFile 1087->1097 1098 1384507-1384514 CloseHandle 1087->1098 1099 13843fa-13843fd 1097->1099 1100 1384500-1384506 call 1425f15 1097->1100 1099->1100 1101 1384403-1384408 1099->1101 1100->1098 1101->1100 1103 138440e-138448f SetFilePointer SetEndOfFile 1101->1103 1103->1100 1106 1384515-138451e 1103->1106 1107 138469c-13846b0 call 13d536b 1106->1107 1110 1384523-138452c call 1433680 1107->1110 1111 13847b3-13847d8 call 13ce9a3 1107->1111 1110->1107 1116 1384532-138454e call 138484b 1110->1116 1111->1100 1119 13847de-13847ed call 1425fd8 * 2 call 1433e39 1111->1119 1116->1107 1122 1384554-1384624 call 1384878 call 14335f0 call 1348b2e 1116->1122 1122->1100 1135 138462a-138463c call 1425f30 1122->1135 1135->1107 1135->1111
                                            APIs
                                            • _strlen.LIBCMT ref: 013842FA
                                            • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01384320
                                            • GetFileSize.KERNEL32(00000000,?), ref: 0138433A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreateSize_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 2645226956-2916857029
                                            • Opcode ID: 92eae0561b0ac4e27e759c61fcbf2e3e76975a4b6d37ddf0cb90400d6ddd0804
                                            • Instruction ID: 45aa4d3e0be2c9c29de822f64a3f4606144c2b4de684e5bb55edde4a13fb1e83
                                            • Opcode Fuzzy Hash: 92eae0561b0ac4e27e759c61fcbf2e3e76975a4b6d37ddf0cb90400d6ddd0804
                                            • Instruction Fuzzy Hash: 5E5184B1900316AEEF11ABB9EC45BBF7BBCEF15628F10412AF901E6950EB34D9008761
                                            Function 01350C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1138 1350c4d-1350c61 1139 1350cb1-1350cbf call 135155c 1138->1139 1140 1350c63-1350c6a 1138->1140 1149 1350d15-1350dc4 call 14229c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1139->1149 1150 1350cc1-1350cc8 1139->1150 1141 1350c7c-1350c88 call 13ce9a3 1140->1141 1142 1350c6c-1350c77 call 13ce717 1140->1142 1151 1350e17-1350e1a 1141->1151 1152 1350c8e-1350cac 1141->1152 1142->1141 1164 1350d0e 1149->1164 1169 1350dca-1350dd1 1149->1169 1154 1350cda-1350ce6 call 13ce9a3 1150->1154 1155 1350cca-1350cd5 call 13ce717 1150->1155 1156 1350d10-1350d14 1151->1156 1157 1350e0f-1350e14 call 13ced82 1152->1157 1154->1164 1165 1350ce8-1350d0b call 13ced82 1154->1165 1155->1154 1157->1151 1164->1156 1165->1164 1171 1350de3-1350def call 13ce9a3 1169->1171 1172 1350dd3-1350dde call 13ce717 1169->1172 1171->1151 1177 1350df1-1350e09 1171->1177 1172->1171 1177->1157
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 01350D92
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 01350DB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                            • API String ID: 3168844106-4217659166
                                            • Opcode ID: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction ID: 987e4c116d9f46f87f4a3b24b469bd4f017d95157e2228a3670d9e26348f9da1
                                            • Opcode Fuzzy Hash: 770383f4c10623cf0302077e7ee63462b10a1e4ff4c52926a7164807a0532aa2
                                            • Instruction Fuzzy Hash: 7D519271A40306AFEB69DF69DC85F9E7BE4EB04B18F14402DFA04AB290E775A900CB54
                                            Function 01455E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • avc444_ensure_buffer, xrefs: 01455F1F
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 01455F24
                                            • YUV buffer not initialized! check your decoder settings, xrefs: 01455F1A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                            • API String ID: 733272558-18228272
                                            • Opcode ID: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction ID: d44039bc7597f7f4584488b1f34008df8b41a5a3505abb317dad0748f8e3166c
                                            • Opcode Fuzzy Hash: 2552ef64f5708999e6a1880faa0fcce43492b3d2e84ebefa954ecf2053522bac
                                            • Instruction Fuzzy Hash: A941B672640306AFDB209F6ACC81A66BBE5FF64214F14483FEA86CF671D272E451CB40
                                            Function 01453B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,00000400,00000001), ref: 01453B87
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000401,00000000), ref: 01453BB7
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000404,?), ref: 01453BDB
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000402,00000000), ref: 01453BFA
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000014,?), ref: 01453C12
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,000006C1,?), ref: 01453C2B
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000403,?), ref: 01453C44
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000015,00000000), ref: 01453C60
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,00000013,?), ref: 01453C82
                                            • freerdp_target_net_addresses_free.GETSCREEN-156413884-X86(?), ref: 01453C93
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                            • String ID:
                                            • API String ID: 949014189-0
                                            • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction ID: 15cfdf968d52cf33472049923efd657471d542d8177c3115c5808c9df6fff7d1
                                            • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                            • Instruction Fuzzy Hash: 3041C271600716BBF7619E28CC44FAF7BA4BF04344F04402AFF06866A2E772E066C794
                                            Function 01401612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D5CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,01401701,00000001), ref: 013D5CF9
                                            • zgfx_context_new.GETSCREEN-156413884-X86(00000000), ref: 01401874
                                              • Part of subcall function 0145693A: zgfx_context_reset.GETSCREEN-156413884-X86(00000000,00000000,00000000,?,01401879,00000000), ref: 01456964
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                            • API String ID: 3732774510-3243565116
                                            • Opcode ID: d4b5a9ce66d107b28b7d2a688a23afbe46beb1c66fcd546d98d81bcbbe168b61
                                            • Instruction ID: 183b212b2b90db48f12a6ea765d9fa1e7f6a0cf356c20f0c0e82c84cda0a2046
                                            • Opcode Fuzzy Hash: d4b5a9ce66d107b28b7d2a688a23afbe46beb1c66fcd546d98d81bcbbe168b61
                                            • Instruction Fuzzy Hash: AA71A3756947026BE3259F2B9C41B5677E8FB25B68F10003EF609AB6D0EB74E9408B84
                                            Function 0138E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 013D6B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0138E59B,00000001,00006060,00000010), ref: 013D6B3E
                                            • GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0138E6DC
                                            • CreateThreadpool.KERNEL32(00000000), ref: 0138E6E2
                                            Strings
                                            • com.freerdp.codec.rfx, xrefs: 0138E530
                                            • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0138E605
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                            • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                            • API String ID: 3882483829-2530424157
                                            • Opcode ID: 4095d9286f4a2cfa153743af033db57fd843d2dc7a46c874d1c63afccb412d97
                                            • Instruction ID: cda3456878bfa4334dfcee4a7caf8f4a2847bb425a54e31f1175154bb03f9d94
                                            • Opcode Fuzzy Hash: 4095d9286f4a2cfa153743af033db57fd843d2dc7a46c874d1c63afccb412d97
                                            • Instruction Fuzzy Hash: 8F41E4B5A00706AFE724AF79DC85B96BBF8FF14608F00407EE5199A651EB30E948CB50
                                            Function 013CE889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8B2
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 013CE8D6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                            • API String ID: 1431749950-225596728
                                            • Opcode ID: 30a0faf9ba407e72bd6166b89b57821f44c11ba795d3492c45a34e3d49119c45
                                            • Instruction ID: 14d6c8906ed4902fe463f09e1a8613424af917d7514baa2971575b23a5938da8
                                            • Opcode Fuzzy Hash: 30a0faf9ba407e72bd6166b89b57821f44c11ba795d3492c45a34e3d49119c45
                                            • Instruction Fuzzy Hash: C721E53324426769F6A4626BAC4AEBB1E5CDB63D7C760003FE404AA0D0EE948C8187B1
                                            Function 01343971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 013548D9
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 0135498F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_set_last_error_ex
                                            • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                            • API String ID: 270715978-29603548
                                            • Opcode ID: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction ID: ada44c9c176bce61c4fd9bb10bf5bf2af172f1d35a04daa17dea898e328152eb
                                            • Opcode Fuzzy Hash: 00d6240365d66383a5c7128bac2e83dc5b36e3ef99481fd8afcbe14d4576203a
                                            • Instruction Fuzzy Hash: 4C210772A40305BAE7156A9DDC46FAB7BB8BB11E18F10015AFE086E1C1E6B19580CAA5
                                            Function 014558B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 014558FA
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(00000001,00000000,?,?,01455425,?,?,?,?,00000000,?), ref: 01455902
                                            • audio_format_compatible.GETSCREEN-156413884-X86(01455425,?,?,?,?,01455425,?,?,?,?,00000000,?), ref: 0145594D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string$audio_format_compatible
                                            • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                            • API String ID: 204136587-155179076
                                            • Opcode ID: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction ID: 851a32f3e0bc40a2144dd4275f7b3dfc78552c5240cb2faf05dd8eb5691b9314
                                            • Opcode Fuzzy Hash: b3f8905c2af711afcaf4e11092854b200e891dd242b975062a4dfa44ca26135b
                                            • Instruction Fuzzy Hash: EA2188A16843016BF7655E69AC42F7637AC9B11E28F10002FFA49EF1D1F569985043E9
                                            Function 013D4B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(secur32.dll,?,013D4AEC), ref: 013D4B18
                                            • LoadLibraryA.KERNEL32(security.dll,?,013D4AEC), ref: 013D4B28
                                            • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 013D4B42
                                            • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 013D4B51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                            • API String ID: 2574300362-4081094439
                                            • Opcode ID: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction ID: 6cd7259ed1d171f23321d36627a9014de113ac0aba885ec646b9e0f2bb13a950
                                            • Opcode Fuzzy Hash: 61087fce9a0d3c5d4c8caa409289f915cda06bf0e12139fbabb39180b798ecb5
                                            • Instruction Fuzzy Hash: 5AF0E9B3E0033267CB22EBBEBC0091A7EE8AB985543150257D840D7108F6B0C4128FA1
                                            Function 0136501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_read_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 0136502A
                                            • ber_read_length.GETSCREEN-156413884-X86(?,?), ref: 0136503F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_read_lengthber_read_universal_tag
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                            • API String ID: 3186670568-2454464461
                                            • Opcode ID: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction ID: e5fdac76fc3730e5ebc534f38cc4f3dfadfbe618c3a8de2cb82513b95d14be7e
                                            • Opcode Fuzzy Hash: f7eb1990a65198c648641aa3eb402a178f472351e05b911a5e2f21aadbdacc02
                                            • Instruction Fuzzy Hash: 3B4128B1B04312ABEF218F2DCC41B293BEDAB51659F04C179E5568B28DE774D600CB60
                                            Function 013A9C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,?), ref: 013A9C6E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_rects
                                            • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                            • API String ID: 844131241-2640574824
                                            • Opcode ID: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction ID: a64c203dab79ce0a4abd67865680c2fb9c44ffcc2eee55210e216c04a2f82af0
                                            • Opcode Fuzzy Hash: 2ddf1a06ca7304c4093d69c20ba3e59e1d5e973d7b369ad3dd00e60a2350c702
                                            • Instruction Fuzzy Hash: B931A47678030279F736566EEC43F6A76D8EB25F1DF10052DF904AD1C4FB95999083A0
                                            Function 01342BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C14
                                            • clearChannelError.GETSCREEN-156413884-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 01342C1B
                                              • Part of subcall function 013426E1: ResetEvent.KERNEL32(?), ref: 0134270A
                                              • Part of subcall function 01358142: ResetEvent.KERNEL32(?,?,01342C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 0135814E
                                            Strings
                                            • freerdp, xrefs: 01343062
                                            • freerdp_connect, xrefs: 01342C01
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342BFC
                                            • ConnectionResult, xrefs: 01343077
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                            • API String ID: 3632380314-3564821047
                                            • Opcode ID: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction ID: 7eff56f78b8bfe3baab6e801ccf08da336fa98a28459ace08b5ddc8dd88d8607
                                            • Opcode Fuzzy Hash: d6524b9dc8e86127eb528be45aeaa75b93aa648565b8030d08abbfaa31b2dd7b
                                            • Instruction Fuzzy Hash: 0231A470600206AFEB10DF7DD884FAABBE4FF18758F240179E909EB261DB71A954CB50
                                            Function 013653FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365415
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000001,?,00000002,00000000), ref: 0136541D
                                            • ber_write_universal_tag.GETSCREEN-156413884-X86(?,00000002,00000000), ref: 01365440
                                            • ber_write_length.GETSCREEN-156413884-X86(?,00000002,?,00000002,00000000), ref: 01365448
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ber_write_lengthber_write_universal_tag
                                            • String ID:
                                            • API String ID: 1889070510-0
                                            • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction ID: 2bf31fd318fd4ed50356b849d95cb755770fe2c8729f65a2d77a492ed6a7eb98
                                            • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                            • Instruction Fuzzy Hash: 5A210A30201744EFDB135B08CD41B5A77ADEF21B45F05C4A9FA8B6FA86C261AE01CBA1
                                            Function 0136CB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB79
                                            • brush_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB86
                                            • pointer_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CB94
                                            • bitmap_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBA2
                                            • offscreen_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBB0
                                            • palette_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBBE
                                            • nine_grid_cache_new.GETSCREEN-156413884-X86(?), ref: 0136CBCC
                                            • cache_free.GETSCREEN-156413884-X86(00000000), ref: 0136CBDE
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                            • String ID:
                                            • API String ID: 2332728789-0
                                            • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction ID: d185b866ff33126594a6f4853e9e7592bde1fcd2126b7e484436ac6d4a898b50
                                            • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                            • Instruction Fuzzy Hash: E1018436248B075AF7246B7DA850D3F7BEC8F52978714943ED5C0D7988EF24E001AA71
                                            Function 0138EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_init.GETSCREEN-156413884-X86(?), ref: 0138F58A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_init
                                            • String ID:
                                            • API String ID: 4140821900-0
                                            • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction ID: 264eb4e0bc3d73e58ac888e216b6bfd6b9dd9e59fcff56fba44a4aff49372d38
                                            • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                            • Instruction Fuzzy Hash: C0516F72D0021A9BDF18DFA9C884AEEBBF9FF48308F14452AF519E7244E7359945CB60
                                            Function 0138AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CreateCompatibleDC.GETSCREEN-156413884-X86(?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?,?,?,?,?,0138A899), ref: 0138AAE7
                                            • gdi_CreateCompatibleBitmap.GETSCREEN-156413884-X86(?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB0E
                                            • gdi_CreateBitmapEx.GETSCREEN-156413884-X86(?,?,?,?,?,?,00000000,?,?,?,0138A9C7,00000000,?,?,?,?), ref: 0138AB2A
                                            • gdi_SelectObject.GETSCREEN-156413884-X86(?,?), ref: 0138AB60
                                            • gdi_CreateRectRgn.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000), ref: 0138ABA5
                                            • gdi_DeleteObject.GETSCREEN-156413884-X86(?), ref: 0138AC39
                                            • gdi_DeleteDC.GETSCREEN-156413884-X86(?), ref: 0138AC48
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                            • String ID:
                                            • API String ID: 412453062-0
                                            • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction ID: 0fb9888efb7931af809adae1a062039f67dc79181bf685930612d9e38b17da90
                                            • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                            • Instruction Fuzzy Hash: 7E5103752007059FDB25DF69C884EA6BBE1FF1C314B0549AEE98A8BB61E771E841CF40
                                            Function 013DEA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?), ref: 013DEABD
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEAE7
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB14
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,013D6939,?,?,?,?,013D6A0A,?,?,00000000), ref: 013DEB37
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                            • API String ID: 1431749950-2760771567
                                            • Opcode ID: 7aa461c741cff9877d3aeaec5684d6d203e4d98c1890834101ed4f4f1d73fdc8
                                            • Instruction ID: 5e3dba4c0725a2be43c9c9f05425b76a93ab3884538e9cec03990b78d6a41c60
                                            • Opcode Fuzzy Hash: 7aa461c741cff9877d3aeaec5684d6d203e4d98c1890834101ed4f4f1d73fdc8
                                            • Instruction Fuzzy Hash: B931D677908722BFDB256BAAB849D6E7F68FB5156C310003DE5019F610DB30A814C7B1
                                            Function 00DC8EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8F0A
                                            • GetLastError.KERNEL32 ref: 00DC8F38
                                            • TlsGetValue.KERNEL32 ref: 00DC8F46
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8F4F
                                            • RtlAcquireSRWLockExclusive.NTDLL(01601284), ref: 00DC8F61
                                            • RtlReleaseSRWLockExclusive.NTDLL(01601284), ref: 00DC8F73
                                            • TlsSetValue.KERNEL32(00000000,?,?,00000000,00DAB080), ref: 00DC8FB5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                            • String ID:
                                            • API String ID: 389898287-0
                                            • Opcode ID: 468c8ffe5dde079aef6852a1c11c351282caeb972d4949d713e9c97e67be19fb
                                            • Instruction ID: 249735312486a94351990552ad44d75c1e1b0c4a0b7581e90a44cdefec978509
                                            • Opcode Fuzzy Hash: 468c8ffe5dde079aef6852a1c11c351282caeb972d4949d713e9c97e67be19fb
                                            • Instruction Fuzzy Hash: E221F2B06002169FDB216FA5EC08FAF3B65BF06704F49402DF805C7264DB7198549BB2
                                            Function 013DF61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(00000002,00000002,00000011), ref: 013DF673
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF68A
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,013D6921,?,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013DF6AB
                                            • closesocket.WS2_32(?), ref: 013DF6E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$closesocketsocket
                                            • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                            • API String ID: 65193492-3368084233
                                            • Opcode ID: 3b3d5a7db7418f1cfdc6c10729a68d71414a5f06b4f08c6801ac28e4de4639a0
                                            • Instruction ID: 37441cab6b8bb7b8aec0e610bef0a0d95f6e128e879c3f5d7d82f63709224333
                                            • Opcode Fuzzy Hash: 3b3d5a7db7418f1cfdc6c10729a68d71414a5f06b4f08c6801ac28e4de4639a0
                                            • Instruction Fuzzy Hash: CC21DE33144B12ABE3345B7AAC89A167FA8FF4072CB50041EF2439A9B0DBB0A4468B41
                                            Function 013E001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(winsta.dll,?,013D78D9,01687120), ref: 013E0023
                                            • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 013E003C
                                            • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 013E0052
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                            • API String ID: 2238633743-2382846951
                                            • Opcode ID: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction ID: ef5d444c0e560ba448fc8b36d8399bafb4abc3c66a94cdd69eaa126e5b218283
                                            • Opcode Fuzzy Hash: b38d9ca14faa8f02fb9737c493adf88fe218441bffcf4e458a886f157b1d351b
                                            • Instruction Fuzzy Hash: F90129B47113558FDB1C9FB19C0DA623FE4BB0435CF0940B9F449DB2A6DAB084599F14
                                            Function 0136CB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            • glyph_cache_free.GETSCREEN-156413884-X86(?), ref: 0136CB1E
                                            • brush_cache_free.GETSCREEN-156413884-X86(?,?), ref: 0136CB26
                                            • pointer_cache_free.GETSCREEN-156413884-X86(?,?,?), ref: 0136CB2E
                                            • bitmap_cache_free.GETSCREEN-156413884-X86(?,?,?,?), ref: 0136CB36
                                            • offscreen_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 0136CB3E
                                            • palette_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?), ref: 0136CB46
                                            • nine_grid_cache_free.GETSCREEN-156413884-X86(?,?,?,?,?,?,?), ref: 0136CB4E
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                            • String ID:
                                            • API String ID: 637575458-0
                                            • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction ID: 8e9aba3c9f4f97ecbbef73598ee1a11f665ce30e1cafe14076421dff4adf04fc
                                            • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                            • Instruction Fuzzy Hash: ECE09230001A17ABCA323F69CC01C4ABFAEAF31658300C428E48662479CB22BC60AF90
                                            Function 013ADFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 013AE040
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE04F
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 013AE062
                                            • gdi_RgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?), ref: 013AE0A3
                                            • gdi_CRgnToRect.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?), ref: 013AE0C8
                                            • gdi_RectToCRgn.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 013AE147
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-0
                                            • Opcode ID: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction ID: fbbd1590eca75635813602885ed1f0f4b3aea22f144ecc163ffdc90e97a0d727
                                            • Opcode Fuzzy Hash: eaf6629cfc2b6415bd4b97291048fc798064c4e7c51ee03da4e653324bcdde7a
                                            • Instruction Fuzzy Hash: 8351C076E0122EEFCF14CF99C8808EEBBB9FF48714B54402AE515A7250D775AA51CFA0
                                            Function 01381D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_set_uint32.GETSCREEN-156413884-X86(?,000007C0,?), ref: 01381DA2
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000001), ref: 01381DCC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381DE8
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381DFC
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C8,00000000), ref: 01381E19
                                            • freerdp_settings_set_bool.GETSCREEN-156413884-X86(?,000007C9,00000000), ref: 01381E2D
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                            • String ID:
                                            • API String ID: 4272850885-0
                                            • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction ID: 500943f86ac32f97420b61c336ef68b5b1ffec6c49e91746df5be320985c6a68
                                            • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                            • Instruction Fuzzy Hash: 2F118E62B853067DF9603A6C5C82F7B36AC4BB295CF440025FF0CA51C4E995B20684A6
                                            Function 013A8AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 013A8C2B
                                            Strings
                                            • freerdp_image_copy_from_icon_data, xrefs: 013A8DBA
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A8DBF
                                            • com.freerdp.color, xrefs: 013A8D98
                                            • 1bpp and 4bpp icons are not supported, xrefs: 013A8DB5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                            • API String ID: 1523062921-332027372
                                            • Opcode ID: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction ID: b3c80ff7611f479b94a534a5c03df8c4fc709099846a6a53c6b527a17d53725c
                                            • Opcode Fuzzy Hash: 40be7c320960284c345f78e150b83947c6cca5202b9c5e23edab9a4896f72dc6
                                            • Instruction Fuzzy Hash: 2A51D9B260021DAADF249F19CC51BFE7BA8EF14208F4481ADFE14A6190D7708A85CFA4
                                            Function 013C8423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: kbd-lang-list$kbd-list$monitor-list
                                            • API String ID: 0-1393584692
                                            • Opcode ID: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction ID: 1815499a2fcad54aa70fa22f353ad94e7bed8959eae0eba790e154755f7717ec
                                            • Opcode Fuzzy Hash: 757fdf881314848a87beb3ea7093365400078efaeea04be610015536c1ba1ead
                                            • Instruction Fuzzy Hash: DB31E732A012299ADB20DB69DD45DCAB7A8AB15728F0401AAF908A71D1D770DE40CBD0
                                            Function 01399962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01399AFA
                                            • interleaved_compress, xrefs: 01399AF5
                                            • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01399AF0
                                            • com.freerdp.codec, xrefs: 01399AD0
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                            • API String ID: 0-4054760794
                                            • Opcode ID: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction ID: 622174f53f7a1bf29e55418faad0b0ab36f820957b93108b3dd8206b473540d5
                                            • Opcode Fuzzy Hash: 81e433296e777cfef282792c8be778f69406a1499e1c6fa5ba43861b9faa9692
                                            • Instruction Fuzzy Hash: 0F214C72200206BBFF255E5EDC46FAB3F59EB1465CF08422CFA055A190E67AEC60CB51
                                            Function 013CE492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                            • API String ID: 689400697-743139187
                                            • Opcode ID: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction ID: 2c42d4f0d5645ebb6af76c5dd663b66885aba2be9207ea8aa57bbe426507fe40
                                            • Opcode Fuzzy Hash: e1cbff6d839d21de6cc9fc9464e9d59cd32ee17b53fec0df138f299a7032f058
                                            • Instruction Fuzzy Hash: 3421ABB3240245BFEF225E5AEC02E9B3F69FB65B55F040158FA04690E0C562DD70DBA1
                                            Function 013CE489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3DA3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                            • API String ID: 689400697-1744466472
                                            • Opcode ID: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction ID: 02a62b35606ec655c006856512e6257c57f8e9fdb5df97027751ab6aab914b75
                                            • Opcode Fuzzy Hash: c10ec3239cd8be91fadd556b33ab4aa4148ddea7aba1b43e7204cade7bf0e074
                                            • Instruction Fuzzy Hash: DF21C6B7240205BFEF225E9AFC02DAB3F69FB99B14F000158FA04690E0C662CD61D7A1
                                            Function 013511D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 013511FA
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01351248
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelDetached$freerdp
                                            • API String ID: 3987305115-436519898
                                            • Opcode ID: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction ID: d74e0c556aaaf0c316e4534870d09e625b3ec817d441928eb4b5215d5a96b2be
                                            • Opcode Fuzzy Hash: e5da5afcb11229ffd55addac5aa39233d239710befcc6417728dbe797d53582c
                                            • Instruction Fuzzy Hash: 322130B1A00209AFDB55DF98C884F9EBBF9FF18744F104469E944EB251D770AA50DF90
                                            Function 01350B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 01350B64
                                            • getChannelError.GETSCREEN-156413884-X86(?), ref: 01350BB2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ChannelError_strlen
                                            • String ID: ($ChannelAttached$freerdp
                                            • API String ID: 3987305115-2646891115
                                            • Opcode ID: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction ID: 771fab76d09c638d0fafe160a4b56140bf73a164e229b2e216136ccc17d0ef7d
                                            • Opcode Fuzzy Hash: 9b354d12b1cead74380356166822cb8b7bdf92837ebf29fd37fb6379deee0e35
                                            • Instruction Fuzzy Hash: 66213271A0020AEFDF15DF98C884FAEBBF5FF08748F104469F948AB251D771AA509B90
                                            Function 013CE413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3227
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                            • API String ID: 689400697-2657764935
                                            • Opcode ID: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction ID: 282d89c9de534930e6f6239bc300c3d2673591249330c5178d8a5b5a73ec5e6d
                                            • Opcode Fuzzy Hash: 49a2dfa67b84ba5eb6ffb274b05ecc83ef5e6956aa5e358cb0636f838f5630ea
                                            • Instruction Fuzzy Hash: A211B7B36442057FEF215E5AEC06EAB3F69FBA9B18F100158FA14690D0D562CD20D7B1
                                            Function 013CE40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D32F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                            • API String ID: 689400697-1172745827
                                            • Opcode ID: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction ID: b07c76d0c7175639f0e1f62923067537993acd32edee6e0c8b12638249cc3299
                                            • Opcode Fuzzy Hash: c58ee97127f2e3d8817b17cc116658a5254ff6803793cd176b8d8829493fc4ef
                                            • Instruction Fuzzy Hash: 3E11E4B32442057BEF215E5AEC06EAB3F69FB95B24F000058FA00691E0CE62CD20D7B1
                                            Function 013CE401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D384E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                            • API String ID: 689400697-2008077614
                                            • Opcode ID: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction ID: 9e941cc5d00f9adcef50f667d2f731b1906a0073b9186e24004e2fd4be0a9a07
                                            • Opcode Fuzzy Hash: db06dbab9f90e96143ecccf6f1a47b47bba17eb9d692f699e66a16c4ace091e1
                                            • Instruction Fuzzy Hash: 9211DAB72402057BEF215E5AEC07EAB3FA9FB95B14F100168FA00A91E0D561CD31D7B1
                                            Function 013CE476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3548
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                            • API String ID: 689400697-3257054040
                                            • Opcode ID: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction ID: f0d00a5465505872dd19ff335fa6ece98be48e75ef17b7f81c317385ea879d2f
                                            • Opcode Fuzzy Hash: ce2a3a203d42b1feddf096c6caa6f17f7e934feb6261a46dd89a834de8412e8a
                                            • Instruction Fuzzy Hash: 3F11ABB73402057AEB315A5ABC07F5B3E5DF791A54F104158FA009E1D0D961DD20D7B5
                                            Function 013CE46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D360B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                            • API String ID: 689400697-848437295
                                            • Opcode ID: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction ID: 934c7c00e9e6fe622a30c314a18c899b2efb568d73a26c412f954f097b23fdd9
                                            • Opcode Fuzzy Hash: 5b48936b4c1ed201abfbbe6ff6502461bfcd5acbbc1b288d1e01eda6dd2c828e
                                            • Instruction Fuzzy Hash: 031127B73803057AEB215A5ABC47E6B3F6CFB92A29F100158FA00AD1D0C961CD20C7B5
                                            Function 013CE452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D33CB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                            • API String ID: 689400697-3640258815
                                            • Opcode ID: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction ID: 8ac8f6ae221fdc01d91dfe8b03cd829dd7519ccc951b10d66da4b4a34ab493c0
                                            • Opcode Fuzzy Hash: 188df801cd4bc532fdc0e66e0185b7c5a03b343d7f8dfc78cf2f21deacc09cce
                                            • Instruction Fuzzy Hash: D111EBB73803057AEB311A5AFC07E6B3E6CFB92B14F404058FA00AE1D0D9658D20C7B1
                                            Function 013CE49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4481
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                            • API String ID: 689400697-3834539683
                                            • Opcode ID: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction ID: 1830fe0f1d2f575a12795db60fddef7d7b4089932d18b096a6163c3876376eab
                                            • Opcode Fuzzy Hash: 7ad81111b2b59309b9850cff368118ba4ab7e5e1dbd5d2c48a4b8e8869210057
                                            • Instruction Fuzzy Hash: F81127773802057EEB301A5ABC03E6B3F6DEB92B14F100068FA00AD9D1D9A1CE60C7B0
                                            Function 013CE4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4544
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                            • API String ID: 689400697-1495805676
                                            • Opcode ID: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction ID: 2da07699e9fca94e2e4646fb7538e5aa12c535265ad99812fc74418e7426048f
                                            • Opcode Fuzzy Hash: d982fa6ffd11e2ace3e18a4284a888ea58318228fdb70bb9b5e3be159fb4f3be
                                            • Instruction Fuzzy Hash: 5A11C8773802057AEB21595ABC07E5B3E9DF7A1A14F400068FA00999D1D561D920C7B4
                                            Function 013CE4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D40BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                            • API String ID: 689400697-247170817
                                            • Opcode ID: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction ID: 138e0b15d04b24f97d727f8a400d6340cae0761711245f7a4efb9eff360a8fc8
                                            • Opcode Fuzzy Hash: 3b609f130aa6fc9a85a97389f795859a49fdd63bb69404b595e24eeea225293e
                                            • Instruction Fuzzy Hash: 8E11C4773802057BEB212A6ABC07E6B3E6CFBA2A19F00415CFA00AD5D1D561CE20C7B0
                                            Function 013CE4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D417E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                            • API String ID: 689400697-1164902870
                                            • Opcode ID: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction ID: 86d7679b8c2d4cebac55deb217671f0c24208ed6fc226e9e1db3c3fea8a47bbe
                                            • Opcode Fuzzy Hash: da1be72cf3c6258635b86b5a589e0c2cb7bb15c489f8616a57f8f7bda16283e2
                                            • Instruction Fuzzy Hash: B911AB773443157BEB316A6ABC07E5B3E6CF7A5A19F00006CFA009D5D1D961CA60C7B0
                                            Function 013A1A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • ncrush_context_reset.GETSCREEN-156413884-X86(00000000,00000000), ref: 013A1B36
                                            Strings
                                            • ncrush_context_new, xrefs: 013A1B14
                                            • com.freerdp.codec, xrefs: 013A1AF1
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 013A1B19
                                            • ncrush_context_new: failed to initialize tables, xrefs: 013A1B0F
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ncrush_context_reset
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                            • API String ID: 2838332675-904927664
                                            • Opcode ID: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction ID: acdae00c4c4af0aa5d44c0fc365b57227a9cb1eaf0c9e9d659c43378311e05bb
                                            • Opcode Fuzzy Hash: 46122b92830a510d01b80b0533af44d4b9c62e9a7f81eb74cc2dba98015d2987
                                            • Instruction Fuzzy Hash: 7E1108B23407033AF315AB5AEC41FD6B798EB60758F40412DF5149A684EBB2A95087A0
                                            Function 013CE4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D36CE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                            • API String ID: 689400697-3413647607
                                            • Opcode ID: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction ID: be9317a4fa6a4fd30fbe1a4eceb7135781ba5d6163dc15acafd64b53f4665913
                                            • Opcode Fuzzy Hash: a905fb64034f181957cdc16189c35d25c9e91a8d9b06f0882849a93f1e3d673e
                                            • Instruction Fuzzy Hash: B71194F73803517AEA21565ABC47E6B3E9CFBA2B55F100058FA10AD1D0D9A18D20C7B2
                                            Function 013CE4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D378E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                            • API String ID: 689400697-3754301720
                                            • Opcode ID: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction ID: b76558983257192ccb242193deb46cc20f04a42be3075b5623646df381f4d280
                                            • Opcode Fuzzy Hash: 4eb73859d910a7f53d6b0995a6c74af50e8967850e726db2a8e465aaaac4898e
                                            • Instruction Fuzzy Hash: 4C11A7F73803057AEB21565ABC47E6B3F9CF7A2A55F100068FA149D1D0D961CD60C7B1
                                            Function 013CE4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3E7E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                            • API String ID: 689400697-2578917824
                                            • Opcode ID: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction ID: 0078f9ef0b7ec19db0589fb002ad5f6533fbb1aac3269719063c3981ddea06d0
                                            • Opcode Fuzzy Hash: 49d531bb5034938a8eb6b34b03b0626af6f46899f283067b8b40c9fe62b4505c
                                            • Instruction Fuzzy Hash: 3711E7B73842057BEB31565ABC07E6B3E6CFBA6E29F00015CF614AD1D0D5628E20C3B1
                                            Function 013CE4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3F3E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                            • API String ID: 689400697-3211427146
                                            • Opcode ID: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction ID: f3b887a9a1cf89e638e70d282a7d7431d6d83c394f2a690b8e0b30af2c1a27bc
                                            • Opcode Fuzzy Hash: b3d9fc8e3c9e25958a525ae6d797c31ada554a2b38247950e8c98fa37260d3c8
                                            • Instruction Fuzzy Hash: 111198B73443157BEB21265ABC06E6B3E6DF795E15F10419CF600AD1D1D961CE20C7B1
                                            Function 013A954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_image_copy.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 013A95B5
                                            Strings
                                            • SmartScaling requested but compiled without libcairo support!, xrefs: 013A95E6
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 013A95F0
                                            • com.freerdp.color, xrefs: 013A95C8
                                            • freerdp_image_scale, xrefs: 013A95EB
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_image_copy
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                            • API String ID: 1523062921-212429655
                                            • Opcode ID: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction ID: fe8980f493cb094a6de82cd79eecaa96a22aac27f89beb73841ae6e49b5bb5f1
                                            • Opcode Fuzzy Hash: 75e5285561d9e3b03ebe7213e74df9ec3dd825fd4c6eea271bfbbd062536872c
                                            • Instruction Fuzzy Hash: 9521B17224020EBBEF169E58DD13FED3BA9EB14718F448119FD04AA190E371E920DB80
                                            Function 013CE425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D39DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                            • API String ID: 689400697-1972714555
                                            • Opcode ID: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction ID: f4c8a5057fbc380b01701830371402cbbaa5d9bd0bb3f61a8671b1f102c7a90b
                                            • Opcode Fuzzy Hash: d58f5fc1ca3e460a3a86c8a07d91693b0588921af4b9599c94944ec694917da4
                                            • Instruction Fuzzy Hash: D111CAB77802117AFA21565BBC07E6B3E5DFB92E54F100168F6049E1D0D9518D10C7B2
                                            Function 013CE41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3920
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                            • API String ID: 689400697-2845897268
                                            • Opcode ID: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction ID: be0fa33b64ca1f8875b244285ef539c84b11eac729c5261c7dbdc367e11c3ffe
                                            • Opcode Fuzzy Hash: 531ef2cbec86bb9610b45cf75248d7bec255b8ba726d2d8e05b3cb2a8e5fdb3b
                                            • Instruction Fuzzy Hash: 4C1177B73842157AEB21155ABC07F6B3E9CF792A54F10016CF5009E5D0D9618D60D7B5
                                            Function 013CE449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2F33
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                            • API String ID: 689400697-255015424
                                            • Opcode ID: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction ID: d5a3ebd68911a535aeeb0b7c2a34c046f59ea55eb9a4be41106c9a425836e38f
                                            • Opcode Fuzzy Hash: 72b284d7b0ce409298af573432b2d5e884249a8cf4aeb8ccb8f8f929601464a2
                                            • Instruction Fuzzy Hash: 8B11E3B73843053EEA20666BBC07E6B3E5CEBA6E24F0000A8FA04AE4D0D9518D10C3B0
                                            Function 013CE440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D2FF0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                            • API String ID: 689400697-1149382491
                                            • Opcode ID: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction ID: c147acf2263b6c7537b668f898509ddb737586bd95fa448640316aa73ad04942
                                            • Opcode Fuzzy Hash: 1d191ee0394552686ad49f316d582559165262f83e7b2bc0165d6c417452a5fd
                                            • Instruction Fuzzy Hash: 711191B73842157AE730562ABC06E6B3E5CFBA2A68F000068FA05AD5D0D9518D50C3B1
                                            Function 013CE4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D30AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                            • API String ID: 689400697-2261828479
                                            • Opcode ID: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction ID: e193f44991604b807c5770e0623a6486ba0efc542a8da411534963c15fbc7f6e
                                            • Opcode Fuzzy Hash: 7d2de91750c15eba8d67c91d115c2bc08b00ebc1110818c1eeca4c86b22d8cfe
                                            • Instruction Fuzzy Hash: 2D11CAB73843157AEA30662BBC07E6B3E6CF7A6E18F100168F6149E1D0D991CD50C3B1
                                            Function 013CE4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D316A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                            • API String ID: 689400697-3351603741
                                            • Opcode ID: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction ID: c929f952f091c9d3abf8b48691903ed613fc7f3a6540702611c4cd8645ae5fdf
                                            • Opcode Fuzzy Hash: 57a0a6f89d5aaea1fbd1c13a93c0c5a48c2e54996b86da3738783ffe5b0abf6a
                                            • Instruction Fuzzy Hash: 3B11CAB73842057AEA31665ABC07E6B3E6CF7A6B14F000168FA109E1D1D591DD21C7B5
                                            Function 013CE4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3FFE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                            • API String ID: 689400697-2156878011
                                            • Opcode ID: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction ID: 4dc28cbed8cbd1e76ca147199481ec4a28713421ef12abbb7c069bfe4c1f2875
                                            • Opcode Fuzzy Hash: 6b3d9ff516f437b3cb96d3a1945caa2a794013898339c1ab73f620e8964a247c
                                            • Instruction Fuzzy Hash: 0E11A3B73843057BE631266ABC07E6B3E6CEB92A18F10416CF604AE5D1D9A18910C3B0
                                            Function 013CE510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D348E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                            • API String ID: 689400697-3116451197
                                            • Opcode ID: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction ID: 729eb5e262a689ee81060c5dd95a339eecc5005e3bdf4a177380a16ee1ab0981
                                            • Opcode Fuzzy Hash: 94f00cd9b66d19f89f3f37de80a05f2bceb191ac7b107281457e39ce7ab2d739
                                            • Instruction Fuzzy Hash: B011C6BB3843117AEA31156ABC07E2B3E6CF792A54F104168F600AE1D0D955CD50C3B5
                                            Function 013CE507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3A9A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                            • API String ID: 689400697-4185332897
                                            • Opcode ID: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction ID: c178f4a39daeeffa0d6e6a84d3807c62299036f1de2a17239aca9061ca3cdec6
                                            • Opcode Fuzzy Hash: ab27c3d9a15e5ffa50c9c22c6bcf156b3309880d3ae4a120b8a5458c077b5aec
                                            • Instruction Fuzzy Hash: CF11A0B77803157AE631565BBC07E6B3E9CFBA2A18F10016CFA04AE1D0D9918D1087B2
                                            Function 013CE464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3C0E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                            • API String ID: 689400697-4242683877
                                            • Opcode ID: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction ID: 23800e62f724abafc8b409ea4c20ab94c05c7d83a8beed787f1719943e4f0d0f
                                            • Opcode Fuzzy Hash: c38f4e3af150f9df58f3dace3bcedc20cf62444b230e15621680c1a32b88d818
                                            • Instruction Fuzzy Hash: 921186F73802117AEA21265BBC47E6B3E5CF7A2A54F100168FA009E5E1D991CE51C3B5
                                            Function 013CE45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D3B54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                            • API String ID: 689400697-1791514552
                                            • Opcode ID: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction ID: 9ad6c95ddfabacc7665aea0fa9ada8186571716aa21c0d6eca89923629443ef4
                                            • Opcode Fuzzy Hash: 6d39870c42f5862d761c2874c82996492fe83a9aed2266e3b69fcaf80d13045a
                                            • Instruction Fuzzy Hash: 5C11A5B73843117AEA21159BBC07E6B3E9CF7A2F59F1001A8FA00AE5D0D9A1CD10C7B5
                                            Function 013CE4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(016870C8,013D4AA1,00000000,00000000), ref: 013D4241
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Once$ExecuteInit
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                            • API String ID: 689400697-954186549
                                            • Opcode ID: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction ID: a7fe0d85e8b21110b056b3b14284ee82adcf29955d6a88fdd52ba1ee4e5ceb04
                                            • Opcode Fuzzy Hash: 04960eaaa8ff797b26bb37c422c12b8826247eef07f99a4d7955b4ef56a33a43
                                            • Instruction Fuzzy Hash: BE11C6773802057AF621255BBC07E6B3E5CE7A2E55F100069FA00AE9D1D9A18E50C7B4
                                            Function 014565C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 014565CB
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 01456633
                                            • yuv_process_work_callback, xrefs: 0145662E
                                            • com.freerdp.codec, xrefs: 0145660B
                                            • error when decoding lines, xrefs: 01456629
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: primitives_get
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                            • API String ID: 2017034601-2620645302
                                            • Opcode ID: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction ID: f5ae369ee5c2942e50893042ea44bf7d40f63702763722015f39cdff8a0a4e8b
                                            • Opcode Fuzzy Hash: ee253e7c6e49cb754ef5225202cf8fdf046f6b794178200947426fa71894651c
                                            • Instruction Fuzzy Hash: 0C0184B1640306AFDB159F59DC41E9A7BACFF04718F00415EF9089B241E671E9508BA4
                                            Function 01451D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %zd;NAME=%s%zd;PASS=%s
                                            • API String ID: 4218353326-3114484625
                                            • Opcode ID: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction ID: 3e749f08cb06d938524569cb4386494e0ad9bdf064c4512bd2e38717b923d40e
                                            • Opcode Fuzzy Hash: 1353a69dea9303121bc4d69ce240e138b24f7955fa33bf573065ef7cfd8406e2
                                            • Instruction Fuzzy Hash: 5A015B71A00208BFDF54AFA4C881B9D7BA4EB18204F00886EEE059A322E2799654DB40
                                            Function 013A9EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9F06
                                            • region16_extents.GETSCREEN-156413884-X86(?,?), ref: 013A9F12
                                            • region16_n_rects.GETSCREEN-156413884-X86(?,?,?), ref: 013A9F1D
                                            • region16_n_rects.GETSCREEN-156413884-X86(?), ref: 013A9F7D
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: region16_extentsregion16_n_rects
                                            • String ID:
                                            • API String ID: 2062899502-0
                                            • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction ID: aba05ed040633ab9c2a85beb471273d6576c67906f60491e7d764fc8eb9e5ca7
                                            • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                            • Instruction Fuzzy Hash: 84512976D0022AAFCB14DF99C8409AEF7F5FF18754B55816AE859E7350E334AE40CBA0
                                            Function 0145408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strncpy
                                            • String ID:
                                            • API String ID: 2961919466-0
                                            • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction ID: 9bc75039f6a7905dcf9943e88435edab747272ca8948c5b6d09a72d323632bb0
                                            • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                            • Instruction Fuzzy Hash: B5119AB5400707AED7315E55D844B93FBBCEF28204F14491FD999C7661F331A558C7A1
                                            Function 00DC8E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InitOnceExecuteOnce.KERNELBASE(01601278,00DC8C90,00DC8EC0,00000000), ref: 00DC8E6A
                                            • GetLastError.KERNEL32 ref: 00DC8E7F
                                            • TlsGetValue.KERNEL32 ref: 00DC8E8D
                                            • SetLastError.KERNEL32(00000000), ref: 00DC8E96
                                            • TlsAlloc.KERNEL32 ref: 00DC8EC3
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLastOnce$AllocExecuteInitValue
                                            • String ID:
                                            • API String ID: 2822033501-0
                                            • Opcode ID: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction ID: c6d8dce2ba7c17218e9a3e6543bd31135eeb7542f8117c423804dd858714fb0b
                                            • Opcode Fuzzy Hash: 77e85a932824561ae53b98d04933680af82f9efdb98385385be7ac7656b6c461
                                            • Instruction Fuzzy Hash: 480126756002099FCF209FB5EC08F6B7BBCFB09714B44412AF815D3264EB3198548BA1
                                            Function 00DAA790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                            • API String ID: 4218353326-3992632484
                                            • Opcode ID: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction ID: 293f2463c3dfe0f764a2504d82ed4a12d0b5830eeb0b9dd1b696862e9e74fb6f
                                            • Opcode Fuzzy Hash: 2b2b32c2bcf4b7a09335c5e44fb2bcc129dd29c028318ace998dffcd15faaef6
                                            • Instruction Fuzzy Hash: A4414672F0031616EB205A698C41FBE7329FFE6344F58432DED45A7281FB788E45C2A2
                                            Function 014549E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_print.GETSCREEN-156413884-X86(?,?,?), ref: 01454A72
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_print
                                            • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                            • API String ID: 2744001552-3527835062
                                            • Opcode ID: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction ID: 562aebc54ae76dbb7b8593e4fcfa839605d457ae74abeb7991d28baa08d000ae
                                            • Opcode Fuzzy Hash: 9e50a983f28802822de6cc2f1952e7be44b5e7f453c24a5d913f975d35fb4f35
                                            • Instruction Fuzzy Hash: 8411D67264031637DB61AE1A5C46FAF2F5CAF71E64F48001EFD046B192F6B5DA4083E9
                                            Function 013C783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: audin$rdpsnd
                                            • API String ID: 0-930729200
                                            • Opcode ID: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction ID: 4c9795d63d76e3a78d7f186cc70a2ab4e1e21a1a7ebe166579e6f13d78f6174c
                                            • Opcode Fuzzy Hash: 7e02acba51332169db5138713661f3fcf3359f5449d6ee6a9b8b8daa7046ac1a
                                            • Instruction Fuzzy Hash: DE119331A00B16ABE725CF2CC48069AFBA4BB04F45F15422EEA6456140D7316850CFD1
                                            Function 01384029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _strlen.LIBCMT ref: 0138403A
                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01384060
                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01384076
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: File$CreatePointer_strlen
                                            • String ID: %s %hu %s %s %s
                                            • API String ID: 4211031630-2916857029
                                            • Opcode ID: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction ID: 381c51d33e24c53357b96191ce7170b0469a98985975db59006ed86296b4e4b1
                                            • Opcode Fuzzy Hash: cb3c9c5e663675e5163d51ca69d87ae29317a7c254b9c12cbe5a20cbd8895944
                                            • Instruction Fuzzy Hash: 58016236201210BBDB212BA6EC4EEA77F69EF45778F148155FA189D0E1D722C852D7A0
                                            Function 01454701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • audio_format_get_tag_string.GETSCREEN-156413884-X86(?,?,?,?,?,?,?,?), ref: 01454737
                                            Strings
                                            • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 0145473E
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 01454748
                                            • audio_format_print, xrefs: 01454743
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: audio_format_get_tag_string
                                            • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                            • API String ID: 2866491501-3564663344
                                            • Opcode ID: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction ID: 4d3cc1b02c4a41811b38431a1373be714141d6e6a231df157a76bcf1ad8519a6
                                            • Opcode Fuzzy Hash: 873f0de6bccb1a45bb68d8e2f6fbbc147977a3dc2833395e3dec85c79f333e83
                                            • Instruction Fuzzy Hash: 6CF09675140205BADB401F46CC01E763B6DEB24B14B24804EFD1C8C0A1E677D9A2D3A0
                                            Function 01342713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_get_last_error.GETSCREEN-156413884-X86(?), ref: 01342725
                                            • freerdp_set_last_error_ex.GETSCREEN-156413884-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 01342745
                                            Strings
                                            • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 01342734
                                            • freerdp_abort_connect, xrefs: 01342739
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                            • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                            • API String ID: 3690923134-629580617
                                            • Opcode ID: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction ID: 780ff261c06bc48f883fade53332c5b6b2476ccd844acd2a968f0f22de3fa92b
                                            • Opcode Fuzzy Hash: 88db9f7fb234a3a16305913350e24d60bc3a56e105924b5e8d80152e313831a1
                                            • Instruction Fuzzy Hash: 22E0D835240215EFEB616E19EC01F56BFD4AF10B98F20045DF6C476462E76174808684
                                            Function 0145632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            • primitives_get.GETSCREEN-156413884-X86 ref: 0145633F
                                            • primitives_flags.GETSCREEN-156413884-X86(00000000), ref: 01456353
                                            • TpWaitForWork.NTDLL(00000000,00000000), ref: 014564A9
                                            • TpReleaseWork.NTDLL(00000000), ref: 014564B2
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                            • String ID:
                                            • API String ID: 704174238-0
                                            • Opcode ID: 6ce774886ead7e25bc30ea03bd5928117af76f13ec209f5379ee9bc3df9209ae
                                            • Instruction ID: d9f0c99ce5cf63a5b1e12375c16a99ecf4366011f718a65047e6f6f0b5ad0e20
                                            • Opcode Fuzzy Hash: 6ce774886ead7e25bc30ea03bd5928117af76f13ec209f5379ee9bc3df9209ae
                                            • Instruction Fuzzy Hash: CE6139B5A0060AEFCB14CF68C9819AEBBF5FF58310B15856AE915E7321D730E951CF90
                                            Function 013AC297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                            • gdi_SetRgn.GETSCREEN-156413884-X86(?,?,?,?,00000000,00000001,?,?), ref: 013AC324
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: gdi_
                                            • String ID:
                                            • API String ID: 2273374161-0
                                            • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction ID: 1f52663d081b8fba09c00a6db078a19e8747deeb431cd4dda427110fb5127d8c
                                            • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                            • Instruction Fuzzy Hash: 1A31C7B1900209EFDB10DF98C9849AEBBF9FF48214F54806AE915E7250D335EA45CFA0
                                            Function 013D5C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.NTDLL(?), ref: 013D5C16
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C34
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C54
                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 013D5C9A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CriticalSection$Leave$Enter
                                            • String ID:
                                            • API String ID: 2978645861-0
                                            • Opcode ID: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction ID: 6c8160d4a94bd88029e7668633473bdcf0b6a98b89b100415c0ab11d05e72274
                                            • Opcode Fuzzy Hash: 896421e93ade5e4dcda1286eca0bd1d4601d0a9348886709c2ae0337daafd780
                                            • Instruction Fuzzy Hash: 0121CF32600605EFEF24CF18D980A69BBF8FF4536AF15462DE882A7260D770B981CB50
                                            Function 013A9BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            • region16_rects.GETSCREEN-156413884-X86(?,00000000), ref: 013A9BDC
                                            • region16_extents.GETSCREEN-156413884-X86(?), ref: 013A9BEC
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9BF7
                                              • Part of subcall function 013A97FD: rectangles_intersection.GETSCREEN-156413884-X86(?,?,?), ref: 013A980C
                                            • rectangles_intersects.GETSCREEN-156413884-X86(00000000,?), ref: 013A9C1A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                            • String ID:
                                            • API String ID: 3854534691-0
                                            • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction ID: f8ec99a550dcc8481c7017ee043332e9b4491628539506e417e6fe172d5fefda
                                            • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                            • Instruction Fuzzy Hash: 8401C433114A1969EF24DB5DD8C0BBBF7DCDB4456CF94401AE918B6040EB35E881C3B4
                                            Function 013C1F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_new.GETSCREEN-156413884-X86 ref: 013C1F56
                                            • freerdp_context_new.GETSCREEN-156413884-X86(00000000,00000000,?,?), ref: 013C1FA4
                                            • freerdp_register_addin_provider.GETSCREEN-156413884-X86(?,00000000), ref: 013C1FC7
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                            • String ID:
                                            • API String ID: 3731710698-0
                                            • Opcode ID: 945bc20bcb03b63716288bd909141d203666854009d22fb1c671c4f972f6f524
                                            • Instruction ID: a1a17a3c6adcac49a707be13d191953146c7e3f5c8bdc6e6cd74f0191733f9da
                                            • Opcode Fuzzy Hash: 945bc20bcb03b63716288bd909141d203666854009d22fb1c671c4f972f6f524
                                            • Instruction Fuzzy Hash: D311E331604B13EBD324AF7AD800F9ABBE9BF70A28F10451EE45887251EB70F851DB90
                                            Function 0145621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: __aligned_free
                                            • String ID:
                                            • API String ID: 733272558-0
                                            • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction ID: 653c06db864b53c376e4040653804ab83f5bd281b5c57cbd09c17127d62a6851
                                            • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                            • Instruction Fuzzy Hash: 63E0DF32040B207FCA717BA6CD00D9BBB98BF78601300041AF88697630CA33A8528BC0
                                            Function 01356AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_free.GETSCREEN-156413884-X86(00000000), ref: 01357326
                                              • Part of subcall function 01357F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 01357FCC
                                              • Part of subcall function 01357F9B: freerdp_settings_set_string.GETSCREEN-156413884-X86(?,00000680,?), ref: 01357FFC
                                            • freerdp_settings_set_string.GETSCREEN-156413884-X86(00000000,00000086,?), ref: 01356D8C
                                            Strings
                                            • C:\Windows\System32\mstscax.dll, xrefs: 01356F3F
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                            • String ID: C:\Windows\System32\mstscax.dll
                                            • API String ID: 2334115954-183970058
                                            • Opcode ID: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction ID: 9e91f0b4fd58cee27cd03cd22d5f841d7e4cbdfb9462bbd71c24c6718714c978
                                            • Opcode Fuzzy Hash: c5a961fa4f340cef8f892bb4ad9e141072b2115947491c28a23048b502dc6a6f
                                            • Instruction Fuzzy Hash: B5E1D8B0504B009EE324DF39D895B93BBE4FF18311F91592EE5AE8B391D7B1A584CB48
                                            Function 013AD99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: Rectgdi_
                                            • String ID:
                                            • API String ID: 2404991910-3916222277
                                            • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction ID: 35c16b48eae4dfdb2886fb0bc315170ca8c54eb0522c590ca10cebc9d28bfd99
                                            • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                            • Instruction Fuzzy Hash: 3351A3B300014ABBDF02DE94CD40DEB7BAEFF18248F494256FE1991420E732E6659BA1
                                            Function 013D68CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,013D6A0A,?,?,00000000,?,013CE976,00000000), ref: 013D697B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: CountCriticalInitializeSectionSpin
                                            • String ID: %s: unknown handler type %u$WLog_Appender_New
                                            • API String ID: 2593887523-3466059274
                                            • Opcode ID: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction ID: 045603b24084d45e782251ca89a28e5b85f2358a0d6697204453bb550e78f160
                                            • Opcode Fuzzy Hash: ca7745e8fee76e94353e2291e1ee6d537bdd65948c1ce7153f49896bcfe044a1
                                            • Instruction Fuzzy Hash: 5A114CF350821767E6227ABD7C87DFF5F6C9B5393CB04401EF525AA550DE30E10141A2
                                            Function 01343FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s%s-client.%s$DeviceServiceEntry
                                            • API String ID: 0-2733899524
                                            • Opcode ID: ef263a8cab60c5183f8b955e014d8bec829f152d889b8f52809ba263bdd67bbe
                                            • Instruction ID: ad26b422da8b47cd049169b701be9ea8e2c1fdc0ebe83c870a6fde087fe8a876
                                            • Opcode Fuzzy Hash: ef263a8cab60c5183f8b955e014d8bec829f152d889b8f52809ba263bdd67bbe
                                            • Instruction Fuzzy Hash: FD119476A00219ABFB109E9DC880BAFBBECEF50A58F14402EFE14D7240D770E9118B90
                                            Function 013CEBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,013CE987), ref: 013CEBF6
                                            • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,013CE987), ref: 013CEC1A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WLOG_FILTER
                                            • API String ID: 1431749950-2006202657
                                            • Opcode ID: d4c55299c7fd9d9714eec5b1abf23803bc5fe88c3c0787affe0bc42be64582ed
                                            • Instruction ID: 23829b4781b5ec053d71c6dc6f29d870354d0287abbeab3a86d8256aecd6931f
                                            • Opcode Fuzzy Hash: d4c55299c7fd9d9714eec5b1abf23803bc5fe88c3c0787affe0bc42be64582ed
                                            • Instruction Fuzzy Hash: 97F021332152657BD720276AFC89C6F7F6DEAA6ABC351403EF404C7114EB754C4187A1
                                            Function 013CBC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: .msrcIncident$.rdp
                                            • API String ID: 4218353326-1437571178
                                            • Opcode ID: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction ID: 2dedb52d1feb61a4fe27bc53ea19b4e30870e6810465bfe3cc792999e0d2a39b
                                            • Opcode Fuzzy Hash: 5639498f7f31431402752e4447a0a32718af41002d8f4ca37b745f3a4f0bfb36
                                            • Instruction Fuzzy Hash: 6FF02873A1492B6ACD2499BDDC0386BB74CEA129F8710832EE43AD75D0DE32DC1087D0
                                            Function 013D4BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BCC
                                            • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,013D4AE3), ref: 013D4BEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable
                                            • String ID: WINPR_NATIVE_SSPI
                                            • API String ID: 1431749950-1020623567
                                            • Opcode ID: 33ec97bc0a7f3bd73c9548d1302045a67324eac1a86f76ba5fda61b0f967e594
                                            • Instruction ID: 816ab11a40be2ab034225549062833fb89e05e5101713531481e5a99bb21681b
                                            • Opcode Fuzzy Hash: 33ec97bc0a7f3bd73c9548d1302045a67324eac1a86f76ba5fda61b0f967e594
                                            • Instruction Fuzzy Hash: 0CF0273365523336E935316A7C05F7B9E68DBB7E2CB15012DF501DB884CA60444346D1
                                            Function 0139A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • rfx_context_new.GETSCREEN-156413884-X86(?), ref: 0139A2ED
                                              • Part of subcall function 0138E4DD: GetVersionExA.KERNEL32(?), ref: 0138E5CD
                                              • Part of subcall function 0138E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0138E5E7
                                              • Part of subcall function 0138E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0138E612
                                            • progressive_context_free.GETSCREEN-156413884-X86(00000000), ref: 0139A36D
                                            Strings
                                            • com.freerdp.codec.progressive, xrefs: 0139A2CA
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                            • String ID: com.freerdp.codec.progressive
                                            • API String ID: 2699998398-3622116780
                                            • Opcode ID: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction ID: b903ba57351ec306bb47c57f361eef0bbc234dd5903d3337a18a4bf8388ca9ac
                                            • Opcode Fuzzy Hash: c6e90ef82db7f27f50305015d0af614d9dc60d6468cf08e16d1240818d6e0467
                                            • Instruction Fuzzy Hash: 75F0E932A057131AF7247BBE9841F4B7FD8DF52A74F14012EF648AB580DAB194018360
                                            Function 01381ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • freerdp_settings_get_key_for_name.GETSCREEN-156413884-X86(?), ref: 01381EEF
                                            • freerdp_settings_get_type_for_key.GETSCREEN-156413884-X86(00000000), ref: 01381F51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                            • String ID: TRUE
                                            • API String ID: 1888880752-3412697401
                                            • Opcode ID: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction ID: 25d52f0e006ed1afefd704ce1bc38db49ac92e3eef42a2633b70413bd4a5f87d
                                            • Opcode Fuzzy Hash: 56b8c343415aa9705ae6c8246c84b95a4858bb6d7579efbbb1e7200c03e1c834
                                            • Instruction Fuzzy Hash: 23E0E572304715AEDA117BDEDC81D9F371CEB55EA9B11012AF60467240E770D90656B0
                                            Function 013815BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: 8c4f98ff520d57fe76643d03a34a1e8e79f392be8aa59eef953defd861104d1d
                                            • Instruction ID: cf3832540a1a8c38c237d136510522c526fbee2589fdee85625e56d4c22a2fb9
                                            • Opcode Fuzzy Hash: 8c4f98ff520d57fe76643d03a34a1e8e79f392be8aa59eef953defd861104d1d
                                            • Instruction Fuzzy Hash: A2F082B140031BBFDB217FA68C81DAB7B5DFF28294B450025FD0896221E735DA21D6E0
                                            Function 01381493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: _strlen
                                            • String ID: %s:%s
                                            • API String ID: 4218353326-3196766268
                                            • Opcode ID: ba9ccfb39c44c9c36e90d1f51ccf218e31eb13c1453b6593757a632b760da5bf
                                            • Instruction ID: b0cbd28eee89c9f9112022bab4031aa3c83bd418a782fb116d89730d1bdd7555
                                            • Opcode Fuzzy Hash: ba9ccfb39c44c9c36e90d1f51ccf218e31eb13c1453b6593757a632b760da5bf
                                            • Instruction Fuzzy Hash: 35F089B14003177BDB217FA6DC41DAB7A6DFF25154B450424FD04A7221E735DD21D6E1
                                            Function 013D717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,013D7163), ref: 013D7190
                                            • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,013D7163), ref: 013D71B1
                                              • Part of subcall function 013D7310: LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                              • Part of subcall function 013D7310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                            • String ID: WTSAPI_LIBRARY
                                            • API String ID: 3590464466-1122459656
                                            • Opcode ID: f9249a19ce504128dbd0f85352809a25ce3000fe18d4f2c0b8789426cd5532b7
                                            • Instruction ID: 7441bf2974fc97e8c13fddd70787de18a6548a41442f3a284a154d77796e6aec
                                            • Opcode Fuzzy Hash: f9249a19ce504128dbd0f85352809a25ce3000fe18d4f2c0b8789426cd5532b7
                                            • Instruction Fuzzy Hash: 90E09B3310563379E632216DBC4BF9FBA15DBD3A6DF65021DF4005B1D4AF60544182A6
                                            Function 013D7310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,?,013D71C4,00000000,?,?,013D7163), ref: 013D7316
                                            • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 013D732B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID: InitWtsApi
                                            • API String ID: 2574300362-3428673357
                                            • Opcode ID: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction ID: 072ac635a8ee2cbf33a5a4639453ee5b4b504269c70a302cd996b0db578b38f2
                                            • Opcode Fuzzy Hash: da2c7e8514e8fee673fd1a051f8d573c0ff7b627808b55a7af88bc34e74c4feb
                                            • Instruction Fuzzy Hash: 3FD01772644605ABEF20AFF6BC0691A3FADAB4094D3086926E829C6564EB71C16087A1
                                            Function 0143F42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,0142B650,01580388,0000000C), ref: 0143F430
                                            • SetLastError.KERNEL32(00000000), ref: 0143F4D2
                                            • GetLastError.KERNEL32(00000000,?,01425FDD,0143F0E3,?,?,013CF77A,0000000C,?,?,?,?,013427D2,?,?,?), ref: 0143F581
                                            • SetLastError.KERNEL32(00000000,00000006), ref: 0143F623
                                              • Part of subcall function 0143F066: HeapFree.KERNEL32(00000000,00000000,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F07C
                                              • Part of subcall function 0143F066: GetLastError.KERNEL32(?,?,01425F2D,?,?,?,013CFA9A,?,?,?,?,?,0134293F,?,?), ref: 0143F087
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.1847475623.0000000000D61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                                            • Associated: 00000004.00000002.1847409243.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000014EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000158B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000159E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000015FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001698000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000187C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000001881000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.0000000002283000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.00000000023EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1847475623.000000000248D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000004.00000002.1849179567.00000000024B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_d60000_getscreen-156413884-x86.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FreeHeap
                                            • String ID:
                                            • API String ID: 3197834085-0
                                            • Opcode ID: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction ID: 275aef4f51c561095fb4ef2a3d52f5b552f496daa72ef52b60e430bac8d23e29
                                            • Opcode Fuzzy Hash: 7be5c327b82465fd8fae78bb409c48b16b73416c5242833201dc62027c0b1a1f
                                            • Instruction Fuzzy Hash: 62412B35E156126FEA213B7DAD84D2B364C9FBC674B160237F620DA2F1DB30980E4A13