Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
getscreen-941605629-x86.exe

Overview

General Information

Sample name:getscreen-941605629-x86.exe
Analysis ID:1503282
MD5:5acb80c387b2a64a4d8bdc6e8489f7e9
SHA1:b9e83c5233e7a0855f042b51e0c7af3f395ab0f4
SHA256:4691d20ed62db34297c5382277560dd830afa23a3506468dd3f97ca1e5b635e5
Tags:exe
Infos:

Detection

Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Modifies Internet Explorer zonemap settings
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to simulate mouse events
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: IE Change Domain Zone
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • getscreen-941605629-x86.exe (PID: 6512 cmdline: "C:\Users\user\Desktop\getscreen-941605629-x86.exe" MD5: 5ACB80C387B2A64A4D8BDC6E8489F7E9)
    • getscreen-941605629-x86.exe (PID: 1876 cmdline: "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -gpipe \\.\pipe\PCommand97ykuajzqlynjfrrw -gui MD5: 5ACB80C387B2A64A4D8BDC6E8489F7E9)
    • getscreen-941605629-x86.exe (PID: 6620 cmdline: "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -cpipe \\.\pipe\PCommand96hiybpleygsfogra -cmem 0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj -child MD5: 5ACB80C387B2A64A4D8BDC6E8489F7E9)
  • wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe (PID: 3648 cmdline: "C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe" -elevate \\.\pipe\elevateGS512wtpgbjxopbtgkqvmzyoyjecsgtfbypc MD5: 5ACB80C387B2A64A4D8BDC6E8489F7E9)
  • svchost.exe (PID: 5900 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: IE Change Domain Zone
Source: Registry Key setAuthor: frack113: Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\getscreen-941605629-x86.exe, ProcessId: 1876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me\http
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon, ProcessId: 5900, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5831 crypto_cert_free,0_2_008E5831
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E584E crypto_cert_get_dns_names,0_2_008E584E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E590A crypto_cert_get_email,0_2_008E590A
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E6105 crypto_rsa_private_encrypt,0_2_008E6105
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E612F crypto_rsa_public_encrypt,0_2_008E612F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5966 crypto_cert_get_public_key,0_2_008E5966
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_009C2165 freerdp_assistance_encrypt_pass_stub,0_2_009C2165
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5ABB crypto_cert_hash,0_2_008E5ABB
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5A65 crypto_cert_get_upn,0_2_008E5A65
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5A61 crypto_cert_get_signature_alg,0_2_008E5A61
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5B24 crypto_cert_issuer,0_2_008E5B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008F7B24 crypto_base64_decode,0_2_008F7B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008F7B3F crypto_base64_encode,0_2_008F7B3F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,0_2_008E5B39
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0093E437 _EncryptMessage@16,InitOnceExecuteOnce,0_2_0093E437
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0093E42E _DecryptMessage@16,InitOnceExecuteOnce,0_2_0093E42E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5D82 crypto_cert_subject,0_2_008E5D82
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5D97 crypto_cert_subject_alt_name,0_2_008E5D97
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5DA5 crypto_cert_subject_common_name,0_2_008E5DA5
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5D58 crypto_cert_read,0_2_008E5D58
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5ED1 crypto_reverse,0_2_008E5ED1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,0_2_008E5E14
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_009C2620 freerdp_assistance_get_encrypted_pass_stub,0_2_009C2620
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,0_2_008E5782
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008F3F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,0_2_008F3F1C
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E5732 crypto_cert_dns_names_free,0_2_008E5732
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,0_2_008E576E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5831 crypto_cert_free,1_2_008E5831
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E584E crypto_cert_get_dns_names,1_2_008E584E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E590A crypto_cert_get_email,1_2_008E590A
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E6105 crypto_rsa_private_encrypt,1_2_008E6105
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E612F crypto_rsa_public_encrypt,1_2_008E612F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5966 crypto_cert_get_public_key,1_2_008E5966
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_009C2165 freerdp_assistance_encrypt_pass_stub,1_2_009C2165
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5ABB crypto_cert_hash,1_2_008E5ABB
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5A65 crypto_cert_get_upn,1_2_008E5A65
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5A61 crypto_cert_get_signature_alg,1_2_008E5A61
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5B24 crypto_cert_issuer,1_2_008E5B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008F7B24 crypto_base64_decode,1_2_008F7B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008F7B3F crypto_base64_encode,1_2_008F7B3F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,1_2_008E5B39
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_0093E437 _EncryptMessage@16,InitOnceExecuteOnce,1_2_0093E437
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_0093E42E _DecryptMessage@16,InitOnceExecuteOnce,1_2_0093E42E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5D82 crypto_cert_subject,1_2_008E5D82
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5D97 crypto_cert_subject_alt_name,1_2_008E5D97
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5DA5 crypto_cert_subject_common_name,1_2_008E5DA5
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5D58 crypto_cert_read,1_2_008E5D58
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5ED1 crypto_reverse,1_2_008E5ED1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,1_2_008E5E14
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_009C2620 freerdp_assistance_get_encrypted_pass_stub,1_2_009C2620
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,1_2_008E5782
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008F3F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,1_2_008F3F1C
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E5732 crypto_cert_dns_names_free,1_2_008E5732
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_008E576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,1_2_008E576E
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425966 crypto_cert_get_public_key,3_2_01425966
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01502165 freerdp_assistance_encrypt_pass_stub,3_2_01502165
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01426105 crypto_rsa_private_encrypt,3_2_01426105
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0142590A crypto_cert_get_email,3_2_0142590A
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0142612F crypto_rsa_public_encrypt,3_2_0142612F
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0142584E crypto_cert_get_dns_names,3_2_0142584E
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425831 crypto_cert_free,3_2_01425831
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425B24 crypto_cert_issuer,3_2_01425B24
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01437B24 crypto_base64_decode,3_2_01437B24
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,3_2_01425B39
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01437B3F crypto_base64_encode,3_2_01437B3F
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425A61 crypto_cert_get_signature_alg,3_2_01425A61
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425A65 crypto_cert_get_upn,3_2_01425A65
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425ABB crypto_cert_hash,3_2_01425ABB
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425D58 crypto_cert_read,3_2_01425D58
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425D82 crypto_cert_subject,3_2_01425D82
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425D97 crypto_cert_subject_alt_name,3_2_01425D97
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425DA5 crypto_cert_subject_common_name,3_2_01425DA5
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0147E42E _DecryptMessage@16,InitOnceExecuteOnce,3_2_0147E42E
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0147E437 _EncryptMessage@16,InitOnceExecuteOnce,3_2_0147E437
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_0142576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,3_2_0142576E
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01433F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,3_2_01433F1C
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425732 crypto_cert_dns_names_free,3_2_01425732
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,3_2_01425782
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,3_2_01425E14
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01502620 freerdp_assistance_get_encrypted_pass_stub,3_2_01502620
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_01425ED1 crypto_reverse,3_2_01425ED1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5831 crypto_cert_free,5_2_008E5831
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E584E crypto_cert_get_dns_names,5_2_008E584E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E590A crypto_cert_get_email,5_2_008E590A
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E6105 crypto_rsa_private_encrypt,5_2_008E6105
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E612F crypto_rsa_public_encrypt,5_2_008E612F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5966 crypto_cert_get_public_key,5_2_008E5966
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_009C2165 freerdp_assistance_encrypt_pass_stub,5_2_009C2165
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5ABB crypto_cert_hash,5_2_008E5ABB
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5A65 crypto_cert_get_upn,5_2_008E5A65
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5A61 crypto_cert_get_signature_alg,5_2_008E5A61
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5B24 crypto_cert_issuer,5_2_008E5B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008F7B24 crypto_base64_decode,5_2_008F7B24
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008F7B3F crypto_base64_encode,5_2_008F7B3F
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5B39 crypto_cert_print_info,crypto_cert_subject,crypto_cert_issuer,crypto_cert_fingerprint,5_2_008E5B39
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_0093E437 _EncryptMessage@16,InitOnceExecuteOnce,5_2_0093E437
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_0093E42E _DecryptMessage@16,InitOnceExecuteOnce,5_2_0093E42E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5D82 crypto_cert_subject,5_2_008E5D82
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5D97 crypto_cert_subject_alt_name,5_2_008E5D97
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5DA5 crypto_cert_subject_common_name,5_2_008E5DA5
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5D58 crypto_cert_read,5_2_008E5D58
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5ED1 crypto_reverse,5_2_008E5ED1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5E14 crypto_get_certificate_data,crypto_cert_fingerprint,crypto_cert_issuer,crypto_cert_subject,certificate_data_new,5_2_008E5E14
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_009C2620 freerdp_assistance_get_encrypted_pass_stub,5_2_009C2620
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5782 crypto_cert_fingerprint_by_hash,crypto_cert_hash,5_2_008E5782
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008F3F1C certificate_data_new,crypto_base64_encode,crypto_base64_encode,_strlen,5_2_008F3F1C
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E5732 crypto_cert_dns_names_free,5_2_008E5732
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_008E576E crypto_cert_fingerprint,crypto_cert_fingerprint_by_hash,5_2_008E576E
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-941605629-x86.exeJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION getscreen-941605629-x86.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: getscreen-941605629-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: getscreen-941605629-x86.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: getscreen-941605629-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp
Source: Joe Sandbox ViewIP Address: 51.89.95.37 51.89.95.37
Source: Joe Sandbox ViewIP Address: 5.75.168.191 5.75.168.191
Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficHTTP traffic detected: GET /signal/agent HTTP/1.1Host: getscreen.meUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Origin: https://getscreen.meSec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
Source: global trafficDNS traffic detected: DNS query: getscreen.me
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.contoso.com:3128/
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://proxy.pcommand.com:3128
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4Z
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://%S/%S/agent/chat$.typeoutprocessData4Zb
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policy
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link
Source: getscreen-941605629-x86.exe, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: unknownNetwork traffic detected: HTTP traffic on port 50693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51663 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52506 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52416 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50591 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51573 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52428 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52517
Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52515
Source: unknownNetwork traffic detected: HTTP traffic on port 52567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52518
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52519
Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52512
Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52510
Source: unknownNetwork traffic detected: HTTP traffic on port 52326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52511
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52527
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52528
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52525
Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52526
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52529
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52520
Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52453 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52523
Source: unknownNetwork traffic detected: HTTP traffic on port 51001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52524
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52521
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52522
Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52538
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52537
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51209
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52530
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52531
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52534
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52535
Source: unknownNetwork traffic detected: HTTP traffic on port 50374 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52532
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52533
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52549
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52547
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52548
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52541
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52542
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52540
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52545
Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52546
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52543
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51213
Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52544
Source: unknownNetwork traffic detected: HTTP traffic on port 52579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52441 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52592 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52477 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52580 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50619 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51409 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52465 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52506
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52503
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52504
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52509
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52507
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52508
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52502
Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52500
Source: unknownNetwork traffic detected: HTTP traffic on port 52850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52475
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52476
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52473
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52477
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51147
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52478
Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51151
Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52482
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
Source: unknownNetwork traffic detected: HTTP traffic on port 52387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52483
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52481
Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52375 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51155
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52486
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52484
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52485
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51159
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52488
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51158
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52489
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52490
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52493
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52494
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52491
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51161
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52492
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52158 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52495
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52496
Source: unknownNetwork traffic detected: HTTP traffic on port 51152 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52499
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51174
Source: unknownNetwork traffic detected: HTTP traffic on port 53196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51175
Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51179
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51183
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52439
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52437
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52438
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52431
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52432
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52430
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52435
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52436
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52433
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52434
Source: unknownNetwork traffic detected: HTTP traffic on port 50848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52448
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52449
Source: unknownNetwork traffic detected: HTTP traffic on port 52109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52442
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52440
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52441
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51115
Source: unknownNetwork traffic detected: HTTP traffic on port 52087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52446
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52447
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52444
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52445
Source: unknownNetwork traffic detected: HTTP traffic on port 53014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52450
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51128
Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52459
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52453
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52454
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52451
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52457
Source: unknownNetwork traffic detected: HTTP traffic on port 52363 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52458
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52455
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51125
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52456
Source: unknownNetwork traffic detected: HTTP traffic on port 50836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52460
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52461
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51139
Source: unknownNetwork traffic detected: HTTP traffic on port 53026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52464
Source: unknownNetwork traffic detected: HTTP traffic on port 52694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51134
Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52465
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52462
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52463
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52469
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52466
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52467
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52471
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52472
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52470
Source: unknownNetwork traffic detected: HTTP traffic on port 52099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51471 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53274 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50529 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51483 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51495 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50530 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53262 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50296 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51195
Source: unknownNetwork traffic detected: HTTP traffic on port 51994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51194
Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51198
Source: unknownNetwork traffic detected: HTTP traffic on port 53250 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52669 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50554 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51490 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52104 -> 443
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0031B0800_2_0031B080
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_003001A00_2_003001A0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_003489A00_2_003489A0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_003373000_2_00337300
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0033A30D0_2_0033A30D
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_003366570_2_00336657
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_002F97000_2_002F9700
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_0031B0801_2_0031B080
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_003489A01_2_003489A0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_0033A30D1_2_0033A30D
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_00E5B0803_2_00E5B080
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_00E889A03_2_00E889A0
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_00E7A30D3_2_00E7A30D
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_0031B0805_2_0031B080
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_003489A05_2_003489A0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_0033A30D5_2_0033A30D
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: String function: 01472354 appears 54 times
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: String function: 0147E717 appears 101 times
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: String function: 00932354 appears 150 times
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: String function: 0093E717 appears 303 times
Source: getscreen-941605629-x86.exeStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: getscreen-941605629-x86.exeStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: getscreen-941605629-x86.exeStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drStatic PE information: Resource name: AFX_DIALOG_LAYOUT type: DOS executable (COM, 0x8C-variant)
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: getscreen-941605629-x86.exe, 00000000.00000000.2010139625.0000000001A23000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exe, 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exe, 00000001.00000000.2012670730.0000000001A23000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exe, 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exe, 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exe, 00000005.00000000.2041936707.0000000001A23000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exeBinary or memory string: OriginalFilenamegetscreen.exe: vs getscreen-941605629-x86.exe
Source: getscreen-941605629-x86.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal54.phis.evad.winEXE@8/327@6/2
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeFile created: C:\Users\user\AppData\Local\Getscreen.meJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeMutant created: \Sessions\1\BaseNamedObjects\Global\PCommandMutextTurbo96phqghum
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeFile read: C:\Users\user\Desktop\getscreen-941605629-x86.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe"
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -gpipe \\.\pipe\PCommand97ykuajzqlynjfrrw -gui
Source: unknownProcess created: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe "C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe" -elevate \\.\pipe\elevateGS512wtpgbjxopbtgkqvmzyoyjecsgtfbypc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -cpipe \\.\pipe\PCommand96hiybpleygsfogra -cmem 0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj -child
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -gpipe \\.\pipe\PCommand97ykuajzqlynjfrrw -guiJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -cpipe \\.\pipe\PCommand96hiybpleygsfogra -cmem 0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj -childJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: sas.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dsparse.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: mfwmaaec.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: avrt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: audioses.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: getscreen-941605629-x86.exeStatic PE information: certificate valid
Source: getscreen-941605629-x86.exeStatic file information: File size 3654448 > 1048576
Source: getscreen-941605629-x86.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x374e00
Source: getscreen-941605629-x86.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Project\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_01A229E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_01A229E0
Source: getscreen-941605629-x86.exeStatic PE information: real checksum: 0x38a69d should be: 0x38b163
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe.0.drStatic PE information: real checksum: 0x38a69d should be: 0x38b163
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeFile created: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeFile created: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_00947449 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00947449
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Size FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, Manufacturer, MACAddress, Speed, InterfaceIndex, Index, GUID FROM Win32_NetworkAdapter WHERE PhysicalAdapter=TRUE
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT DHCPServer, DNSServerSearchOrder, IPAddress FROM Win32_NetworkAdapterConfiguration WHERE InterfaceIndex = 1
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = &apos;True&apos;
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BankLabel, DeviceLocator, DataWidth, Manufacturer, PartNumber, SerialNumber, Capacity FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, VolumeName, FileSystem, Size, FreeSpace FROM Win32_LogicalDisk
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption FROM Win32_SoundDevice
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 619Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 1069Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 499Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 449Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 551Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 554Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 9993Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWindow / User API: threadDelayed 916Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI coverage: 2.5 %
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI coverage: 1.2 %
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeAPI coverage: 1.6 %
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 2828Thread sleep count: 619 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 4028Thread sleep count: 1069 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 5880Thread sleep count: 499 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 5860Thread sleep count: 449 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 1600Thread sleep count: 551 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 2828Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 2608Thread sleep count: 554 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 2508Thread sleep count: 197 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exe TID: 4408Thread sleep count: 916 > 30Jump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT BIOSVersion, Name, ReleaseDate FROM Win32_BIOS
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model, Name, Domain, Workgroup FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed, Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeLast function: Thread delayed
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V console (use port 2179, disable negotiation)
Source: getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMnet
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: WebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id=RT
Source: getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: BWebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id=RT2
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: RAM slot #0RAM slot #0@VMware Virtual RAMVMW-4096MB00000001
Source: getscreen-941605629-x86.exe, 00000000.00000002.4477054032.0000000005625000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: {"CPU":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","CPUSpeed":2000,"CPUCores":4,"CPUCoresLogical":1,"CPUFamily":"Intel64 Family 6 Model 143 Stepping 8","BIOS":"612A9DU2CX","BIOSVersion":"20221121","BIOSDate":"","RAMPhys":8191,"RAMPhysAvail":2321,"RAMVirt":2047,"RAMVirtAvail":1881,"RAMPageFile":8191,"RAMBanks":[{"Bank":"RAM slot #0","Locator":"RAM slot #0","DataWidth":64,"Manufacturer":"VMware Virtual RAM","PartNumber":"VMW-4096MB","SerialNumber":"00000001","Capacity":4096}],"VideoName":"B944VB8","VideoRAM":1024,"VideoCards":[{"Name":"B944VB8","RAM":1024,"Integrated":false}],"Locale":"0809","LocaleOemPage":"1252","LocaleCountry":"Switzerland","LocaleCurrency":"CHF","LocaleTimezone":120,"LocaleFormatTime":"HH:mm:ss","LocaleFormatDate":"dd\/MM\/yyyy","ComputerModel":"kKrAaKXu","ComputerDomain":"yOa7H","ComputerWorkgroup":"WORKGROUP","ComputerName":"user-PC","ComputerIP":["192.168.2.5","fe80::357a:d50d:a849:be2d"],"OSName":"Microsoft Windows 10 Pro","OSVersion":"10.0.19045","HDD":[{"Model":"UNBU6X_E SCSI Disk Devi
Source: getscreen-941605629-x86.exe, 00000000.00000003.4065244725.0000000002185000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Console#0VMware Virtual RAMVMW-4096MB00000001
Source: getscreen-941605629-x86.exe, 00000000.00000003.4065244725.0000000002185000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
Source: getscreen-941605629-x86.exe, 00000000.00000002.4475768283.0000000004462000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $VMware Virtual RAME
Source: getscreen-941605629-x86.exe, 00000000.00000002.4477054032.000000000562D000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: uardware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"612A9DU2CX\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2321,\"RAMVirt\":2047,\"RAMVirtAvail\":1881,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"B944VB8\",\"VideoRAM8
Source: getscreen-941605629-x86.exe, 00000000.00000002.4474445876.00000000020E1000.00000004.00000020.00020000.00000000.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4474060198.0000000002000000.00000004.00000020.00020000.00000000.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021328789.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2200583667.0000000001FE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI call chain: ExitProcess graph end nodegraph_0-13311
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI call chain: ExitProcess graph end nodegraph_1-12898
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeAPI call chain: ExitProcess graph end nodegraph_3-13593
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeAPI call chain: ExitProcess graph end nodegraph_5-12966
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0094EE20 IsDebuggerPresent,0_2_0094EE20
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_01A229E0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_01A229E0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_0098FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0098FCA9
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 1_2_0098FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0098FCA9
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_014D61B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_014D61B5
Source: C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exeCode function: 3_2_014CFCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_014CFCA9
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 5_2_0098FCA9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0098FCA9
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008E73E8 freerdp_input_send_mouse_event,0_2_008E73E8
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\Desktop\getscreen-941605629-x86.exe "C:\Users\user\Desktop\getscreen-941605629-x86.exe" -cpipe \\.\pipe\PCommand96hiybpleygsfogra -cmem 0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj -childJump to behavior
Source: wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd zb
Source: getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: loselink.button.copymain.isntall.howconnection.session.titleconnection.menu.copyconnection.menu.generatelogin.password.titlelogin.password.ennterlogin.active.help.1login.link.dashboard.1login.link.dashboard.2login.link.registerlogin.link.restorelogin.link.help.1login.link.help.2login.active.device.titlelogin.active.contactlogin.menu.dashboardlogin.menu.logoutsettings.common.titlesettings.common.agentsettings.common.languagesettings.common.startupsettings.common.onetimesettings.common.adminsettings.permission.titlesettings.permission.controlsettings.permission.audiosettings.permission.micsettings.permission.filesettings.permission.lock_inputsettings.permission.confirmsettings.proxy.buttoninvite.disableinvite.button.agreecall.income.textcall.income.acceptcall.income.rejectcall.out.textcall.out.cancelcall.connect.textcall.connect.closecall.active.closecall.rejecet.textcall.rejecet.againcall.rejecet.closecall.finish.textcall.finish.closeturbo.button.hideturbo.button.endturbo.button.proxyturbo.button.closeturbo.button.callturbo.button.chatturbo.confirm.closeturbo.confirm.close.yesturbo.confirm.close.noturbo.menu.exitturbo.menu.chatturbo.menu.showsettings.proxy.usesettings.proxy.serversettings.proxy.loginsettings.proxy.passwordsettings.proxy.applysettings.proxy.cancelconnection.confirm.acceptinstall.turbo.line2install.turbo.confirmconnection.link.titleconnection.link.text.4connection.link.title.2connection.link.title.3connection.link.getlogin.active.help.title.headlogin.active.help.title.2login.active.help.title.3connection.menu.clipboardconnection.menu.diactivateconnection.menu.disableShell_traywnd z
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_003489A0 cpuid 0_2_003489A0
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeCode function: 0_2_008FE4DD rfx_context_new,GetVersionExA,GetNativeSystemInfo,RegOpenKeyExA,primitives_get,CreateThreadpool,rfx_context_set_pixel_format,0_2_008FE4DD

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies Internet Explorer zonemap settings
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\getscreen.me httpsJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\Desktop\getscreen-941605629-x86.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts631
Windows Management Instrumentation		1
Scripting		12
Process Injection		1
Masquerading		OS Credential Dumping731
Security Software Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory53
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Browser Session Hijacking		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)53
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Modify Registry		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Process Injection		LSA Secrets133
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Obfuscated Files or Information		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Software Packing		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
getscreen-941605629-x86.exe0%ReversingLabs
getscreen-941605629-x86.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe0%ReversingLabs
C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe1%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
getscreen.me0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-010%URL Reputationsafe
https://%S/%S/agent/chat$.typeoutprocessData4Z0%Avira URL Cloudsafe
https://%S/%S/agent/chat$.typeoutprocessData4Zb0%Avira URL Cloudsafe
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%Avira URL Cloudsafe
http://proxy.contoso.com:3128/0%Avira URL Cloudsafe
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension0%Avira URL Cloudsafe
https://getscreen.me/signal/agent0%Avira URL Cloudsafe
https://getscreen.me/agent-policy0%Avira URL Cloudsafe
http://proxy.contoso.com:3128/0%VirustotalBrowse
http://proxy.pcommand.com:31280%Avira URL Cloudsafe
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension1%VirustotalBrowse
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=link0%VirustotalBrowse
https://getscreen.me/agent-policy0%VirustotalBrowse
https://getscreen.me/signal/agent0%VirustotalBrowse
http://proxy.pcommand.com:31280%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
getscreen.me
5.75.168.191
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://getscreen.me/signal/agentfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://getscreen.me/agent-policyhttps://%s/docs/agenthttps://%s/?utm_source=agent&utm_campaign=linkgetscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.contoso.com:3128/getscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4Zbwtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01getscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpfalse
  • URL Reputation: safe
unknown
https://%S/%S/agent/chat$.typeoutprocessData4Zgetscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extensiongetscreen-941605629-x86.exe, 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getscreen.me/agent-policygetscreen-941605629-x86.exe, 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://proxy.pcommand.com:3128getscreen-941605629-x86.exe, 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmp, getscreen-941605629-x86.exe, 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmp, wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe, 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmp, getscreen-941605629-x86.exe, 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
51.89.95.37
unknownFrance
16276OVHFRfalse
5.75.168.191
getscreen.meGermany
24940HETZNER-ASDEtrue

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1503282
Start date and time:2024-09-03 09:54:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 16s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:getscreen-941605629-x86.exe
Detection:MAL
Classification:mal54.phis.evad.winEXE@8/327@6/2
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

TimeTypeDescription
03:54:57API Interceptor10266874x Sleep call for process: getscreen-941605629-x86.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
51.89.95.37getscreen-469829524.exeGet hashmaliciousUnknownBrowse
    getscreen-469829524.exeGet hashmaliciousUnknownBrowse
      getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
        getscreen-511588515.exeGet hashmaliciousUnknownBrowse
          getscreen-959987858.exeGet hashmaliciousUnknownBrowse
            getscreen-973519027.exeGet hashmaliciousUnknownBrowse
              5.75.168.191getscreen-941605629.exeGet hashmaliciousUnknownBrowse
                getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                  getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                    getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                      getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                        getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                          getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                            getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                              getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                getscreen-728974364.exeGet hashmaliciousUnknownBrowse

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  getscreen.megetscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                  • 51.89.95.37
                                  getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                                  • 78.47.165.25
                                  getscreen-156413884-x86.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-511588515.exeGet hashmaliciousUnknownBrowse
                                  • 78.47.165.25
                                  getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-959987858.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  getscreen-973519027.exeGet hashmaliciousUnknownBrowse
                                  • 51.89.95.37

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  OVHFRBTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                                  • 91.134.207.16
                                  https://src-assistanceclient.com/robots.txtGet hashmaliciousUnknownBrowse
                                  • 54.37.149.170
                                  http://instagrab000.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 149.56.240.27
                                  sBX8VM67ZE.exeGet hashmaliciousFormBookBrowse
                                  • 94.23.162.163
                                  ROOMING 24034 Period Check-in on July 5th and departure on July 15th, 2024.batGet hashmaliciousUnknownBrowse
                                  • 94.23.17.185
                                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                  • 37.187.158.211
                                  mirai.dbg.elfGet hashmaliciousMiraiBrowse
                                  • 178.33.114.253
                                  https://trk.pmifunds.com/y.z?l=http://security1.b-cdn.net&j=375634604&e=3028&p=1&t=h&D6EBE0CCEBB74CE191551D6EE653FA1EGet hashmaliciousHTMLPhisherBrowse
                                  • 178.32.197.57
                                  https://zi2oykzw.zone.investir-sur-mesure.fr/Get hashmaliciousHTMLPhisherBrowse
                                  • 149.202.238.105
                                  getscreen-469829524.exeGet hashmaliciousUnknownBrowse
                                  • 51.89.95.37
                                  HETZNER-ASDEgetscreen-941605629.exeGet hashmaliciousUnknownBrowse
                                  • 5.75.168.191
                                  http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                  • 116.203.55.214
                                  http://instagrab000.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 116.202.167.133
                                  SecuriteInfo.com.Exploit.CVE-2017-0199.121.20522.7152.xlsxGet hashmaliciousFormBookBrowse
                                  • 88.99.66.38
                                  66d5ddcec1520_shtr.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                  • 5.75.220.8
                                  66d5ddcbb9f86_vyre.exeGet hashmaliciousLummaC, VidarBrowse
                                  • 5.75.220.8
                                  Unlock_Tool_5.0.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                  • 116.203.12.50
                                  Setup_IDM.exeGet hashmaliciousFredy StealerBrowse
                                  • 5.161.243.5
                                  Setup_IDM.exeGet hashmaliciousFredy StealerBrowse
                                  • 5.161.243.5
                                  SecuriteInfo.com.Win32.TrojanX-gen.12944.32631.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog StealerBrowse
                                  • 176.9.8.206

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\ProgramData\Getscreen.me\folder\settings.dat

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):64
                                  Entropy (8bit):5.84375
                                  Encrypted:false
                                  SSDEEP:3:Bv2CCvme6VETIOM+C8uzP:zC+e6V6RJuj
                                  MD5:3BC6B83EE45A4970505A4464239BE8F0
                                  SHA1:75B455F293FE0460BF11B96DE8AE77B9F04D1452
                                  SHA-256:E5C377B913D098FF445FF05A1598B36B48C80B4824461FCDA842676952E864A6
                                  SHA-512:2E3128A2DE6194A238F34D1C8F9A5AB6F6FD455CEC8F7183AD0F0F25D468038451794FE89282B8605FC1D0DC7C8A13C2F2346B4C7C218A907CD28DAD0B6700AD
                                  Malicious:false
                                  Reputation:low
                                  Preview:...J.+.q....:.O...5..g.T....h......,.6.<.....2.@\.%.+.#.K.jK..

                                  C:\ProgramData\Getscreen.me\logs\20240903.log

                                  Download File
                                  Process:C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):28459
                                  Entropy (8bit):5.055254978234218
                                  Encrypted:false
                                  SSDEEP:192:fUwvOTSR/5U4anSC/LYqo9mn6YfQKI8uobX6P6u0x3SjjmzVvGbs78Bpe72NE3HZ:nhpryWqOwgj2pRZRrz
                                  MD5:06A4A31D6C8AD0BC1AB1392BC1566A69
                                  SHA1:B6117246F5F502904DBFD7F5C2453F14CEF2602A
                                  SHA-256:C1812580F01875963FFE425C1D69D4D64B77B88D562726EDB19F2B9B4A3675D2
                                  SHA-512:5C4C98FA89861A0FC4F95C7B56023282ACA17DB5D3F25355C07DFDF1210C86AD4F9314DEC27FD45A73BD91B1B377B567402FDF0B2969C9AD05FCDF53852B0E39
                                  Malicious:false
                                  Reputation:low
                                  Preview:09:01:32.237.INFO.GuiSessionList created new gui session for: 1, is active: false..09:01:32.238.INFO.Server start server run....09:01:32.238.INFO.Start Getscreen.me v 2.21.3 build 2 revision 0..09:01:32.391.INFO.GUI GUI started..09:01:32.502.INFO.CGuiSessionList m_active is null..09:01:32.734.INFO.CConfigStore Loaded config from `C:\ProgramData\Getscreen.me\folder\settings.dat`..09:01:32.734.ERROR.Service service 'GetscreenSV' not found..09:01:32.816.INFO.Service service 'GetscreenSV' installed..09:01:33.067.INFO.Service service 'GetscreenSV' start success..09:01:33.077.INFO.Service get control message 1..09:01:33.086.INFO.FrameMark hide frame..09:01:33.576.INFO.Service service 'GetscreenSV' stop [0] (87)..09:01:34.093.INFO.Service service 'GetscreenSV' removed..09:01:34.142.INFO.Child success get system token..09:01:34.250.INFO.Child start child process simply..09:01:34.255.INF

                                  C:\ProgramData\Getscreen.me\logs\20240905.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):78077
                                  Entropy (8bit):5.015014259497702
                                  Encrypted:false
                                  SSDEEP:384:Yg65EWghjlFS74WS7ryjqfXiwvJZ4zLVJLCHXvI2i:ODow0W2ryjqfXiwvJZ4zXCHXvI2i
                                  MD5:FD434244639ED39C2D8665CA5C0A2010
                                  SHA1:85E184A0F52DDC4FD54CF89585E41576331EA9E2
                                  SHA-256:E462560E1DC9924D4EC2AA4BBE48951639C7736B59921E033C81CA49370932AB
                                  SHA-512:5A28E04A9A0B0BCFD8AA29517ADB73AC6FA78BBFDF195145CDBC957020308226923C2A85478BD75A6286D062D5E118C033F23D7218278C1BA95FB3177BD86E88
                                  Malicious:false
                                  Reputation:low
                                  Preview:17:01:57.096.INFO.Signaling force websocket stop..17:03:46.789.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:03:51.270.INFO.Socket connected to getscreen.me:443..17:05:51.608.INFO.Signaling force websocket stop..17:06:51.546.ERROR.Socket unable to read..17:06:51.546.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:06:51.546.ERROR.WebSocket connection error getscreen.me/signal/agent..17:08:57.304.INFO.Signaling force websocket stop..17:11:03.061.INFO.Signaling force websocket stop..17:13:08.818.INFO.Signaling force websocket stop..17:15:14.575.INFO.Signaling force websocket stop..17:15:51.780.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:16:50.300.INFO.Socket connected to getscreen.me:443..17:17:56.570.INFO.Signaling force websocket stop..17:17:56.570.ERROR.Socket unable to read..17:17:

                                  C:\ProgramData\Getscreen.me\logs\20240908.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):118336
                                  Entropy (8bit):5.017139121873963
                                  Encrypted:false
                                  SSDEEP:768:LhWpwLcOzXYWNLFUu2mArhAJtJ4QXuJ7XasaWWQK:NWpkZzXYWdtJ4o0rasaWWQK
                                  MD5:57924E337790215D2CD6B4BCDD06DE5F
                                  SHA1:62A0E5F266B597C837F6B177954494F4DB4B23E5
                                  SHA-256:D27E4C7C36DD676F9617F7C908A1999BBB483DECBE2CDD8DC513D013B504A2C3
                                  SHA-512:E8C1B6AD1BB0A99BE7A6308F908A7ADEFEAC830C2EF638554F21004AB4CA9AB9BB93F1D3D7AB84441198C52F8CC5DE020E20AF0B3D324CCD5B1454730C3F336C
                                  Malicious:false
                                  Reputation:low
                                  Preview:12:57:30.981.INFO.Signaling force websocket stop..12:57:30.996.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:57:58.157.INFO.Socket connected to getscreen.me:443..12:59:36.795.INFO.Signaling force websocket stop..12:59:36.795.ERROR.Socket unable to read..12:59:36.795.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:59:36.795.ERROR.WebSocket connection error getscreen.me/signal/agent..13:01:42.557.INFO.Signaling force websocket stop..13:03:48.325.INFO.Signaling force websocket stop..13:05:36.826.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:05:40.150.INFO.Socket connected to getscreen.me:443..13:07:42.816.INFO.Signaling force websocket stop..13:07:42.816.ERROR.Socket unable to read..13:07:42.816.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20240910.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):21485
                                  Entropy (8bit):5.018841023150064
                                  Encrypted:false
                                  SSDEEP:192:ttvuHJ7jouBESy/AYKdjmZ9edNM7lCoLuw2UwwE5LWFkm586kGfExVVZ+QZm+kQa:uZFu2c
                                  MD5:132C191B1388A961775FBA480C59CDD7
                                  SHA1:605AA09145663D389517D7513E75B6B00737803B
                                  SHA-256:2AD38FAC5E5139FBD215163592CB18F3CBAA930D4E9BB03C79686826C6C5D51B
                                  SHA-512:5C4A35B30494F00B2978CE2AD17E81A00F654CED568A6E121C407F27A3D47543DA43F20DED8EF69B8E080D7AABCBF4127806C9F12ABFFC00BB9727CF9ECC4CEC
                                  Malicious:false
                                  Reputation:low
                                  Preview:17:24:52.936.INFO.Signaling force websocket stop..17:25:07.101.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:25:40.926.INFO.Socket connected to getscreen.me:443..17:27:11.518.INFO.Signaling force websocket stop..17:27:11.518.ERROR.Socket unable to read..17:27:11.518.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:27:11.518.ERROR.WebSocket connection error getscreen.me/signal/agent..17:29:53.626.INFO.Signaling force websocket stop..17:31:59.383.INFO.Signaling force websocket stop..17:34:03.584.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:35:33.122.INFO.Socket connected to getscreen.me:443..17:36:08.777.INFO.Signaling force websocket stop..17:36:08.777.ERROR.Socket unable to read..17:36:08.777.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20240912.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):7571
                                  Entropy (8bit):4.994170052093869
                                  Encrypted:false
                                  SSDEEP:192:+TkJHkDSkEsk8A1kOdkCAfkmqsmCkIJJ4l4oiFpuLjh5BA:nyN2J2Bz8BsmZU3H
                                  MD5:414DFDC9B02B54A00CE87A6287BCF5B8
                                  SHA1:38130150E2187F62A9D5A508C9FD44EAE3D25F54
                                  SHA-256:2316947B25F1ADC189681ADFC54179152A3761844F8DC3A047C667F9DC6B41F0
                                  SHA-512:0CC074C64BE5CD701F8B8E0413EC95A739F546EE546F6E45E786D1423675C457EBDB53CFC6F4C53D955A8A297F859308FA1A07B11EDC55FC5D797D2335A69FD1
                                  Malicious:false
                                  Reputation:low
                                  Preview:00:59:37.370.INFO.Signaling force websocket stop..00:59:37.398.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:00:57.106.INFO.Socket connected to getscreen.me:443..01:01:43.215.INFO.Signaling force websocket stop..01:01:43.228.ERROR.Socket unable to read..01:01:43.228.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:01:43.228.ERROR.WebSocket connection error getscreen.me/signal/agent..01:03:48.988.INFO.Signaling force websocket stop..01:05:54.758.INFO.Signaling force websocket stop..01:08:00.517.INFO.Signaling force websocket stop..01:08:44.876.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:10:36.040.INFO.Socket connected to getscreen.me:443..01:11:50.644.INFO.Signaling force websocket stop..01:11:50.647.ERROR.Socket unable to read..01:11:50.647.ERROR.SSL handshake error: error:0000

                                  C:\ProgramData\Getscreen.me\logs\20240913.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):29594
                                  Entropy (8bit):5.011203258483911
                                  Encrypted:false
                                  SSDEEP:192:r6GceJK6IFqVjgiDsOx02gpSAlWoicRXiptLTS0oGiUhjfFXN4LuZu0zoL8WcnrG:pWNagiMlXdSsUw5P
                                  MD5:7554CA3290475D8ED9D70E5E86EDA7AF
                                  SHA1:033F4F300EB9360CEE823C5335477D0F596E703B
                                  SHA-256:D868C221B5CDE9FA53DCD433F14A424589AD2517F3F8085734BF06670A650D3C
                                  SHA-512:B93FC6BF988E84F906A95267C2104CCC8A72839B35D7A1F045AEEE619B59950507F44DA47304AEE9416332C62AB12748EE8D6DDB50AB4BA9B7DBDFDB8E59FD09
                                  Malicious:false
                                  Reputation:low
                                  Preview:02:35:32.862.INFO.Signaling force websocket stop..02:35:32.879.ERROR.Socket unable to read..02:35:32.880.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:35:32.880.ERROR.WebSocket connection error getscreen.me/signal/agent..02:37:38.646.INFO.Signaling force websocket stop..02:39:44.411.INFO.Signaling force websocket stop..02:41:50.169.INFO.Signaling force websocket stop..02:41:57.518.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:43:14.577.INFO.Socket connected to getscreen.me:443..02:44:01.472.INFO.Signaling force websocket stop..02:44:01.472.ERROR.Socket unable to read..02:44:01.472.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:44:01.472.ERROR.WebSocket connection error getscreen.me/signal/agent..02:46:07.230.INFO.Signaling force websocket stop..02:48:

                                  C:\ProgramData\Getscreen.me\logs\20240915.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):93562
                                  Entropy (8bit):5.016251744868732
                                  Encrypted:false
                                  SSDEEP:384:pT2bVmmUeX9TTaPcUkAe9KOBp4jHnkno78I87ZH/kitjoD4:pcVlX9aPgKep4znkno78I4ZjoD4
                                  MD5:4FE0D2369D8F58A0B953FFA6FC9D8A77
                                  SHA1:0D4832CC5F768F6F7BC4D5C6EDB8CD5A81CF8E06
                                  SHA-256:0DC2621871516303DDE8575D01426D0841017B39B5A7969160EDF7ADA82EAA5A
                                  SHA-512:BEDAA89FA4DE5C59A38903308AD7F862D93454BD5532FFD35665E6AA19A423C70288CCCF9030F26A448CF7F8B7B6F7541CDEA7FBF7B75154C8458D030E6018D4
                                  Malicious:false
                                  Reputation:low
                                  Preview:12:32:21.975.INFO.Signaling force websocket stop..12:35:27.543.INFO.Signaling force websocket stop..12:35:59.888.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:36:19.678.INFO.Socket connected to getscreen.me:443..12:38:05.286.INFO.Signaling force websocket stop..12:38:05.286.ERROR.Socket unable to read..12:38:05.286.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:38:05.286.ERROR.WebSocket connection error getscreen.me/signal/agent..12:40:11.050.INFO.Signaling force websocket stop..12:42:16.812.INFO.Signaling force websocket stop..12:43:08.728.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:43:34.719.INFO.Socket connected to getscreen.me:443..12:45:17.999.INFO.Signaling force websocket stop..12:45:18.000.ERROR.Socket unable to read..12:45:18.000.ERROR.SSL handshake error: error:0000

                                  C:\ProgramData\Getscreen.me\logs\20240917.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):30886
                                  Entropy (8bit):5.019256822408471
                                  Encrypted:false
                                  SSDEEP:192:ryiib2USF3f+TUJn/R5GAr154ytjzEm/iuSv4c5V8xE4ZMEP6z9vfPg+4B0bS0+9:EPS0+VD2smQ68z5P4C
                                  MD5:560BB24A2C692C22B2159A87C4EACEF9
                                  SHA1:F4C3559EBEB56161C0E8D6EDEE8960CE378B92E9
                                  SHA-256:087248F66EE479DCE1468D4B6C3F31A99A5E30E2CA89257DAEDA4D71420D5040
                                  SHA-512:52147243D57248FC7B9C2E6AD5BE1BCE9CCF813166F4CDB46D12B578C98D4DCE878F59867D822D60561FF9071269BF6291312B408F6A4FC8535EAAAF27F324B7
                                  Malicious:false
                                  Reputation:low
                                  Preview:12:28:35.572.INFO.Signaling force websocket stop..12:28:39.670.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:29:42.662.INFO.Socket connected to getscreen.me:443..12:30:45.640.INFO.Signaling force websocket stop..12:30:45.641.ERROR.Socket unable to read..12:30:45.641.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:30:45.641.ERROR.WebSocket connection error getscreen.me/signal/agent..12:32:51.406.INFO.Signaling force websocket stop..12:34:57.164.INFO.Signaling force websocket stop..12:36:34.616.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:37:47.110.INFO.Socket connected to getscreen.me:443..12:38:38.846.INFO.Signaling force websocket stop..12:38:38.846.ERROR.Socket unable to read..12:38:38.846.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20240918.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):160462
                                  Entropy (8bit):5.013013806817024
                                  Encrypted:false
                                  SSDEEP:768:BX58OjFU+heF2hsZwPKPbykNdYnrawWRALP7vX6LhgBJHH6ooHYTAruYouuz6Nmo:BJXhIUuRAL7fIgBJ6oomVuuz6NmT/RjO
                                  MD5:153F09AD24BC7304C07353233470118D
                                  SHA1:38A3A24E84BE1AAAB058053ED2F9F2CF3F1C1F3C
                                  SHA-256:2545727A05D0982A2247287403B6886D46344BC5C22101263D40969C63DE577E
                                  SHA-512:C10EEA9FDB42ED878DC8E1EC4A8B2B1E6E137949A71DF430A76507786EB86B611F62AD7B26E6A7DAF4420C826D768A8E4899FD4995C97D4BE7564A86835FE313
                                  Malicious:false
                                  Reputation:low
                                  Preview:19:04:31.528.INFO.Signaling force websocket stop..19:04:31.550.ERROR.Socket unable to read..19:04:31.550.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:04:31.550.ERROR.WebSocket connection error getscreen.me/signal/agent..19:06:37.309.INFO.Signaling force websocket stop..19:08:43.073.INFO.Signaling force websocket stop..19:10:48.830.INFO.Signaling force websocket stop..19:12:54.587.INFO.Signaling force websocket stop..19:13:07.943.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:14:51.440.INFO.Socket connected to getscreen.me:443..19:15:13.143.INFO.Signaling force websocket stop..19:15:13.143.ERROR.Socket unable to read..19:15:13.143.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:15:13.143.ERROR.WebSocket connection error getscreen.me/signal/agent..19:17:

                                  C:\ProgramData\Getscreen.me\logs\20240920.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):25929
                                  Entropy (8bit):5.0124745838546785
                                  Encrypted:false
                                  SSDEEP:192:FPz5Y3TiujKXmDMFu23UGj978CH3DO5ux12efaIOlsnvHrj49a8GXJVfNbe47DiQ:Tu+lzB9hXh
                                  MD5:62AB9AAAA1FA6A859C48D57A52816F98
                                  SHA1:B11408310074DDEBDAE1F2C9EDAF2A5897538C3A
                                  SHA-256:01635A0105F6E598323208CA5368771DB51F1134E394C2FE78C03C19AD3F9FB9
                                  SHA-512:11501E3C72997EDAE86BAFC6748365BCA5ECA6B9624E38C87D99C350ABBD3AC72F71F9633FBDA75A9594CDA1CBA13F0A89A12D7F74DC6AF5DF2840C4819B19C5
                                  Malicious:false
                                  Reputation:low
                                  Preview:08:42:22.458.INFO.Signaling force websocket stop..08:42:22.508.ERROR.Socket unable to read..08:42:22.508.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:42:22.508.ERROR.WebSocket connection error getscreen.me/signal/agent..08:43:44.896.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:43:44.932.INFO.Socket connected to getscreen.me:443..08:45:47.014.INFO.Signaling force websocket stop..08:45:47.015.ERROR.Socket unable to read..08:45:47.015.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:45:47.015.ERROR.WebSocket connection error getscreen.me/signal/agent..08:46:12.676.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:46:12.715.INFO.Socket connected to getscreen.me:443..08:48:15.305.INFO.Signaling force websocket stop..08:48:15.306.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20240921.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):129522
                                  Entropy (8bit):5.017660999011933
                                  Encrypted:false
                                  SSDEEP:1536:7SreLRBPLQnClneoPldIpbrL9hFfi0Sn+Qtws:+eLRBPcjoP3sXJ+n+s
                                  MD5:356F762CDC713E672E2607B20E347696
                                  SHA1:D5AE550B6E193236FE205113F751C17C0163EF3A
                                  SHA-256:E12EF57CD82A75FFE4CE32C6F892C36D2729B64F05F10CB31D1D974E1400FC45
                                  SHA-512:E01A2CB29BCDB2051C8B52AC67A71D79B7EF0A98A5985902BCD7B0447678ABDAC88B6B6E136D8B6C256BF821A98ACB1C41C14493BE592B14CD051E5E18677C6F
                                  Malicious:false
                                  Preview:14:34:34.702.INFO.Signaling force websocket stop..14:34:34.707.ERROR.Socket unable to read..14:34:34.708.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:34:34.708.ERROR.WebSocket connection error getscreen.me/signal/agent..14:36:40.490.INFO.Signaling force websocket stop..14:37:36.476.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:37:43.868.INFO.Socket connected to getscreen.me:443..14:39:41.686.INFO.Signaling force websocket stop..14:39:41.687.ERROR.Socket unable to read..14:39:41.687.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:39:50.213.ERROR.WebSocket connection error getscreen.me/signal/agent..14:41:47.460.INFO.Signaling force websocket stop..14:43:00.892.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:43:02.475.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20240923.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):38521
                                  Entropy (8bit):5.007763842187191
                                  Encrypted:false
                                  SSDEEP:192:wdtv2EoXefPO9F02CGNN3AgUaqwmfAZZ0HiDJXiRwOYF1YTHJ+WXV/C9moBh+3z+:r02FN3dD9AV/vrXaN4twxYD7E+0
                                  MD5:FE85966F4E7F07CDC69C45C949731EF4
                                  SHA1:D29D7A0AB1C7833C50E3480657234BD58C8C97C5
                                  SHA-256:092D92CD672EC433CC6F6C4767A694E0210FB6073C197176E4B0B523DE637BE7
                                  SHA-512:C44E23B4BFD2BD786E664AF2326038446DDCC3E07F1E17BAF38EC451D1570C8249D235B830DDF1EECAF76CC3884BEAB31AECA2EF1A1CAF5E075ADB69D919F301
                                  Malicious:false
                                  Preview:21:51:03.525.INFO.Signaling force websocket stop..21:51:03.543.INFO.Socket connected to getscreen.me:443..21:51:03.617.ERROR.Socket unable to read..21:51:03.617.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:51:03.617.ERROR.WebSocket connection error getscreen.me/signal/agent..21:53:09.383.INFO.Signaling force websocket stop..21:55:15.159.INFO.Signaling force websocket stop..21:55:33.559.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:55:35.915.INFO.Socket connected to getscreen.me:443..21:57:37.999.INFO.Signaling force websocket stop..21:57:37.999.ERROR.Socket unable to read..21:57:37.999.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:57:37.999.ERROR.WebSocket connection error getscreen.me/signal/agent..21:59:40.786.INFO.Signaling force websocket sto

                                  C:\ProgramData\Getscreen.me\logs\20240926.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):129751
                                  Entropy (8bit):5.015451102476628
                                  Encrypted:false
                                  SSDEEP:768:pff7IDWwSc55hcA6FtwlNbuusLdxy7ns5wbEmt3pQpk4/d8+G3F+cU4hS7u/XQb:pf7e95536FJyC8QpB/d8+G3F+cU4hCb
                                  MD5:5CF2ACA6975800FC05FEC1EC23F3A95C
                                  SHA1:F47414173D9C21684ADAD41ECA0573DD8D6757BB
                                  SHA-256:31962F913E5FC13709435DAB0CF11153D5C573139B98D38E715076B58106DA6D
                                  SHA-512:D10A50F4BBC3EEF66CB7E0A4E0400C9295BCA016FCB285E01E0D4D956AA5FDA69C020E3A7D622B8D89795917CC6606439CFB891EB67F1359CACB06B133E3FDC4
                                  Malicious:false
                                  Preview:09:13:57.877.INFO.Signaling force websocket stop..09:16:38.456.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:16:49.726.INFO.Socket connected to getscreen.me:443..09:18:43.669.INFO.Signaling force websocket stop..09:18:43.669.ERROR.Socket unable to read..09:18:43.669.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:18:43.669.ERROR.WebSocket connection error getscreen.me/signal/agent..09:20:49.445.INFO.Signaling force websocket stop..09:22:16.435.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:22:16.855.INFO.Socket connected to getscreen.me:443..09:24:20.486.INFO.Signaling force websocket stop..09:24:20.487.ERROR.Socket unable to read..09:24:20.487.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:24:20.487.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20240928.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):44409
                                  Entropy (8bit):5.016095442351245
                                  Encrypted:false
                                  SSDEEP:384:jmYE23Yq7/uaROstf2iFDQ+IrQ5yYei+BR7jS:jmYSBceiFDQu5yYei+BR7jS
                                  MD5:AED50B8337E71E0BDAFF6559D6BE70BA
                                  SHA1:BE9FDB95D54D91F00E5002AB8CFCDC1E5AB15056
                                  SHA-256:273C814AC9EEE52108B057DCA9CEBA09ABB679BEF15BD8971E0CE3BBD0F4BEE9
                                  SHA-512:DF58ACAF5FF29310165244B2E9312E1EF3EB8354B4F2190D27285FCF7751783819C71EAB2DF1611398C25FC8E2CEE6D7740C8E37B95F222AE866AD796D58B4F4
                                  Malicious:false
                                  Preview:16:34:26.597.INFO.Signaling force websocket stop..16:34:26.639.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:35:40.225.INFO.Socket connected to getscreen.me:443..16:36:30.608.INFO.Signaling force websocket stop..16:36:30.609.ERROR.Socket unable to read..16:36:30.609.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:36:30.609.ERROR.WebSocket connection error getscreen.me/signal/agent..16:38:36.393.INFO.Signaling force websocket stop..16:39:10.100.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:39:17.499.INFO.Socket connected to getscreen.me:443..16:41:14.155.INFO.Signaling force websocket stop..16:41:14.141.ERROR.Socket unable to read..16:41:14.142.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:41:14.142.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20240929.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):47192
                                  Entropy (8bit):5.01436006753273
                                  Encrypted:false
                                  SSDEEP:384:/KPlBou5QnRB+iUrllCpFP+PsivcytCwWX9:/Q5YRBjUrllCpFP+0ivrtDG9
                                  MD5:4B8AC5836D064AD4F609E5B7A34E338A
                                  SHA1:10BFCD9231264105B56A49EC82B18E8DAB70E79F
                                  SHA-256:ACB82D0C632FA162625464E399248D1E6F85941086F8657D9441663CBB58C9EA
                                  SHA-512:10507AA153966BCB2B37DB42773DD23BF16C0692AC47E181F92FBAEB672010BAA4F61510FC3255F6A786F6ACD79FC77D084E5C12394008DC0FCBDCD01548A43C
                                  Malicious:false
                                  Preview:02:32:46.817.INFO.Signaling force websocket stop..02:32:46.828.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:32:48.820.INFO.Socket connected to getscreen.me:443..02:34:49.084.INFO.Signaling force websocket stop..02:34:49.085.ERROR.Socket unable to read..02:34:49.085.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:34:49.085.ERROR.WebSocket connection error getscreen.me/signal/agent..02:36:54.845.INFO.Signaling force websocket stop..02:39:00.616.INFO.Signaling force websocket stop..02:41:06.376.INFO.Signaling force websocket stop..02:41:20.506.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:42:22.153.INFO.Socket connected to getscreen.me:443..02:43:24.935.INFO.Signaling force websocket stop..02:43:24.935.ERROR.Socket unable to read..02:43:24.935.ERROR.SSL handshake error: error:0000

                                  C:\ProgramData\Getscreen.me\logs\20241001.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):127981
                                  Entropy (8bit):5.017545154092892
                                  Encrypted:false
                                  SSDEEP:768:TnYk/zbjAO/yjvLQG2F0LFNDq9x5mrIzqZRo9sVDpIBR:TYk4QG2F0LFwxE0zqZRoD/
                                  MD5:774010019D5A716335C237EED3AB50DC
                                  SHA1:420AB9D277BB24856BB58712115B4942BE0AE4F2
                                  SHA-256:B2958D88CF80A06EB55D040A9547E198694D56D5DD95504DF4F00A9B90E495AF
                                  SHA-512:DDFA2D89A6F70C97731BAF26682D075B559C4462915E0B17BE4EEFBB7D732B075BFB7760F2CCB3F98603C2B6B3820D788F61DC75496747F559A0AC188CF02C9E
                                  Malicious:false
                                  Preview:17:38:19.537.INFO.Signaling force websocket stop..17:38:19.539.INFO.Socket connected to getscreen.me:443..17:38:20.524.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:38:21.299.ERROR.WebSocket connection error getscreen.me/signal/agent..17:40:25.330.INFO.Signaling force websocket stop..17:42:31.091.INFO.Signaling force websocket stop..17:43:03.631.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:44:05.588.INFO.Socket connected to getscreen.me:443..17:45:07.597.INFO.Signaling force websocket stop..17:45:07.598.ERROR.Socket unable to read..17:45:07.598.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:45:12.249.ERROR.WebSocket connection error getscreen.me/signal/agent..17:47:13.370.INFO.Signaling force websocket stop..17:49:19.131.INFO.Signaling force websocke

                                  C:\ProgramData\Getscreen.me\logs\20241002.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):195794
                                  Entropy (8bit):5.016899651296677
                                  Encrypted:false
                                  SSDEEP:3072:ylb2/rJJOvXLOvAVF0YHD/gU/HgeA7QV1:vOqvY71
                                  MD5:41013ECE362CCF93EF0B6D3EC20353D2
                                  SHA1:AC53942F8F0C4191C6D157843CAA17790DF421B8
                                  SHA-256:F9578C6F5B9B5A8B6A74928C0CDA7C2223C6EC620A5D913BF7920962D31E6B25
                                  SHA-512:3201D3834BE0ED5BDF194EBE62AC773994F78FBAFAF7324E4078DB72BE02D8255DE2B4E7E88E3FAA63BB3A3E850969C01E9E49EC93384BEFD21F351DA189B2EC
                                  Malicious:false
                                  Preview:22:03:47.014.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:03:56.152.INFO.Signaling force websocket stop..22:04:32.439.INFO.Socket connected to getscreen.me:443..22:06:01.961.INFO.Signaling force websocket stop..22:06:01.961.ERROR.Socket unable to read..22:06:01.961.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:06:01.961.ERROR.WebSocket connection error getscreen.me/signal/agent..22:08:04.354.INFO.Signaling force websocket stop..22:10:10.112.INFO.Signaling force websocket stop..22:11:29.367.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:11:49.163.INFO.Socket connected to getscreen.me:443..22:13:34.783.INFO.Signaling force websocket stop..22:13:34.783.ERROR.Socket unable to read..22:13:34.783.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20241003.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):14857
                                  Entropy (8bit):5.011259066065289
                                  Encrypted:false
                                  SSDEEP:192:XCiQQZ24h8vU2UNiuuncfL+Fb5e/cHjwihtSsav3/WP3PRRRrpFKbIFI+AendsUH:F1+Fb5PZd
                                  MD5:FD06FC86EDCBBD2E5DBE06B2D94C2982
                                  SHA1:60C7A0B5E49256DABC254D9F89412B1613C47814
                                  SHA-256:98BD25111729A92F977FEB32D84BD449A63579D50DE28E90FC7A438DE6119010
                                  SHA-512:ABA80F8B0E36B4F69F84BBD1E35F9AE5CF9DE0EA81A759362D168985C9987EE966AFF71F9947A2D4C32B3EB835CB1EEE7DC1D1ECF8340ED43814A8674BC71CE0
                                  Malicious:false
                                  Preview:20:35:45.455.INFO.Signaling force websocket stop..20:35:45.469.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:37:01.264.INFO.Socket connected to getscreen.me:443..20:37:51.258.INFO.Signaling force websocket stop..20:37:51.258.ERROR.Socket unable to read..20:37:51.258.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:37:51.258.ERROR.WebSocket connection error getscreen.me/signal/agent..20:39:57.027.INFO.Signaling force websocket stop..20:42:02.787.INFO.Signaling force websocket stop..20:44:08.544.INFO.Signaling force websocket stop..20:44:20.156.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:45:13.477.INFO.Socket connected to getscreen.me:443..20:46:24.979.INFO.Signaling force websocket stop..20:46:24.979.ERROR.Socket unable to read..20:46:24.979.ERROR.SSL handshake error: error:0000

                                  C:\ProgramData\Getscreen.me\logs\20241005.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):57412
                                  Entropy (8bit):5.0167480446311545
                                  Encrypted:false
                                  SSDEEP:192:32yGj2RNs7OU52zF54XkK/ejAVs25b8Gqg9+YbzsHpShSVEH9yYpaZyhbYbooJeG:mKiNOYTw+9ZF3Cc3YQfx7tZOkCljd
                                  MD5:B69767A135FB66912F39B302D0C6D223
                                  SHA1:CCE9D13BD4B169D7B6234F9A30CC11C39A997FB0
                                  SHA-256:2AE1403DAC9A569ADE0F8FDD85F9EB4F8DA1A1299F9EE24FA2AD4D7A2B130F65
                                  SHA-512:C41FE2ACB220D9754936E2CF6493CB62D5B4D299F8D5CB123B940B9D92D396978C57AE4727002033F68412CCE6D664383C0439EA88DFB8E501BFCAE0A3AB97B6
                                  Malicious:false
                                  Preview:02:49:17.903.INFO.Signaling force websocket stop..02:51:23.677.INFO.Signaling force websocket stop..02:51:30.832.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:51:32.029.INFO.Socket connected to getscreen.me:443..02:53:35.851.INFO.Signaling force websocket stop..02:53:35.852.ERROR.Socket unable to read..02:53:35.852.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:53:35.852.ERROR.WebSocket connection error getscreen.me/signal/agent..02:55:41.629.INFO.Signaling force websocket stop..02:57:15.987.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:58:16.200.INFO.Socket connected to getscreen.me:443..02:59:19.960.INFO.Signaling force websocket stop..02:59:19.961.ERROR.Socket unable to read..02:59:19.961.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20241007.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF, CR line terminators
                                  Category:dropped
                                  Size (bytes):74812
                                  Entropy (8bit):5.016450653810547
                                  Encrypted:false
                                  SSDEEP:384:51tjMABpN5ChhUffvEXpVoJzM6UoCcGpEEqWcESWwKINEuaotA/nO545R:58phUffvEXpeJMo8cN+INEuakcnx5R
                                  MD5:5AE13751330A55D939234FD7427D236F
                                  SHA1:E0CF28DC1C7A96600632CD73261F248B23A0278A
                                  SHA-256:AB1E6C947398D4D23C2DEF7C5BB5438A1F44ACD0F027737913065742C0504592
                                  SHA-512:B00F3E4E9E581154AAE6E401D18B8BBAFE16014E413CDA310B0AA94B611B4BAD7FA2BF05D2FF4FB28DA5C1FD0BD0DFE866E3A858DBF0DED25AB336A3EDFA0A9B
                                  Malicious:false
                                  Preview:18:34:12.488.INFO.Signaling force websocket stop..18:36:18.288.INFO.Signaling force websocket stop..18:38:24.063.INFO.Signaling force websocket stop..18:40:29.821.INFO.Signaling force websocket stop..18:43:13.875.INFO.Signaling force websocket stop..18:44:21.890.INFO.Socket connected to getscreen.me:443..18:45:19.634.INFO.Signaling force websocket stop..18:45:19.634.ERROR.Socket unable to read..18:45:19.634.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:45:19.634.ERROR.WebSocket connection error getscreen.me/signal/agent..18:47:25.406.INFO.Signaling force websocket stop..18:49:31.165.INFO.Signaling force websocket stop..18:51:22.959.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:51:36.749.INFO.Socket connected to getscreen.me:443..18:53:27.784.INFO.Signaling force websocket stop..18:53:27.784.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20241010.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):30077
                                  Entropy (8bit):5.023760931858177
                                  Encrypted:false
                                  SSDEEP:192:Jt9sxslsAc8LDplfy2g6f6OTISE0RbmRRdOY942t0w4qBriLaT+4qtdpWi38CpkD:DmB9423BrBkz/vxi
                                  MD5:2B16575727B3B9594EF53E8DAC645380
                                  SHA1:A6B2C546C03D60CC45CCA4F898AED6C617344845
                                  SHA-256:B40DFE40A61A3A3747F304E11F80F8A0284DCE748DD1721C2C8BA9DA5E64065B
                                  SHA-512:C712ECB58302D19E4A790B384259A9267EF7F134477E5BF1490FF6E9C0F1A2D332F6206DAE932E17F5FE675B1CCDED3FB27A4C8FD1E4B260D75DAB5BC70090FB
                                  Malicious:false
                                  Preview:15:00:33.438.INFO.Signaling force websocket stop..15:00:33.451.INFO.Socket connected to getscreen.me:443..15:00:33.462.ERROR.Socket unable to read..15:00:33.462.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:00:33.462.ERROR.WebSocket connection error getscreen.me/signal/agent..15:02:39.260.INFO.Signaling force websocket stop..15:02:57.850.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:03:04.859.INFO.Socket connected to getscreen.me:443..15:05:02.093.INFO.Signaling force websocket stop..15:05:02.093.ERROR.Socket unable to read..15:05:02.093.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:05:09.358.ERROR.WebSocket connection error getscreen.me/signal/agent..15:07:07.868.INFO.Signaling force websocket stop..15:09:13.631.INFO.Signaling force websocket sto

                                  C:\ProgramData\Getscreen.me\logs\20241012.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):89974
                                  Entropy (8bit):5.017165858197507
                                  Encrypted:false
                                  SSDEEP:768:Lq4LlTFcR4LBo0kqcXzQ+bRozMziOAoqS:eOBo0kPXzQ+bkMYoqS
                                  MD5:F3FFE4F57A46E8682BE996A49003DC47
                                  SHA1:6A443AC45DE1BBD33A51F3417483350F51BC89A9
                                  SHA-256:B930B76608150A1631E68B8865D930A6438831293E59761FAFF142B77BD04952
                                  SHA-512:5B1A58169FFFC94A0795AE4CBBFE5CF3BFEDF4F682EDCE0C431769F641919BAC706958B370FE26A4D754629026B2076223C28DD2181AE18B464A869151370484
                                  Malicious:false
                                  Preview:00:37:55.956.INFO.Signaling force websocket stop..00:39:40.412.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:41:46.231.INFO.Signaling force websocket stop..00:43:51.994.INFO.Signaling force websocket stop..00:45:55.555.INFO.Signaling force websocket stop..00:48:01.317.INFO.Signaling force websocket stop..00:50:07.093.INFO.Signaling force websocket stop..00:52:12.851.INFO.Signaling force websocket stop..00:54:06.103.INFO.Socket connected to getscreen.me:443..00:54:18.701.INFO.Signaling force websocket stop..00:54:18.701.ERROR.Socket unable to read..00:54:18.701.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:54:25.096.ERROR.WebSocket connection error getscreen.me/signal/agent..00:56:24.463.INFO.Signaling force websocket stop..00:58:30.235.INFO.Signaling force websocket stop..01:00:35.994.INFO.Signaling for

                                  C:\ProgramData\Getscreen.me\logs\20241014.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3865
                                  Entropy (8bit):4.975354005248678
                                  Encrypted:false
                                  SSDEEP:48:gDvnSD2jb5rDNf1AsdUeDwDI8o/qTTDb5hQAlDGT2TDxu9pnaEJDlkzd3:UVjbbfes4oif5hB4Teu9pVrkzp
                                  MD5:3F028B4D392F8BB857D44472581DFC61
                                  SHA1:C87B1A367B6BABEDEA7F234651FE681FAD2F9E32
                                  SHA-256:4E730C396A300D9F2071202D1A445D8A152755E3E3564DBE603851D154AD0DF2
                                  SHA-512:FF2C27A35AC9B6B34C768DC77E2E328B099CFC112FEDE792341E525411226B295C1BBEBE4C12DD3F310C3343893D154114BEA02CE68F64177A3FB8C9728E69B5
                                  Malicious:false
                                  Preview:00:18:51.592.INFO.Signaling force websocket stop..00:19:13.016.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:19:55.187.INFO.Socket connected to getscreen.me:443..00:21:31.360.INFO.Signaling force websocket stop..00:21:31.441.ERROR.Socket unable to read..00:21:31.481.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:21:31.481.ERROR.WebSocket connection error getscreen.me/signal/agent..00:23:43.744.INFO.Signaling force websocket stop..00:25:56.120.INFO.Signaling force websocket stop..00:27:33.931.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:27:46.557.INFO.Socket connected to getscreen.me:443..00:29:44.831.INFO.Signaling force websocket stop..00:29:45.142.ERROR.Socket unable to read..00:29:45.142.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20241017.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.974440850110664
                                  Encrypted:false
                                  SSDEEP:12:pd133L133BQj8P40T1d5jmSChhr2tvvTPQj8P40U7U5T:pdJ7JxDAiBiSGhitvbPDAZ7AT
                                  MD5:D565091305912271CAC60D68C86AC6F4
                                  SHA1:DEA7AAFC65D3AF5EA41F734B8AB877C1AD371957
                                  SHA-256:E4A3EA931A8EF1D02A1DDFF7D7EB770A3E03EA97C1AC4170E7F32B94CBF20469
                                  SHA-512:42EA9E300396FDA8D347C548266AA244B0289114912EC2B30A7C5E4DE9A40F9DC35CAC2E5F995D72EC4B315E19DC4A3F0D68BA6549C4264E4A6C0515A0E4FE85
                                  Malicious:false
                                  Preview:04:17:53.250.INFO.Signaling force websocket stop..04:17:56.810.ERROR.Socket unable to read..04:17:56.810.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:17:56.811.ERROR.WebSocket connection error getscreen.me/signal/agent..04:20:15.480.INFO.Signaling force websocket stop..04:20:15.518.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:20:17.014.INFO.Socket connected to getscreen.me:443..04:22:46.548.INFO.Signaling force websocket stop..04:22:46.680.ERROR.Socket unable to read..04:22:46.680.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:22:47.118.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241019.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:SWd+RU5WXXINF+WgIO0/Vyn:SWYUIXXIX+WgIJUn
                                  MD5:94201B7749945F4643367A28C1AD4DD2
                                  SHA1:544CC0DEC7176E9E23935C2EB338437E2C11AAF3
                                  SHA-256:F450BBC714149CF5F7DCAE5D4C44664792EA1148B023FAFEF316F00F895E0599
                                  SHA-512:F2047DB4CADB2C8ED8CF95ECE8752AC8A5E60DCC49147572BBF6308FDB2218F77437E9147C5639BAE673F53AB7EF97EAEBD1CA02259EEE2C7B8ABFB4E72E8E4A
                                  Malicious:false
                                  Preview:07:38:21.841.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20241021.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):148
                                  Entropy (8bit):4.64677302345625
                                  Encrypted:false
                                  SSDEEP:3:MfMeT0jmXINFDhL1JDEELD8KruL8RoUWN3qXdzvRWAAEzRWovn:MQmXIXNLD4EQzAYNaXdzvRWl8Rvvn
                                  MD5:D991E74443AE99EF3EA849B255562809
                                  SHA1:305851F628A767CD80EB05007E991FECE3D29151
                                  SHA-256:39BD1A024B9473D9EA8F1327FCEA63A13141BE333742DD6B215BD677AFF7D077
                                  SHA-512:F4C5A5216E151988DC40F94D7751149CB402B65AA3322398DD7962F2A59705D5CE4CCF3505BF337E23F79ED09897BC55CFBF374DE0A15CAC3B750F2AF6DC64BE
                                  Malicious:false
                                  Preview:10:53:55.629.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:54:14.913.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241023.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5038
                                  Entropy (8bit):4.99734444628648
                                  Encrypted:false
                                  SSDEEP:96:bIhM0EsWJcaYi3JUOn2dBuZbydg7Og3FcJMDlg:bIJWJcaYi3JUO2dBuZbydg7Og3FcJMDG
                                  MD5:E8E7CF4BF4675E93CE09C9EC18559A22
                                  SHA1:812C0D13E7C1A4D9493E11ED2A920D3F215EC289
                                  SHA-256:6B72B896266AA018804757FA7323E7EC8DFF18A9AB0BD67651C2F9791E728472
                                  SHA-512:A19EB0C944DC256231B93684B2F9821C06F1E02DD35D6EB928747F190B23467EC737400899FAFF738016693BCD22BEBC3096BF57DF17BE880EAA7642B00981E0
                                  Malicious:false
                                  Preview:14:09:18.100.INFO.Signaling force websocket stop..14:09:20.902.ERROR.Socket unable to read..14:09:20.952.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:09:20.953.ERROR.WebSocket connection error getscreen.me/signal/agent..14:11:39.677.INFO.Signaling force websocket stop..14:12:43.158.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:12:51.937.INFO.Socket connected to getscreen.me:443..14:15:01.611.INFO.Signaling force websocket stop..14:15:01.962.ERROR.Socket unable to read..14:15:01.982.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:15:04.985.ERROR.WebSocket connection error getscreen.me/signal/agent..14:17:30.518.INFO.Signaling force websocket stop..14:18:37.217.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:18:41.937.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20241025.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6471
                                  Entropy (8bit):5.012137312925322
                                  Encrypted:false
                                  SSDEEP:96:ftbfYk2O/DUeiNHAM3ecDswHk52owsMCmuGBaJeK:ftbfYk2O/DUeUecDsUkldMCmuGBaJeK
                                  MD5:E323CC2FC8686E330A49DD3F1A01D0FA
                                  SHA1:D11AC89BF684905EAA3A47A5C8F4C50987D14F3B
                                  SHA-256:0C64788B22AE4909374CFE0CA609DA39DC63EEAEE58AD44CE745B75B140E8132
                                  SHA-512:0B064A5581BAE96E8D772AC94CBE6720883FBB3AA0866D1DD4C21A487677C1FF7D176A3536E296FDE1508C776AA63278DF1F9147385EFF8DA60F2851276206C5
                                  Malicious:false
                                  Preview:18:13:17.022.INFO.Signaling force websocket stop..18:13:44.448.ERROR.Socket unable to read..18:13:44.448.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:13:44.448.ERROR.WebSocket connection error getscreen.me/signal/agent..18:15:28.001.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:15:32.104.INFO.Socket connected to getscreen.me:443..18:17:38.179.INFO.Signaling force websocket stop..18:17:38.370.ERROR.Socket unable to read..18:17:38.380.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:17:38.380.ERROR.WebSocket connection error getscreen.me/signal/agent..18:19:43.491.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:19:46.271.INFO.Socket connected to getscreen.me:443..18:22:01.482.INFO.Signaling force websocket stop..18:22:01.723.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20241027.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5976
                                  Entropy (8bit):4.998869862060838
                                  Encrypted:false
                                  SSDEEP:96:mCafa5+Nx4OYtRV3AFcCavzvgng1giCe1OUT2jmZLbx+KT:5afa52x4OYtRV3AFcCavz4gqiCe1ONmH
                                  MD5:5CDDAEB5131350DC2854C941C2BFBAF1
                                  SHA1:0C42F0ADAD1EE0B8BAB68C000DE256A65DC3C7A0
                                  SHA-256:27DD2258C1A2DF45E66F094F6BD0BC830153DFADAE8D86B0A8EDBAC53D74114C
                                  SHA-512:B607A6CBA45D917787DF2E7F50754871DB331D678E1B427684DD19A9AE1E3D6D473F6F492A6EC2992FCEE4DA657A2193E5710B1F3FC8B2097C7FDD937CE312F4
                                  Malicious:false
                                  Preview:22:37:03.283.INFO.Signaling force websocket stop..22:37:13.538.ERROR.Socket unable to read..22:37:13.539.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:37:13.539.ERROR.WebSocket connection error getscreen.me/signal/agent..22:39:31.946.INFO.Signaling force websocket stop..22:39:48.579.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:40:23.813.INFO.Socket connected to getscreen.me:443..22:42:07.184.INFO.Signaling force websocket stop..22:42:07.535.ERROR.Socket unable to read..22:42:07.535.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:42:10.102.ERROR.WebSocket connection error getscreen.me/signal/agent..22:44:26.078.INFO.Signaling force websocket stop..22:45:38.423.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:46:44.021.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20241029.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1948
                                  Entropy (8bit):4.969056225063269
                                  Encrypted:false
                                  SSDEEP:24:OG2yGRtv/nDANPNmG4TR2tvMWTJDA5T6XXgGQtvbeDAVXGPN2tvb+DAqT:OGOzXD8PNf4TRaTDNXNAaDs24CDXT
                                  MD5:D2E0B360F300AEBDC648058D2DAD88C8
                                  SHA1:A0D00B7C403465E77FBAA4F961318154C930E829
                                  SHA-256:E291405F451582339A1BAB7DB2AC961FC5D874870D5CB3B215B596883450EB2D
                                  SHA-512:94EFF167212803A55E031D936CBED77DC0582DE6BFB77CE9A4C529E8047BE076DE8B72E6565794616DEAD3AF1FABB6D5B271BC620D50BB9F443B055B43C59E59
                                  Malicious:false
                                  Preview:03:00:53.306.INFO.Signaling force websocket stop..03:01:13.345.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:01:16.825.INFO.Socket connected to getscreen.me:443..03:03:30.127.INFO.Signaling force websocket stop..03:03:30.298.ERROR.Socket unable to read..03:03:30.328.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:03:30.328.ERROR.WebSocket connection error getscreen.me/signal/agent..03:05:14.489.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:05:14.526.INFO.Socket connected to getscreen.me:443..03:07:24.235.INFO.Signaling force websocket stop..03:07:24.707.ERROR.Socket unable to read..03:07:25.068.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:07:25.068.ERROR.WebSocket connection error getscreen.me/signal/agent..03:09:43.783.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20241101.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3417
                                  Entropy (8bit):4.9843226002802545
                                  Encrypted:false
                                  SSDEEP:48:q+D0LafD1zIID4Jo3D1jdaDDYZ65e4tmt6DVttHrTDmymZD3YB3:rD0KzIJUjFZUe4oWrHqySYd
                                  MD5:342157DA147B166ADA00190ACFD163B5
                                  SHA1:761793CC3F5EEECAB827D6AD36293F74B9E65871
                                  SHA-256:B6A18DD1D89647A56635DE7E5D6C5618455F1B87D1133AD5B8F4F993A197F944
                                  SHA-512:E6A2C68587A1BC364EFB3F63BB0C8F90CB89BC445D7840BF25AEBFF1BBD431D8EC3936826726E909801E770AB2A6584A9BBFECA56123BEAC242493EFBDE65742
                                  Malicious:false
                                  Preview:06:32:17.716.INFO.Signaling force websocket stop..06:33:30.135.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:33:33.796.INFO.Socket connected to getscreen.me:443..06:35:47.945.INFO.Signaling force websocket stop..06:35:48.056.ERROR.Socket unable to read..06:35:48.056.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:35:48.056.ERROR.WebSocket connection error getscreen.me/signal/agent..06:37:22.963.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:37:22.980.INFO.Socket connected to getscreen.me:443..06:39:31.999.INFO.Signaling force websocket stop..06:39:32.080.ERROR.Socket unable to read..06:39:32.612.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:39:32.612.ERROR.WebSocket connection error getscreen.me/signal/agent..06:40:51.709.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20241103.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6547
                                  Entropy (8bit):4.9894771017672515
                                  Encrypted:false
                                  SSDEEP:192:G+9S9Yje9ceJ/A2KVjuqjaxdj42oMZwDGv:nDVq
                                  MD5:70856FBACCB0988F950F1C837BA336AD
                                  SHA1:1B9AFEE7892877407AB6995966AA922DE10B0882
                                  SHA-256:ED04BA14769DD8ED1A85FC5138177EBF52B1FB991D49F70BAA7A4A468A0956B7
                                  SHA-512:A2F5716E30AEA2349332F56A8392E54EC0F1FE3458D657DD4DBFA97613131A2DA9E7863299C3FFFE215000F8A8D45E86717A8AAFC37DA59B1F1269331AEFC676
                                  Malicious:false
                                  Preview:10:14:10.189.INFO.Signaling force websocket stop..10:14:12.632.ERROR.Socket unable to read..10:14:12.652.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:14:12.652.ERROR.WebSocket connection error getscreen.me/signal/agent..10:15:42.501.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:15:42.760.INFO.Socket connected to getscreen.me:443..10:17:51.148.INFO.Signaling force websocket stop..10:17:51.221.ERROR.Socket unable to read..10:17:51.221.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:17:51.221.ERROR.WebSocket connection error getscreen.me/signal/agent..10:19:18.706.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:19:19.581.INFO.Socket connected to getscreen.me:443..10:21:37.085.INFO.Signaling force websocket stop..10:21:37.196.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20241105.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.979257117603445
                                  Encrypted:false
                                  SSDEEP:12:II0ss2KPCh4tvvBcZXKQjQj8P408H5FCh2tvvbgKSKnRQj8P40fnq5T:fGG4tvAJDA1FG2tvjgRKnRDA2nCT
                                  MD5:DC15D069CEFD49A0A22DD41F0AD0F5B4
                                  SHA1:9092F0A8E4361A3F5CD6D034362DBD9C56BF642B
                                  SHA-256:705E20CFF9A4E0472758DD598581489E652956BF629FC1DC0CA732CC07C4F6B9
                                  SHA-512:1F4E02EBE78F773ED1190ADAB207D0E146C56EF78BA7AEB31BA1EC6F6063CC912275A176B5E38075AD09587E9778EE41A7590CC909CDC39AAC9A845E7121CAAD
                                  Malicious:false
                                  Preview:14:43:52.264.INFO.Signaling force websocket stop..14:43:52.265.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:44:25.373.INFO.Socket connected to getscreen.me:443..14:46:38.891.INFO.Signaling force websocket stop..14:46:39.333.ERROR.Socket unable to read..14:46:39.393.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:46:39.403.ERROR.WebSocket connection error getscreen.me/signal/agent..14:49:46.300.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:49:46.500.INFO.Socket connected to getscreen.me:443..14:52:04.998.INFO.Signaling force websocket stop..14:52:06.302.ERROR.Socket unable to read..14:52:06.604.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:52:06.604.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241107.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):9617
                                  Entropy (8bit):5.019679341552386
                                  Encrypted:false
                                  SSDEEP:192:qJhwXz/H4jGSH/ZA9IH2luANNnj70a3gWtA2DcSGqoegT:lLXC
                                  MD5:7BE0D970EB4988D2F4F2C3EEAA82B686
                                  SHA1:7D36AA44A38A3E53073867AE4372A7D4A7265B5E
                                  SHA-256:71CF2BBB92396D777351949609D70782D8DF5D721E8B9A8F00A4CBF299F6C204
                                  SHA-512:37C196666F5742D6FF8E2457A1EB1897472F4783A1A218B62B7AE47E1E48C1F86BEBB7D6885158BC40DB6E0D5434A3F0077CC7E37883E719B8D7F845119A5701
                                  Malicious:false
                                  Preview:18:08:35.341.INFO.Signaling force websocket stop..18:08:35.417.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:08:49.685.INFO.Socket connected to getscreen.me:443..18:10:57.723.INFO.Signaling force websocket stop..18:10:58.446.ERROR.Socket unable to read..18:10:58.446.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:10:58.446.ERROR.WebSocket connection error getscreen.me/signal/agent..18:13:11.588.INFO.Signaling force websocket stop..18:13:48.152.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:16:05.392.INFO.Signaling force websocket stop..18:17:33.448.INFO.Socket connected to getscreen.me:443..18:18:24.678.INFO.Signaling force websocket stop..18:18:24.779.ERROR.Socket unable to read..18:18:24.779.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20241109.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2611
                                  Entropy (8bit):4.991060308073967
                                  Encrypted:false
                                  SSDEEP:48:EvBnaO6lUrDSobZ3qDEbYQa2MDtjbCEpBVCgV//VeDNVpb3XXtDTbWq3:EvVNrszPtsrnZ6k
                                  MD5:C2FC538BFE560B4E099949A4CDD2E340
                                  SHA1:AA520871D3EA622710355E7CFDD9FE2BC570CBEE
                                  SHA-256:0324DB2E5554235712DBAFA8711B98932A29B8720BB9C34748A70C0176D243D2
                                  SHA-512:77FCC6561C751A4690C2AEB86FE7C5936111DA991B99C86A33388602473C19C2EC622AD84571040F02BA8C04E99DDE7699A6C2DE59F92385290469345F72F4EC
                                  Malicious:false
                                  Preview:23:12:18.861.INFO.Signaling force websocket stop..23:13:05.215.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:13:05.236.INFO.Socket connected to getscreen.me:443..23:15:13.856.INFO.Signaling force websocket stop..23:15:13.958.ERROR.Socket unable to read..23:15:13.958.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:15:13.958.ERROR.WebSocket connection error getscreen.me/signal/agent..23:16:33.082.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:16:33.107.INFO.Socket connected to getscreen.me:443..23:18:47.395.INFO.Signaling force websocket stop..23:18:47.397.ERROR.Socket unable to read..23:18:47.430.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:18:47.427.ERROR.WebSocket connection error getscreen.me/signal/agent..23:19:45.285.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20241111.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1283
                                  Entropy (8bit):4.989779422401588
                                  Encrypted:false
                                  SSDEEP:24:A2NDA2nZXbmGetvlz+ODA01xXnGOtXBqBwOyvDkT:AsDvZrfyNaOD5HWAx+wOyrkT
                                  MD5:BB7292E4D0ECFCC3804636BD8CCEA008
                                  SHA1:380C8A2E00E4227DE3C995DF9340F88D11357F32
                                  SHA-256:6239AE41EF8BF497A4D87032F41B4C2A3CF295AD1BE7529DF8386073F772882C
                                  SHA-512:CF60A93835742D0CBE5067E639FCABFDED48E22268EB462E8CCD7B1981B8B2C4729A6E2DD627C92A7A354800B10B0EFDEE0A550C8BC64AAEBBDF56FED43AD7BE
                                  Malicious:false
                                  Preview:02:49:51.866.INFO.Signaling force websocket stop..02:49:53.426.ERROR.Socket unable to read..02:49:53.426.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:49:53.426.ERROR.WebSocket connection error getscreen.me/signal/agent..02:52:03.555.INFO.Signaling force websocket stop..02:52:50.444.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:52:57.972.INFO.Socket connected to getscreen.me:443..02:55:09.585.INFO.Signaling force websocket stop..02:55:10.236.ERROR.Socket unable to read..02:55:10.267.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:55:12.802.ERROR.WebSocket connection error getscreen.me/signal/agent..02:57:28.955.INFO.Signaling force websocket stop..02:59:09.884.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:01:28.698.INFO.Signaling f

                                  C:\ProgramData\Getscreen.me\logs\20241114.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2116
                                  Entropy (8bit):4.998400037322965
                                  Encrypted:false
                                  SSDEEP:24:cGFi+GeJtvZcDAAZtkNYGeQtvYT2n6DAAVttxsFGeCWftvqVxDAAyitWyGe0tvpC:v4XWuDbEBeo6Djt3/1W12Dx45PDj1u
                                  MD5:48B7F8EB5955C8942785C0EC6E12DCD8
                                  SHA1:6473C9527AC195AA58717AF154EE2517026264F3
                                  SHA-256:CBC65FCFAFD91B4D63B9D39F2FA9E8E498C4D5F0ED878BE8E96AD8671C262B31
                                  SHA-512:5D7D2FBA81EBCEBDDB55837EE190AD1D436838F1799506F1BD34045F39956559625A24B30AD2CCC11D5AA4C029CF1912114D141FEA16D92519BA6069619B535F
                                  Malicious:false
                                  Preview:06:21:07.643.INFO.Signaling force websocket stop..06:23:02.145.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:23:14.131.INFO.Socket connected to getscreen.me:443..06:25:20.624.INFO.Signaling force websocket stop..06:25:20.685.ERROR.Socket unable to read..06:25:20.695.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:25:20.695.ERROR.WebSocket connection error getscreen.me/signal/agent..06:27:39.258.INFO.Signaling force websocket stop..06:28:40.729.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:28:46.701.INFO.Socket connected to getscreen.me:443..06:30:59.415.INFO.Signaling force websocket stop..06:31:00.206.ERROR.Socket unable to read..06:31:00.236.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:31:00.236.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20241116.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1290
                                  Entropy (8bit):4.979185948215097
                                  Encrypted:false
                                  SSDEEP:24:iAGFUBtv7Q/xDA3xc2GW2tvKmyuDAQUg4GMbAtvMX5:wFUjIxDCSvWaybuDBTVyw0
                                  MD5:1BF9505A4ACA1819CC235C61C21CD009
                                  SHA1:A15EFF030FAC37005A536992C92D19C982AF4194
                                  SHA-256:0D6DA8A5FE3A1D8C3F39ED7A22292D0192421953239782870E9E834466BACEC6
                                  SHA-512:2163BD12773F48F9537CFB5BFECF128456604ECCAF1943F66A699823F78A506B6B55BD675F2A2A3C1D3C6C74644F4DA527D5C977F54DDBCA64674A75230C8970
                                  Malicious:false
                                  Preview:09:59:44.458.INFO.Signaling force websocket stop..10:00:59.012.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:01:11.650.INFO.Socket connected to getscreen.me:443..10:03:18.115.INFO.Signaling force websocket stop..10:03:18.676.ERROR.Socket unable to read..10:03:18.696.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:03:18.706.ERROR.WebSocket connection error getscreen.me/signal/agent..10:05:37.670.INFO.Signaling force websocket stop..10:06:29.766.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:06:36.826.INFO.Socket connected to getscreen.me:443..10:08:47.801.INFO.Signaling force websocket stop..10:08:48.222.ERROR.Socket unable to read..10:08:48.242.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:08:48.242.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20241118.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.966753519148017
                                  Encrypted:false
                                  SSDEEP:12:NJzQj8P40c5zPKT7iChdbtvvPelXKtF2Qj8P40qf56QChh0Xtvvn:NJzDA9zPg7iGdbtvXA3DA3nG+tvv
                                  MD5:AE4DC79C694D46035840802EAD6C676B
                                  SHA1:C6F6BBB7FA0CDD38B517F2A1C7782405317CA7E1
                                  SHA-256:BF13E6460D09721DF061524CE0B5E2B9ED711D2378CB1F571D82CD93706E5286
                                  SHA-512:3DA4FA1A3379CE3CCB965214B45B53E5C1AEF2502E367DCB1BF6FA300E8D5B412668987A09573AAE5E893A1E1DE15AD8D60570AEDE2B0029BC8AE217E962852A
                                  Malicious:false
                                  Preview:13:28:25.720.ERROR.Socket unable to read..13:28:29.043.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:28:29.043.ERROR.WebSocket connection error getscreen.me/signal/agent..13:30:47.630.INFO.Signaling force websocket stop..13:32:08.282.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:32:12.370.INFO.Socket connected to getscreen.me:443..13:34:26.319.INFO.Signaling force websocket stop..13:34:26.380.ERROR.Socket unable to read..13:34:26.380.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:34:26.380.ERROR.WebSocket connection error getscreen.me/signal/agent..13:36:11.581.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:36:13.510.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241120.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):450
                                  Entropy (8bit):5.000497398123102
                                  Encrypted:false
                                  SSDEEP:6:KuGXXIX+WgIJUUmcs3aHMDcxbud2M0CCQP5K0CGcxfDNBQEQisvs2XIX+WgIJUUc:FGXKmcstcx6Qj8P40lcxb5VsvXKqChY
                                  MD5:2602CF8E6A86C6522B11E91EA614247D
                                  SHA1:91D2A3F6CBE8CC81FA93867843CE36C4EE64A148
                                  SHA-256:93EE4E936011208054F68A5FE75D39EA354DB026E697E5B748A924C837338BC9
                                  SHA-512:05FECD96EB29DADAE71C3347C626824B157130C774EED486B98CE32D644D390DFD9B34DE989CDD47C7936F02E391ED507A156414D8BB2CDE1A69346FEE18501C
                                  Malicious:false
                                  Preview:16:51:52.383.INFO.Signaling force websocket stop..16:52:54.533.ERROR.Socket unable to read..16:52:54.553.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:52:54.553.ERROR.WebSocket connection error getscreen.me/signal/agent..16:55:13.267.INFO.Signaling force websocket stop..16:55:52.029.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20241122.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2696
                                  Entropy (8bit):4.979773971001639
                                  Encrypted:false
                                  SSDEEP:48:XRDpxbVnv+JnDpObV9+XNNDpDbVd+FEjKDpYbV/+RJRDpKCbV3+0a3:9h+Wb+9T7+KjB1+7R+B
                                  MD5:171E8ED8D10444713E231380FA7E97F6
                                  SHA1:8A40F507E6DF7F97E26D027690E93AD34DC219D0
                                  SHA-256:4E9DCDE9498F2DBED9096A886BCCE3108E9629148F44914C45DC290CD2C55F9B
                                  SHA-512:5255ED5D3E089E2732C3A28E424C49D2C363B005E296CA13AFBFFAC09615241E8F6DAFB4F05A86043C6620852CE391F10D64A7E0EB330CAD8ABF634FF4D6FA6A
                                  Malicious:false
                                  Preview:20:12:11.731.INFO.Signaling force websocket stop..20:15:41.613.INFO.Signaling force websocket stop..20:16:27.468.INFO.Socket connected to getscreen.me:443..20:18:00.277.INFO.Signaling force websocket stop..20:18:00.297.ERROR.Socket unable to read..20:18:00.297.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:18:00.297.ERROR.WebSocket connection error getscreen.me/signal/agent..20:20:13.226.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:20:23.493.INFO.Socket connected to getscreen.me:443..20:22:30.914.INFO.Signaling force websocket stop..20:22:31.175.ERROR.Socket unable to read..20:22:31.636.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:22:31.646.ERROR.WebSocket connection error getscreen.me/signal/agent..20:24:50.251.INFO.Signaling force websocket sto

                                  C:\ProgramData\Getscreen.me\logs\20241124.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.959064217227818
                                  Encrypted:false
                                  SSDEEP:6:Q8s2XIX+WgIJUGRNDMARNzEud2M0CCQP5K0C5NzADNBQEQ4:QAYRVRVRQj8P40SVq5T
                                  MD5:30887712C715DD55DA867A4F79D7097D
                                  SHA1:2F7976CBFFC1795EE70502687C3041DC7A613560
                                  SHA-256:6684BF9D1851371466D3ECA24E0F3B9FA20C6ADF59445DD150587BBCA65F50CB
                                  SHA-512:AA5C35EFDD8E6AB109D33D41DEE23D0A120336FDD8E1CBD551A7DFC7C228F6A7CF8AD8083C7CF2232A585EBAAA38BABDAE88AC2FC23F04E1DE5E2283E747B22B
                                  Malicious:false
                                  Preview:23:59:52.670.INFO.Signaling force websocket stop..23:59:56.130.ERROR.Socket unable to read..23:59:56.160.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:59:56.160.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241126.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5233
                                  Entropy (8bit):4.988026723771294
                                  Encrypted:false
                                  SSDEEP:96:uQq4peAO0ztRDNN8N+Nid+Tj+9ZBvJRIC+l0KMWDD44BdkY:uv47O0ztRDNN8N+Nid+Tj+rRIC+l0KMA
                                  MD5:E674BED6D67AF9927201F5CA5C262326
                                  SHA1:94481C2AB07EE19EA7C937F8C4E9490E653BE760
                                  SHA-256:599119D4985D6F764E511E06837895E56FA8B51441A5FAA0143FA75390EFD48F
                                  SHA-512:C64383C97994C0547C5E7BD83A75F1F1901F3D81640FDBA6252915948E8418144A470B3316EB697BC17A800834FE222DAD2FE608AA92B358E7A08E4615E2B540
                                  Malicious:false
                                  Preview:03:14:40.353.INFO.Signaling force websocket stop..03:16:40.388.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:16:42.134.INFO.Socket connected to getscreen.me:443..03:18:57.615.INFO.Signaling force websocket stop..03:18:57.987.ERROR.Socket unable to read..03:18:57.987.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:18:57.987.ERROR.WebSocket connection error getscreen.me/signal/agent..03:21:06.547.INFO.Signaling force websocket stop..03:22:44.603.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:22:48.934.INFO.Socket connected to getscreen.me:443..03:25:01.650.INFO.Signaling force websocket stop..03:25:02.261.ERROR.Socket unable to read..03:25:02.281.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:25:02.281.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20241129.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):325
                                  Entropy (8bit):4.934472412866946
                                  Encrypted:false
                                  SSDEEP:6:SWcHdOXXIX+WgIJU4fyn2dzvRWl8RvvBdEud2M0CCQP5K0Ci4BADNBQEQ4:SWAOXutvvBPQj8P4094Bq5T
                                  MD5:E3D4891E554243CD57C198DED3D02A3D
                                  SHA1:934DDD0DAD3C9F8DA3B6A1AA139407EFB989B06A
                                  SHA-256:28AA69C1D08120C51D748C37AEAF4B4E528DD8D33F321C9538DB07AD44868E5B
                                  SHA-512:DB125FD6B9EDA4E3A08B1F175BB323FB48706A18DFC35C4DEAE5AFEBBA4A31F0D16C0F94A9351F652166757CB28A2AB58A294140D9AE53E5DB0D1B153E24945B
                                  Malicious:false
                                  Preview:07:30:36.802.INFO.Signaling force websocket stop..07:30:37.435.INFO.Socket connected to getscreen.me:443..07:30:46.187.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:30:46.401.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241201.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):878
                                  Entropy (8bit):4.985041279111181
                                  Encrypted:false
                                  SSDEEP:12:M2tKi2Ch65itvv7XKbqQj8P40T5joK+2Cham2KOiKpzXKHp5:M412G6QtvDPDAgjoIGF2Xi8Op5
                                  MD5:06BF438EFA1CB88DEB45A0DC5D6A3AB5
                                  SHA1:53A69AB0846A448F47F343D41BDDC72947F32639
                                  SHA-256:FBC7F35A14874B96C48B253057EB62CD4ECA3407BE0FCDC54C7D734A37BDB284
                                  SHA-512:1D25D049D9EA8D5E469C5A7D568327D0F9FF3E34CEC3D7B794A1EE361E8A7CFB114E01402619AAF1A4009F34E5B7D41861DA9E9374ACF5C403879D3AEF5C29A8
                                  Malicious:false
                                  Preview:10:45:57.463.INFO.Signaling force websocket stop..10:47:23.726.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:49:05.870.INFO.Socket connected to getscreen.me:443..10:49:34.419.INFO.Signaling force websocket stop..10:49:34.750.ERROR.Socket unable to read..10:49:34.770.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:49:34.770.ERROR.WebSocket connection error getscreen.me/signal/agent..10:51:53.270.INFO.Signaling force websocket stop..10:52:51.194.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:55:08.431.INFO.Signaling force websocket stop..10:57:27.080.INFO.Signaling force websocket stop..10:59:46.371.INFO.Signaling force websocket stop..11:02:05.063.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20241203.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2781
                                  Entropy (8bit):5.005986029653678
                                  Encrypted:false
                                  SSDEEP:48:zOybETafDNAg2ngDetjbUDng2vxDSx2rEr1Dv+P:ygETmAflmg2oxkErV+P
                                  MD5:18FAFA2CC940F00772333C378A28184C
                                  SHA1:5ED1236504CA1A213DB2C970DC8852F99990BF5F
                                  SHA-256:D74C5AD800C95F12DD779E92A281EB6ACFFFAA41E39F9A50B5FB172142B7523C
                                  SHA-512:9220D5444F40E637D2BA6CCD6D336ADB43BADE792FDAFFF5C8AFA0586A69CA791358C7F2F858A30223964FF27CCF913AEEDE022EA047D7944F7A0B5EABFC1FFA
                                  Malicious:false
                                  Preview:14:17:59.581.INFO.Signaling force websocket stop..14:21:25.192.INFO.Signaling force websocket stop..14:23:43.973.INFO.Signaling force websocket stop..14:23:47.669.ERROR.Socket failed connect to getscreen.me:443..14:23:47.679.ERROR.WebSocket connection error getscreen.me/signal/agent..14:26:02.657.INFO.Signaling force websocket stop..14:28:07.423.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:28:39.653.INFO.Socket connected to getscreen.me:443..14:31:16.771.INFO.Signaling force websocket stop..14:31:18.896.ERROR.Socket unable to read..14:31:18.917.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:31:20.271.ERROR.WebSocket connection error getscreen.me/signal/agent..14:33:35.567.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:34:22.531.INFO.Socket connected to getscreen.me:443..14:35:59.376.INFO.S

                                  C:\ProgramData\Getscreen.me\logs\20241205.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.796508009219671
                                  Encrypted:false
                                  SSDEEP:6:E9SUdN2XIX+WgIJUUMtS3n2XIXNLD4EQp4wn2dzvRWl8Rvvn:E9dN2KkE2Chxw2tvvn
                                  MD5:48D28A13A86BB157F455C22D87BD9F87
                                  SHA1:13563570F3CD7F64F6DF8A33AA4364D5219B8927
                                  SHA-256:9B714806D2A3411B9196B855466AC8A6CD7BACE3A53AC58EB2FD88903B0588D0
                                  SHA-512:E84B024CD372EA15FA23F8FB72A19697C2C2078221CA130EADA7379C84809D8CC90503A0E2CF31E86D89FB28970AEC27A0BCB43AB985A0F33556E7384C658D3C
                                  Malicious:false
                                  Preview:18:09:22.218.INFO.Signaling force websocket stop..18:09:22.474.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:09:56.551.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241207.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1883
                                  Entropy (8bit):5.002424941599069
                                  Encrypted:false
                                  SSDEEP:48:tmZfDx0bLvqq1t8DzbPh9DBbGU9bFDtbQPDY:ln71tODZTxz0PDY
                                  MD5:CC6AC42396245E44DBE55DEFB7C3CE67
                                  SHA1:D3724F40569A7C4275CEFC0228122C10AAD916C1
                                  SHA-256:566E40B553B4F595214B76DA3954C5D62A855E9DB34D1D9A2F11287A7DC6A619
                                  SHA-512:467C27CA5FCAED3415549A8B4991CD8FE8EB5145E2A73782902F3F99A61B2119B7F71A7E54BB7E98D87C2A6BB78F2CCAB4416A7FC2A2532EE33E1F12F37FB9E2
                                  Malicious:false
                                  Preview:21:25:25.252.INFO.Signaling force websocket stop..21:25:28.411.ERROR.Socket unable to read..21:25:28.431.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:25:28.431.ERROR.WebSocket connection error getscreen.me/signal/agent..21:27:53.824.INFO.Signaling force websocket stop..21:28:13.536.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:28:18.261.INFO.Socket connected to getscreen.me:443..21:30:38.828.INFO.Signaling force websocket stop..21:30:38.908.ERROR.Socket unable to read..21:30:38.928.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:30:42.722.ERROR.WebSocket connection error getscreen.me/signal/agent..21:32:58.687.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:33:07.657.INFO.Socket connected to getscreen.me:443..21:35:40.115.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20241209.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):233
                                  Entropy (8bit):4.755233053526763
                                  Encrypted:false
                                  SSDEEP:6:J2XIX+WgIJU+9vR2XIX+WgIJU+9OjmXIX+WgIJU+9cLQAXdzvRWl8Rvvn:cg9vR2g9Mmg97AXtvvn
                                  MD5:FA0E8760483BB1FCB9682DA66560D20B
                                  SHA1:8DB77416CC6C9B47836991EB7D719000C9B37379
                                  SHA-256:7FB25EBFD5EC47B55E8041103CBD87E96607DA91EE4C75718E06ACD3B49CA760
                                  SHA-512:DA1AA5060D7D310967774D914E79F5AFC02B941FD3AAC1694A67B838AC201AB748DB502BEA97B6F709F650C685FB66A883C2BBB798D477F95F13AC041B46F322
                                  Malicious:false
                                  Preview:00:57:19.071.INFO.Signaling force websocket stop..01:00:36.906.INFO.Signaling force websocket stop..01:03:02.042.INFO.Signaling force websocket stop..01:04:27.540.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241211.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.956367302304121
                                  Encrypted:false
                                  SSDEEP:6:RCtmXIX+WgIJUxKDMLKSbud2M0CCQP5K0CGNKpDDNBQEQ4:RCA2FdQj8P40Ux5T
                                  MD5:7B9D31D94491C1ADCA233AF31770ED52
                                  SHA1:56B99736183297A8AA541C917D2613A49AB270CD
                                  SHA-256:0FACF857BDA5804E49D7792E93668533CF9DEFB2E04B79C85A65F76EACF1939C
                                  SHA-512:7D6599B0A538D59D1159E67810EF33809C59C61D355EC4924728EB4DFED2BFA65CF3374690B4C5FB823599C774AB7C096A183A587FFC555B318544420C167B29
                                  Malicious:false
                                  Preview:04:19:26.742.INFO.Signaling force websocket stop..04:19:39.730.ERROR.Socket unable to read..04:19:39.760.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:19:39.761.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241214.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3034
                                  Entropy (8bit):4.99958815693069
                                  Encrypted:false
                                  SSDEEP:48:s+3aHFxdALDYeZbXNDpph3VDZz2mdalDZYFxUDs31wgzDAT:s+3aHF3A4Orzpxjz2ZbYjpO1T
                                  MD5:BBF6D0E09B7A2A1425A5214CEB8479FB
                                  SHA1:6910821E59BD3C43C96A4321218B759BAFC15858
                                  SHA-256:9C46486D56F5E3CF3529239653B4E70D0BFCDFC0231B43500EBD334CD0E96AC6
                                  SHA-512:A3CBA94017D5FE8603A62790F5F3B510D0C64BA5B9EC976463B1914B4FA13FFC0D1AAFB95F303E3EC48DDE6A5DF412A2C0531BF41527FB2D2B9CFAD5F2C1237A
                                  Malicious:false
                                  Preview:07:34:43.324.INFO.Signaling force websocket stop..07:37:14.503.INFO.Signaling force websocket stop..07:37:18.304.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:37:25.013.INFO.Socket connected to getscreen.me:443..07:39:42.322.INFO.Signaling force websocket stop..07:39:42.774.ERROR.Socket unable to read..07:39:42.804.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:39:42.814.ERROR.WebSocket connection error getscreen.me/signal/agent..07:41:54.772.INFO.Signaling force websocket stop..07:42:57.439.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:43:05.980.INFO.Socket connected to getscreen.me:443..07:45:21.497.INFO.Signaling force websocket stop..07:45:21.888.ERROR.Socket unable to read..07:45:21.888.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20241216.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.963167324670751
                                  Encrypted:false
                                  SSDEEP:12:NKx2ChVbXtvvA2KP4Qj8P40Z5/RiKma2Ch2Xtvvn:NBGBtvo2lDAy/Rip5G2Xtvv
                                  MD5:6B9972CD708A8E6448AEB9B9F96B27B0
                                  SHA1:807CACC4043A3BE6379CBF861E24036F777C2C4B
                                  SHA-256:5A7355D1F7A414A4284936E579DDF6A130959EF7EDB74B8B2B301E1B957386FF
                                  SHA-512:52C22E2F8FC79BCFDAB68C7C8E5BBA20519E8A06C89F077CFB3B398170196AE37D866361FEF47315EC01E93BDA54087BEFA6F9560F64C352C81C35565DD5C5C2
                                  Malicious:false
                                  Preview:11:19:25.309.INFO.Signaling force websocket stop..11:19:49.617.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:19:50.298.INFO.Socket connected to getscreen.me:443..11:22:03.666.INFO.Signaling force websocket stop..11:22:03.736.ERROR.Socket unable to read..11:22:03.776.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:22:03.776.ERROR.WebSocket connection error getscreen.me/signal/agent..11:24:29.135.INFO.Signaling force websocket stop..11:24:51.199.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:25:10.432.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241218.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.992375981535411
                                  Encrypted:false
                                  SSDEEP:6:IKgkjmXIX+WgIJUUlM6ud2M0CCQP5K0CBDNBQEQFsn2XIXNLD4EQzrX2dzvRWl8H:IfK6Qj8P40G5Vn2ChGT2tvv+j25
                                  MD5:5D65D0415F76D2C3E7FDB504E6798F96
                                  SHA1:CD4B42FD064DC99C0B2A6DE5118E4E79E4F00277
                                  SHA-256:670FBAE544AB76495BA37C7D4A66AF16DC6A469A43F18C021E8F899E72BBCDBB
                                  SHA-512:5905673BEA2786432DA8B3846C5DBD767D27733F29BD8D46836368C3936E9E8992C4B21B24E202E2D96A1E284D0E51307665167EE4139ECCE1887AA3527B1B42
                                  Malicious:false
                                  Preview:14:41:24.349.INFO.Signaling force websocket stop..14:41:26.956.ERROR.Socket unable to read..14:41:26.956.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:41:26.956.ERROR.WebSocket connection error getscreen.me/signal/agent..14:43:47.634.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:43:57.224.INFO.Socket connected to getscreen.me:443..14:46:31.778.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20241220.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):714
                                  Entropy (8bit):4.987016316674536
                                  Encrypted:false
                                  SSDEEP:6:E9xjnMBIud2M0CCQP5K0CkMDNBQEQujn2XIXNLD4EQTM2dzvRWl8RvvFmXIX+WgP:E9qQj8P40S5hyCh0tvvoKW4Qj8P40O5T
                                  MD5:D766695C7EBB0E58924263E721048ACC
                                  SHA1:87109F21F9FFC8021DFA2301E934A16C140BD730
                                  SHA-256:595B3D81B76881DB82DBDD2DEE703541713FDF71DBB95C585DE07603CDA8D0DF
                                  SHA-512:1F7E194D665B5F6370C6F7763610ED582D40B209446A1789F711F34865BFDF677167139C7E99F6B529F2EB43ADFD3A883FB7F9A9700F8A460E69E4B64C940077
                                  Malicious:false
                                  Preview:18:01:47.753.ERROR.Socket unable to read..18:01:51.293.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:01:51.293.ERROR.WebSocket connection error getscreen.me/signal/agent..18:04:01.835.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:04:12.999.INFO.Socket connected to getscreen.me:443..18:06:22.388.INFO.Signaling force websocket stop..18:06:22.549.ERROR.Socket unable to read..18:06:22.579.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:06:22.579.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241222.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.963961376339814
                                  Encrypted:false
                                  SSDEEP:6:ito4mXIX+WgIJUEm9mXIXNLD4EQGnWs2dzvRWl8RvvwKRXIX+WgIJUECEMCC20uB:6EvQChHitvv9ghQj8P402a5T
                                  MD5:31E4E8E0B4D9441CF35705A42012C09F
                                  SHA1:1F2CBC153AECD11F646E649767B411E004024500
                                  SHA-256:DEFFBC9C35DA842DBDB0D9E95DD75609FCFCA7E20050F40E5DD23DFD343AB121
                                  SHA-512:1A1968027D012E80C1511EA6BC63288533F9C817AB44A4579AB97933CCD05736F235EFF60E55AE55DAFB2651AA3B4DCDE1800FA71E7BB6E49D1364A12EFFD8BE
                                  Malicious:false
                                  Preview:21:22:49.548.INFO.Signaling force websocket stop..21:23:16.140.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:23:22.397.INFO.Socket connected to getscreen.me:443..21:25:40.159.INFO.Signaling force websocket stop..21:25:40.420.ERROR.Socket unable to read..21:25:40.430.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:25:40.430.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241224.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.7331627714686775
                                  Encrypted:false
                                  SSDEEP:6:CoX2XIX+WgIJU8xj1s2XIXNLD4EQJEQRXdzvRWl8Rvvn:N2OFBChPatvvn
                                  MD5:0DE1DC08E36C64ADDCA77B71E78C936C
                                  SHA1:82C427F74C406A0C73648BA73FA2B2C897BD3F97
                                  SHA-256:981BAB207DB0D178242D6E66B9DE700B6D4B9A791026C833449114A94B7FAFC7
                                  SHA-512:9886FB66B237A8C69B28D2DDBAA3A53963DCE4DC8AAF442917C2A80870217582E46A8CFBAD7DFBD92E45167AF682D0FC952B1D77F0544A2714FB3404568B3D09
                                  Malicious:false
                                  Preview:00:41:20.146.INFO.Signaling force websocket stop..00:41:42.225.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:41:50.753.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20241226.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.960691990303948
                                  Encrypted:false
                                  SSDEEP:6:Or8TAXIX+WgIJU87XXEMqfzT0ud2M0CCQP5K0ClT1jDDNBQEQ4:OrCAUXS/hQj8P40ud5T
                                  MD5:E64BEC872FEAED21C774666FE4A1C8A1
                                  SHA1:FA04C259916BA4EF4C493193EE1EF311B57A12FB
                                  SHA-256:1D8E593B60EE19C1A83D079CBEABA44AC6E327CC120F2EB6E5D98B9D6DFAD5C3
                                  SHA-512:AFEC5346B882C95F6396C069FB406816AB2424CF48F8472505582280B460064FCCA2EC089FFD34D19ECC8A4494326E2766B88A31F2169B9655DEDB6486F9EC9A
                                  Malicious:false
                                  Preview:03:56:39.262.INFO.Signaling force websocket stop..03:56:42.720.ERROR.Socket unable to read..03:56:42.760.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:56:42.761.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241228.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.980656774077461
                                  Encrypted:false
                                  SSDEEP:12:SxgWXJChjmtvvQLe+B+JHQj8P40sg5FChztvvcCySBRFQQj8P40gp5T:B6JGitvESlDAgFGztvU7SDFQDA3fT
                                  MD5:492924F25D142D68F156B665014CCFFB
                                  SHA1:42FF1C4A9FF6542F1587773D0590AF34AC1817D1
                                  SHA-256:AFA6D0837B17BC65191FC94707876A9830C64CBB2DAD377A7CE69A5E56062DAF
                                  SHA-512:C73F11CFA4C7E5272A089563E4CB7E07DAC5CC3EF90A41AD4FB127FA5868C9F3C34D833C984D7B49A6DBA9E13F1D64CC40611749357AE09E585F704D6CB48461
                                  Malicious:false
                                  Preview:07:12:27.120.INFO.Signaling force websocket stop..07:13:11.077.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:14:14.882.INFO.Socket connected to getscreen.me:443..07:15:25.130.INFO.Signaling force websocket stop..07:15:25.501.ERROR.Socket unable to read..07:15:25.531.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:15:25.531.ERROR.WebSocket connection error getscreen.me/signal/agent..07:16:57.593.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:17:03.163.INFO.Socket connected to getscreen.me:443..07:19:21.798.INFO.Signaling force websocket stop..07:19:21.958.ERROR.Socket unable to read..07:19:22.540.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:19:22.540.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20241229.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1637
                                  Entropy (8bit):4.994280089306174
                                  Encrypted:false
                                  SSDEEP:24:O12G+htvQFVyDAfPX/gmGItvJiQFjDA2+8GZtvyiPJDAo21GTrtvv:qv+D+yDuPGohTjDrwr/JDV2YTB3
                                  MD5:AA40AD2523626E2FF936CC6EC7F2AED9
                                  SHA1:5F36BE2A7D02D84546CA84382B3DBBA5909F6620
                                  SHA-256:D4FC6C9C30C6E33A950D87D4C00F3FD29DE52B5C2B98412BBED6487695595D41
                                  SHA-512:0266F594BB6CFCC27368EF7A1F560EADC38D6E2C28F00E4DACA79F0E6FA3F91028D7BF99B8A6F6BD26D8D486C13DFACE837E720EB71867C7B269292496F43631
                                  Malicious:false
                                  Preview:07:21:27.806.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:21:55.588.INFO.Socket connected to getscreen.me:443..07:24:10.891.INFO.Signaling force websocket stop..07:24:11.132.ERROR.Socket unable to read..07:24:11.182.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:24:11.182.ERROR.WebSocket connection error getscreen.me/signal/agent..07:26:24.983.INFO.Signaling force websocket stop..07:27:16.527.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:27:20.340.INFO.Socket connected to getscreen.me:443..07:29:41.975.INFO.Signaling force websocket stop..07:29:42.255.ERROR.Socket unable to read..07:29:42.856.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:29:42.856.ERROR.WebSocket connection error getscreen.me/signal/agent..07:32:08.060.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20241231.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1489
                                  Entropy (8bit):4.98847714490274
                                  Encrypted:false
                                  SSDEEP:24:MCL+BNBxDAqBijRXG4ZtvQhDAAjvmbGLw2tvbQhDAqn9G4nKtvv:7wNBxDFBijR24r6DNjv/LwamDnA4+3
                                  MD5:9D4BE24044D2AAC5C842EEAF9110B45A
                                  SHA1:100E58675FAC23E706A9F6CEE454DA63ADA8B849
                                  SHA-256:FB0B553D0253D6C47C69185A9FAE3091B3FA09861A5E8F063F879436ABF9F4D4
                                  SHA-512:D7BD40F7C014599E10BA9E3AF47EC9D48C233083F3609665B9BEB79A7BB6F08460B0DC51DEC93075B2E607558345988DF352569F2F25FE3E96B6C203EB46F348
                                  Malicious:false
                                  Preview:10:52:26.137.INFO.Signaling force websocket stop..10:52:28.407.ERROR.Socket unable to read..10:52:28.437.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:52:28.437.ERROR.WebSocket connection error getscreen.me/signal/agent..10:54:34.998.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:54:35.221.INFO.Socket connected to getscreen.me:443..10:56:58.575.INFO.Signaling force websocket stop..10:56:58.615.ERROR.Socket unable to read..10:56:58.615.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:56:58.615.ERROR.WebSocket connection error getscreen.me/signal/agent..10:59:23.923.INFO.Signaling force websocket stop..11:01:06.451.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:01:12.956.INFO.Socket connected to getscreen.me:443..11:03:30.219.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250102.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):7221
                                  Entropy (8bit):5.001460059119912
                                  Encrypted:false
                                  SSDEEP:192:nVHCf+1U5e6e4rl3M2c7ogzdD7hPPvlLcclCd2e:RiMVZjml
                                  MD5:3B1EDEEC34851BFFF01ADDB20BC7AB90
                                  SHA1:D5FA44F75F3D13BA2A33EDC4FBFA6F050FB3EC6E
                                  SHA-256:253DE6D62DC0B8E7AAD7249B025C66A669FEB074B442D577D9F62DFCB6A578A9
                                  SHA-512:2A0EE3E94D971B4E58CC712B8A7913CA30C0C94E08AB6BB52EC5FCB22C79AA00D667CE5561EE22F359CEAAA206A635BC2A4FF3702C9F1F8DBFD8D736EA3157A7
                                  Malicious:false
                                  Preview:14:22:09.091.INFO.Signaling force websocket stop..14:22:11.610.ERROR.Socket unable to read..14:22:11.640.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:22:11.640.ERROR.WebSocket connection error getscreen.me/signal/agent..14:22:59.111.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:23:10.216.INFO.Socket connected to getscreen.me:443..14:25:53.535.INFO.Signaling force websocket stop..14:25:54.026.ERROR.Socket unable to read..14:25:54.046.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:25:54.046.ERROR.WebSocket connection error getscreen.me/signal/agent..14:28:19.172.INFO.Signaling force websocket stop..14:29:21.914.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:29:45.254.INFO.Socket connected to getscreen.me:443..14:31:45.975.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250104.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2922
                                  Entropy (8bit):5.010999661719396
                                  Encrypted:false
                                  SSDEEP:48:E5sDcnf4xSwD7g6oZx8jDgAlvs0YDZyMv1DbrvYeyMDlCDAG3:snf4jgt2IAhdcy2DpO7
                                  MD5:F1336C0C413A8A7568AA588B51944CF5
                                  SHA1:3DABB743BCF7B3C73599F40827F849FF643F1293
                                  SHA-256:BB3033D2182A1A62680354223C210B32FF442C298D786BF707DE6E08B16093C4
                                  SHA-512:6204D0E88E5BAEC6B84CE6C4019B4940C3E5094142EC6DDA52A752B43BD609F88E35F10E1691B35F5B80867AC081EC42E65157A798EF9979B43804DAEC6CD5C2
                                  Malicious:false
                                  Preview:18:47:30.677.INFO.Signaling force websocket stop..18:47:40.808.ERROR.Socket unable to read..18:47:40.808.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:47:40.808.ERROR.WebSocket connection error getscreen.me/signal/agent..18:49:43.322.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:50:04.663.INFO.Socket connected to getscreen.me:443..18:52:06.492.INFO.Signaling force websocket stop..18:52:06.573.ERROR.Socket unable to read..18:52:06.573.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:52:06.573.ERROR.WebSocket connection error getscreen.me/signal/agent..18:54:19.287.INFO.Signaling force websocket stop..18:55:14.911.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:55:22.525.INFO.Socket connected to getscreen.me:443..18:57:39.156.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250106.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.945152589563015
                                  Encrypted:false
                                  SSDEEP:6:+PTriXIX+WgIJUK/kMY/kud2M0CCQP5K0C+q/CmDNBQEQaXovs2XIXNLD4EQhoMt:wriwm5Qj8P40ml5boChO7tvvn
                                  MD5:7E999EEBA5A865B1D48F1A93707B6119
                                  SHA1:E3C3E2FC9CBD00FA41F5F691E1A2C84E2A4D5D9B
                                  SHA-256:AEAE190843B268458D18D237D41326CE67FFBE5E0429350F3DE4E858B8478D2B
                                  SHA-512:4D2BD2FAEF9EB4C8174687A6A211FECFD9F24A84D310D49E559BCF5F086BC3AA0A8832C55B9A88B883181B297F99B3BDB187F8989B9297E79246A3191770F834
                                  Malicious:false
                                  Preview:22:30:25.511.INFO.Signaling force websocket stop..22:30:28.572.ERROR.Socket unable to read..22:30:28.572.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:30:28.582.ERROR.WebSocket connection error getscreen.me/signal/agent..22:32:17.645.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:32:18.331.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250108.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.984282109898096
                                  Encrypted:false
                                  SSDEEP:12:a2g5R5EQj8P40vy65k0MChOes2tvvu5XgtMCBQj8P40V65T:5aPEDAMkRGNtv6mBDAdT
                                  MD5:0C8C58B75D8DD17A28E727D9B1A83C73
                                  SHA1:FEE76EA36E38F93A61F18EEE5B9ED5E5EAA66764
                                  SHA-256:E48788A7D1AB0ED6E3A7D65C8865C532ED624269C3B7AC17AC31534D87120C0F
                                  SHA-512:8FF6CF3A0AAF1D039B8F0B1CC9214CDD47130C5E8C9923E4F98668EB4A2D3AB4E28779D5EB0D71DB73E40AE4BDF706C053501AE97134E84102632254BEA1A2AF
                                  Malicious:false
                                  Preview:01:47:35.399.INFO.Signaling force websocket stop..01:47:38.551.ERROR.Socket unable to read..01:47:38.551.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:47:38.561.ERROR.WebSocket connection error getscreen.me/signal/agent..01:49:34.205.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:49:34.654.INFO.Socket connected to getscreen.me:443..01:51:54.347.INFO.Signaling force websocket stop..01:52:14.493.ERROR.Socket unable to read..01:52:14.494.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:52:14.494.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250110.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.975087297831449
                                  Encrypted:false
                                  SSDEEP:6:0556DjmXIX+WgIJU6/qXXIXNLD4EQ11dzvRWl8Rvvoon2XIX+WgIJU6lPEMsfNPm:yI/mkOChktvvT2kJ+JRQj8P40DK5T
                                  MD5:321260312400883FFAAE7499B3EB3B48
                                  SHA1:0E8C84CC0A1CAB3A5BDAD06826F5CDAC1CF2B2A1
                                  SHA-256:3858A7995C360191A7881618D565ED1B47D1A36EA5E70805CB23835B7F7904FF
                                  SHA-512:846057A2C9DA03EE5CD3C568F918A3C4918A23D80C7A73E2EE3806E26188EB0B8FA78CD804D29F431906F8077FD1670EA7494C89D34DB6854F330A4CDB7BFF85
                                  Malicious:false
                                  Preview:05:06:49.769.INFO.Signaling force websocket stop..05:08:35.989.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:08:41.621.INFO.Socket connected to getscreen.me:443..05:11:01.657.INFO.Signaling force websocket stop..05:11:01.768.ERROR.Socket unable to read..05:11:01.768.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:11:01.778.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250113.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.947108111426791
                                  Encrypted:false
                                  SSDEEP:6:m9mXIX+WgIJUPYD2XIXNLD4EQBawdzvRWl8Rvvv0K9qXXIX+WgIJUsUMmoEud2M+:jRNChstvvv9m8RQj8P40Nq5T
                                  MD5:CBA0AA7C6097FBBF5FDB461466E1213C
                                  SHA1:B15E5C522BD2CCF71CAA70A7A0B467C9807F7F16
                                  SHA-256:7621DA8F65B47E2AA1C231DBFD65C583A58C00EF7B8986734C50F9398E0FD2F1
                                  SHA-512:BCE30D0EB8FE30BCF055173B05CD22D6CC794814C7F7F154A1643262B7F45BFF199FB49B0EF11774E4DE02AEB99D3B8B6AB3D4495489E86862A64530EB826B69
                                  Malicious:false
                                  Preview:08:26:00.021.INFO.Signaling force websocket stop..08:26:18.077.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:27:45.102.INFO.Socket connected to getscreen.me:443..08:30:04.489.INFO.Signaling force websocket stop..08:30:04.679.ERROR.Socket unable to read..08:30:04.720.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:30:04.720.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250115.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1489
                                  Entropy (8bit):4.987884773533414
                                  Encrypted:false
                                  SSDEEP:24:C7FmGAtvzgLgDARP82GlXtvj2EDAjWaHuE2GutvnaIDAjaT:CpwHDw8vHLNDOW65vClDOaT
                                  MD5:F0F67DD7179E3E97ECB1A7E1626FDA9E
                                  SHA1:45D131A32D5FAF427D2A31637A83CB9C4A72777A
                                  SHA-256:631F1BB9D5D6FE37A78822345AAB408E3B28432E81C3FD75B965E805EA5230E9
                                  SHA-512:195E663C0177AEC438CEAB7EEB94C9B3B5C394FFB9D55759C541C0298774491AE8A0B70FF21BE408DC15DCEBB83560AF1932BFAF80363C42E48B0BCBF4361997
                                  Malicious:false
                                  Preview:11:46:52.465.INFO.Signaling force websocket stop..11:47:14.527.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:47:15.893.INFO.Socket connected to getscreen.me:443..11:49:53.204.INFO.Signaling force websocket stop..11:49:53.335.ERROR.Socket unable to read..11:49:53.335.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:49:53.335.ERROR.WebSocket connection error getscreen.me/signal/agent..11:51:50.286.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:51:54.557.INFO.Socket connected to getscreen.me:443..11:54:14.516.INFO.Signaling force websocket stop..11:54:14.877.ERROR.Socket unable to read..11:54:15.093.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:54:15.093.ERROR.WebSocket connection error getscreen.me/signal/agent..11:56:40.360.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250117.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.99234371791863
                                  Encrypted:false
                                  SSDEEP:12:OKMChHtvv9KFV+Qj8P40g35vHbChCntvvrKCxQj8P40gK5T:OBGHtvVvDAvv7GCntvDlDAsT
                                  MD5:15099378EB1E48FBE140DA31B5A7C86A
                                  SHA1:8CC881E379CA1E08D9DDAAB264E9EFFBA2B63203
                                  SHA-256:66AA4157B82C8333A74668C366E7756C58451D76F9BC8A42006F03C8DE208F4F
                                  SHA-512:F4C57664F69F8BD4047103E7265825805F5A0EBA48B32A7114D4A695969930B8A5592856BA5B08212C918FEEB230B176E3989FA6EDD31DE4E3B75E3A913EBBBF
                                  Malicious:false
                                  Preview:15:14:27.415.INFO.Signaling force websocket stop..15:14:35.233.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:14:37.023.INFO.Socket connected to getscreen.me:443..15:16:59.482.INFO.Signaling force websocket stop..15:16:59.623.ERROR.Socket unable to read..15:16:59.623.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:16:59.623.ERROR.WebSocket connection error getscreen.me/signal/agent..15:18:36.748.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:18:39.215.INFO.Socket connected to getscreen.me:443..15:21:00.321.INFO.Signaling force websocket stop..15:21:00.822.ERROR.Socket unable to read..15:21:01.193.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:21:01.193.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250119.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.784585443016094
                                  Encrypted:false
                                  SSDEEP:6:EAt2XIX+WgIJUUUdXfXIXNLD4EQZL4mdzvRWl8Rvvn:Es2KACh64mtvvn
                                  MD5:CA409B7A88B6FDDD9DF2F69B0F60539E
                                  SHA1:2B21C2585CF7FBC45EEB9085FD4D292DAA406E05
                                  SHA-256:34520A0413F85C4FD9A1DED60308D12DBDBDBD98D3467A28DF1CD5E4445DDFB6
                                  SHA-512:A73286E53EBE82B6537B8C952D62CEB1A4786935934AD20EAA268D35A2EAF05701D9CEEB0BE8ED4D81B34B9FD748CC13D7C36535DE3562E490602A81B0BB7680
                                  Malicious:false
                                  Preview:18:37:36.824.INFO.Signaling force websocket stop..18:38:26.951.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:38:33.009.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250121.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):5.005513872323596
                                  Encrypted:false
                                  SSDEEP:6:/XIX+WgIJUEdZMCdZud2M0CCQP5K0CDdDNBQEQaMXXIX+WgIJUE3vfR2XIXNLD4s:/A9UQj8P40el5bew2Chw2tvvn
                                  MD5:18BA45BA3D0E409276659DFB0381E2BD
                                  SHA1:55BA581926B9E68D50CAE36BB3B332526521173A
                                  SHA-256:B216CF19814E6F38EC14982F9FB5A59A0D207F9FB32B5E85782C3BC64BD30218
                                  SHA-512:748F577D5E793B613F6ABCF708DAFB9CC68A25C010F6DA09E95F32A31631267EEA6B5A1D4C97287532759E554CC1D4F9B2086DB4C7FD0792EDB3F0A0F827C097
                                  Malicious:false
                                  Preview:21:55:01.098.INFO.Signaling force websocket stop..21:55:04.926.ERROR.Socket unable to read..21:55:04.926.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:55:04.926.ERROR.WebSocket connection error getscreen.me/signal/agent..21:57:30.002.INFO.Signaling force websocket stop..21:57:36.966.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:57:41.886.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250123.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.9559407292320845
                                  Encrypted:false
                                  SSDEEP:12:qU2g5cQj8P40K5kLjr2gDc/iChRp2tvvn:J2XDAzkLji6c/iGRYtvv
                                  MD5:4DAA6F8E54145605036F01523FCFD94D
                                  SHA1:957511AA06257ADE4A8689DE86E4233572A5B42E
                                  SHA-256:EF60F1D5647B2761D00C277650B814FFDE9E59D8E2B98C06AF1FB839B1D2F93D
                                  SHA-512:28A0B9CF0BCB0DCE381F1E6C95B9171832E9C54060CB61DF256630E32CD6826D8551F203D6E13E82D123EF2730E7209F78953B041AF8FBCF0238149DE1AF0C10
                                  Malicious:false
                                  Preview:01:13:10.646.INFO.Signaling force websocket stop..01:14:39.714.ERROR.Socket unable to read..01:14:39.714.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:14:39.714.ERROR.WebSocket connection error getscreen.me/signal/agent..01:17:05.074.INFO.Signaling force websocket stop..01:17:12.282.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:17:21.474.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250125.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.982091305774132
                                  Encrypted:false
                                  SSDEEP:6:2cb2XIX+WgIJU5yMikud2M0CCQP5K0CG8gDNBQEQ4:X2b+xQj8P40sK5T
                                  MD5:CB629B7E300FCEFBC1F7075CE70BCBD1
                                  SHA1:715264D04DBE5A5A1D29E21C9F04912D68F40C13
                                  SHA-256:FFE6D60A6B4881721D913BE226CE8315AA2E21C77BB643DBCB82F416B957E6A1
                                  SHA-512:8B83000260DE5C573744BCB658EA720A0063E06B1CDA645075DE253F1DA915CB50CDD4FAA3BFBE3279D4FDC16465FABAA6F330D45BCF765515C2A581330902B9
                                  Malicious:false
                                  Preview:04:32:49.884.INFO.Signaling force websocket stop..04:32:53.162.ERROR.Socket unable to read..04:32:53.172.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:32:53.172.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250127.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):663
                                  Entropy (8bit):4.950823194952812
                                  Encrypted:false
                                  SSDEEP:12:SPm7s2Chs2tvv39mPumxQj8P405K5dChnmtvvn:3DGXtvP9mWYDABdGnmtvv
                                  MD5:4BF1A8B6219D0F1E3C5DF3153AAF58AA
                                  SHA1:BF206B238E63D910A5EDCC42B3E171EFF3CCE57D
                                  SHA-256:05985F172954DB75CEA697973F5C6ADC74A69B4376B5BB9AE7982A072BB12598
                                  SHA-512:ACA5C7E60EBAE62A54E3593860ABC20BDA7DAA2FA5FB8913C499CDF42BD4100CE4EC841D41DB5F57F6B06A5AFECCDCE1C165A9EC59253804BC94659FD2D7B6DC
                                  Malicious:false
                                  Preview:07:48:09.760.INFO.Signaling force websocket stop..07:50:06.654.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:50:06.884.INFO.Socket connected to getscreen.me:443..07:52:18.962.INFO.Signaling force websocket stop..07:52:19.053.ERROR.Socket unable to read..07:52:19.053.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:52:19.053.ERROR.WebSocket connection error getscreen.me/signal/agent..07:54:05.002.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:54:07.929.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250130.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.686033716352762
                                  Encrypted:false
                                  SSDEEP:3:N8tQMas2XINF+WgIO0/Vyn:CQHs2XIX+WgIJUn
                                  MD5:E76A4ABA275C622E095C5A4EE8AFECA2
                                  SHA1:41771ED9AD39FAC23B5B33970A55DFEB65744CF2
                                  SHA-256:38ED3271CCB8DF9C4A108F836B821556738D41D51988D7A035E106267C27A577
                                  SHA-512:F23DDA2477C5CC3BABA05E0B5E93C6F88D5BEF067707DABF8DF7970B79229EA0A406A8A887E884DE8008B65FA482FC980761441A7105A2B569195E25A995A88D
                                  Malicious:false
                                  Preview:11:10:26.505.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250201.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1229
                                  Entropy (8bit):4.973264851947928
                                  Encrypted:false
                                  SSDEEP:24:EDAODGvtvvDDAhjEGrAtvNuH4k4EDAS47T:ED7aFjD8Frw/PED+7T
                                  MD5:85B7DCE1D797F176291F0011040149E0
                                  SHA1:41E31BFD0E33F457912FF27AA75E236014B6DBE0
                                  SHA-256:DD63160B5830B614E8BAF32EED16BCE3E7E4DE15ACF016E3A296201E43B61F72
                                  SHA-512:0F76AAC44149460073B66637BD1DD03A570516F4C3E5CC45C94547333901E6CB643AE7D073F5A9B88B157450675AD0761FD51636AF942677BC1C974B69EDAE15
                                  Malicious:false
                                  Preview:14:24:57.225.ERROR.Socket unable to read..14:25:00.043.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:25:00.043.ERROR.WebSocket connection error getscreen.me/signal/agent..14:27:04.119.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:27:10.380.INFO.Socket connected to getscreen.me:443..14:29:49.303.INFO.Signaling force websocket stop..14:29:49.423.ERROR.Socket unable to read..14:29:49.423.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:29:49.434.ERROR.WebSocket connection error getscreen.me/signal/agent..14:32:14.789.INFO.Signaling force websocket stop..14:32:18.823.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:32:23.572.INFO.Socket connected to getscreen.me:443..14:34:42.938.INFO.Signaling force websocket stop..14:34:43.179.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20250203.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.672553582385557
                                  Encrypted:false
                                  SSDEEP:3:L5uYy9qXXINF+WgIO0/Vyn:FiqXXIX+WgIJUn
                                  MD5:1C8A25D9C5C76E0F37139764E39197AB
                                  SHA1:54668D396264792D6A2043B7CA7D7433C898AAA8
                                  SHA-256:A3AEF3D3CE00C9B63DFB7B8B6305911C21CF666709707B1162FE625BF95D3515
                                  SHA-512:26F2E2C78A99BA980E2BAFD499D6071CB7984FD67442AC0EBB9FBA787BA5F33F9CF5706F4624F5B92713543C5099A6871BB0FF69B327C10817B78C6E0B728334
                                  Malicious:false
                                  Preview:17:49:12.441.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250205.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.773199737150242
                                  Encrypted:false
                                  SSDEEP:6:C42XIX+WgIJUEM5s2XIXNLD4EQEKJTRR2dzvRWl8Rvvn:/2/ChFS32tvvn
                                  MD5:F94E8D5882BD30CBE704160371E2D616
                                  SHA1:34369C27176117B80A832FE539BF3B210921EC25
                                  SHA-256:E85B196C844A03A5A5867A6E0A6FFA20426A18285DBDE1A6A45DFFAEAEE0877E
                                  SHA-512:8B1594DDB0AA70CE56DFBA72A4373EC80252B5E63944E0680DA24B6963C8E76B299B3D5A6229D33E604FD0B3FE98CEC57AB17A27940E81DC55454265B7E97FFA
                                  Malicious:false
                                  Preview:21:04:39.032.INFO.Signaling force websocket stop..21:05:09.192.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:05:10.764.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250207.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):882
                                  Entropy (8bit):4.973033385817784
                                  Encrypted:false
                                  SSDEEP:12:YQIx3Qj8P40CE5jiS02Ch/Jtvv4ixQj8P40h5jG5:5w3DAdwjiS02G/JtvJxDAujG5
                                  MD5:D1D3633C391708C1B6B7F3F60853DA8C
                                  SHA1:4EEBA5E89F676693DE9DD1B4E44B38E22A3FCB79
                                  SHA-256:6A1D53A01874B9EB7CB36DA593ED365F876B8581B1662706E5093B016C5865B2
                                  SHA-512:1F2DCE94420780DC41D4608A13B0B0FA8A0B4D197D548A21DB722E1F48B09E40D32C1937D5A5B3FD8D452E0FC4525D1D28F69662545603DE8589CF9017127287
                                  Malicious:false
                                  Preview:00:19:45.572.INFO.Signaling force websocket stop..00:19:49.132.ERROR.Socket unable to read..00:19:49.162.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:19:49.172.ERROR.WebSocket connection error getscreen.me/signal/agent..00:22:02.271.INFO.Signaling force websocket stop..00:22:50.436.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:22:50.900.INFO.Socket connected to getscreen.me:443..00:25:14.353.INFO.Signaling force websocket stop..00:25:14.423.ERROR.Socket unable to read..00:25:14.463.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:25:16.254.ERROR.WebSocket connection error getscreen.me/signal/agent..00:27:39.645.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250209.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1948
                                  Entropy (8bit):4.987598684705504
                                  Encrypted:false
                                  SSDEEP:48:O9Hd+DmrvheODg2f2Q+UePDsEcd7IODB5T:4HXrv4rUP+nQEcVIc5T
                                  MD5:7C8A12B420940E050F2D508F27EA6797
                                  SHA1:6D188A820FD3F21597C6A15C9979775D17A71FC1
                                  SHA-256:F8081E7BF165A536D060E8BFF85DA1CB2AA69FE6FDCCEBDB881B7468CBE2C634
                                  SHA-512:E2822335347FF4D93C3F7E49B927E3CFAC661AB03271BD55007332813F84EF681C6ED72AD8F2E94BCF4B8DE500341FB31A8D98F962D4B5EEA53C5DF834F10B58
                                  Malicious:false
                                  Preview:03:42:32.182.INFO.Signaling force websocket stop..03:42:36.133.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:42:47.583.INFO.Socket connected to getscreen.me:443..03:44:49.745.INFO.Signaling force websocket stop..03:44:49.745.ERROR.Socket unable to read..03:44:49.745.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:44:49.745.ERROR.WebSocket connection error getscreen.me/signal/agent..03:46:50.073.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:47:12.560.INFO.Socket connected to getscreen.me:443..03:49:13.357.INFO.Signaling force websocket stop..03:49:13.788.ERROR.Socket unable to read..03:49:14.039.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:49:14.049.ERROR.WebSocket connection error getscreen.me/signal/agent..03:51:21.245.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250211.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5242
                                  Entropy (8bit):4.997223675395524
                                  Encrypted:false
                                  SSDEEP:96:tew9lEcZI4t7qmFwI5MsNV5SFZ3zMberBSDr3h17VQYO2QYtQYCkZsGzdQ:te6PJqmyI5MmV5SFlMOByrx17V1H1t14
                                  MD5:EDC92552CD2F9B52D45C81BF3B80DD4D
                                  SHA1:F86FDEDD51447AFC2F224262168804AD85DD532D
                                  SHA-256:BD87E35A2E829FDBB362108034D4DE119B83375F7823CCE2A4A00DBE4CF5CD63
                                  SHA-512:D0E71F92267BE029F1F7E565AFE3581397F7A2143DD6E4394E2D942DDC22F66A4BB25DB8CC17B7A74D71DDC994F97B763132287546A58042C9F715DD25522C88
                                  Malicious:false
                                  Preview:07:14:37.539.INFO.Signaling force websocket stop..07:15:29.242.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:15:37.801.INFO.Socket connected to getscreen.me:443..07:17:52.607.INFO.Signaling force websocket stop..07:17:52.928.ERROR.Socket unable to read..07:17:52.928.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:17:52.928.ERROR.WebSocket connection error getscreen.me/signal/agent..07:19:45.093.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:20:56.752.INFO.Socket connected to getscreen.me:443..07:21:58.792.INFO.Signaling force websocket stop..07:21:59.324.ERROR.Socket unable to read..07:21:59.775.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:21:59.775.ERROR.WebSocket connection error getscreen.me/signal/agent..07:23:33.359.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250214.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1377
                                  Entropy (8bit):4.982695751923295
                                  Encrypted:false
                                  SSDEEP:24:LDARggs2x2GEbtvX/cfDAIPGjtvgxDAweGYitvv:LDsrsavuXoDlOpKDd3T3
                                  MD5:699821CD53EC4FC2EA1ECBDC18CA8DF4
                                  SHA1:E101083CCBA56297B818223E2166C83156B5EC58
                                  SHA-256:C3E6BB85A1C2CA9F33251F32FCDF05BC1775420FD9567B75C58286478AB85352
                                  SHA-512:C9EAF40D61E71937136B7B949DA3A2F9AADF493C8B21E26E3306BF9B1174E99A2CB39E4BBD946C9CA5868B84BC177FC7E7AB0AC7DED0A52E59A79B4E0E321D47
                                  Malicious:false
                                  Preview:11:27:50.375.ERROR.Socket unable to read..11:27:53.237.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:27:53.238.ERROR.WebSocket connection error getscreen.me/signal/agent..11:30:18.456.INFO.Signaling force websocket stop..11:30:26.346.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:30:36.401.INFO.Socket connected to getscreen.me:443..11:32:51.064.INFO.Signaling force websocket stop..11:32:51.355.ERROR.Socket unable to read..11:32:51.356.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:32:51.356.ERROR.WebSocket connection error getscreen.me/signal/agent..11:34:47.117.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:34:54.244.INFO.Socket connected to getscreen.me:443..11:37:02.945.INFO.Signaling force websocket stop..11:37:02.997.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20250216.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.959762040179644
                                  Encrypted:false
                                  SSDEEP:12:IC2KFLUQj8P400l574n2KOWX2ChIhtvvn:g6LUDAZrs202Gstvv
                                  MD5:D0F2A28577AD6729C2BCE05C2EBA4DDB
                                  SHA1:9EEC0F7E75F15A97EE5D36E75877BE8F4801DF41
                                  SHA-256:FB577BB2269F00E7535C4EDD24DF443717FB477296701CF6BCE5D2C0E2B588AB
                                  SHA-512:4F3067292F44BECFF83475974CEAF4CA99788D5C3A82CBE886F298C45D5970A9DE90BE1ABABE96A8FA59C5FABCDA515459E962425775FA6AFF0B037103B8D1F5
                                  Malicious:false
                                  Preview:14:54:04.134.INFO.Signaling force websocket stop..14:54:05.452.ERROR.Socket unable to read..14:54:05.452.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:54:05.452.ERROR.WebSocket connection error getscreen.me/signal/agent..14:56:18.754.INFO.Signaling force websocket stop..14:56:20.766.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:56:21.473.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250218.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.957218837949342
                                  Encrypted:false
                                  SSDEEP:6:EGfGlNXIX+WgIJUUWA8MRA8ud2M0CCQP5K0C2A4DNBQEQ4:EIgNKWA3A5Qj8P40QC5T
                                  MD5:29737EDD245350F08389615918B8E8A9
                                  SHA1:B700269179031777EE48BF40D6D42800710E2B0C
                                  SHA-256:FDBC2094FF7A211AC3103A13FC235834F68B450D5AE53A3D8F21DE661716765A
                                  SHA-512:241623D87ED2EEDEDC2F6975D56299702A5B506E58DBC4B9D4E2D97A82B1B9AF8BE31334C3CE30D23B23E0F980471D88FBE8439F8B218684874ABC94763EF6F5
                                  Malicious:false
                                  Preview:18:12:56.403.INFO.Signaling force websocket stop..18:12:58.509.ERROR.Socket unable to read..18:12:58.509.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:12:58.509.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250220.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:nj23as2XINF+WgIO0/Vyn:jYn2XIX+WgIJUn
                                  MD5:FC0D95B892F0BBBA00408404F6E66DEE
                                  SHA1:3E09F942EF04EB32639202F80288DD336B451E38
                                  SHA-256:3F71C715605ECEC09075673AB5F29B9C2CAFCA9256AEA58E4B06E821E7EC62D5
                                  SHA-512:F48962FEC7D5104BCDF4AE66F1C606562A2E4BA6419C4BE3078FC2BA89EB458993F6B4F5BA938F0D3B70A929A41E598E0B5D91FA60A50273B5FAF5A9DEA06302
                                  Malicious:false
                                  Preview:21:27:57.094.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250222.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.687785240474166
                                  Encrypted:false
                                  SSDEEP:6:1vVQXIX+WgIJU2FXIXNLD4EQJG+s2dzvRWl8Rvvn:TQoFChGXtvvn
                                  MD5:93FC14A3F8390D3C91CCDD1E75AFF298
                                  SHA1:D66D2D4F13EAC0770DC379D0200002751B9A9FCB
                                  SHA-256:1B084C36C067A2F48D381CF3C3DDD1D54FB0F16FE5E4718F0AE058C6B538F832
                                  SHA-512:D514917C33B8B46B9439128FEE3F1D525D7ECCF4A80D1F09BE3F14D7E568808FAACCCAD7C2802E056F84A185F1CC5FCB090EEB653B4FC989781FC25E303327CC
                                  Malicious:false
                                  Preview:00:43:47.790.INFO.Signaling force websocket stop..00:44:00.051.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:44:07.677.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250224.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1285
                                  Entropy (8bit):4.982114630714184
                                  Encrypted:false
                                  SSDEEP:24:OJ0mNrBDA0SWGptvwR28cfDAoKQGyXmtvum4CxDADiT:OJ08rBDjSP7ufcfDRkyXK25kDTT
                                  MD5:676DECF69106E9A942A7195CF228E421
                                  SHA1:0ACA12F63269EE62F823CA9C76D1914603D5D03C
                                  SHA-256:2D97CE22F7DAD8EE3167AE4038A90ED55B7EE80F4070358E7C981003EE06A198
                                  SHA-512:6874CB9B07C5F7319231A012A2C1AE12A5E6421D7EB343918A2EA039D1C21A492E55EC6344409CD846729FD21513FFF1E53F3928D86E3EC8898BD6D8ABF7EAE7
                                  Malicious:false
                                  Preview:03:59:43.444.INFO.Signaling force websocket stop..03:59:46.713.ERROR.Socket unable to read..03:59:46.713.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:59:46.713.ERROR.WebSocket connection error getscreen.me/signal/agent..04:01:42.315.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:01:47.738.INFO.Socket connected to getscreen.me:443..04:04:08.016.INFO.Signaling force websocket stop..04:04:08.267.ERROR.Socket unable to read..04:04:08.317.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:04:08.317.ERROR.WebSocket connection error getscreen.me/signal/agent..04:06:22.442.INFO.Signaling force websocket stop..04:07:35.221.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:07:41.923.INFO.Socket connected to getscreen.me:443..04:09:58.724.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250226.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.975702731332148
                                  Encrypted:false
                                  SSDEEP:24:FxGWtvZv2DZ+2DAMY0hGPtv0BQiBSRj6DAbCAT:W6xMZ+2D9Y0sl9MD4T
                                  MD5:B7E01A6567C407B3E448C64308AADF03
                                  SHA1:EC48AE34F77E374F3BE89523AD29B8F9F18889BF
                                  SHA-256:9F472A59B6D1FB1CCABD55924BACA886A574F2374D2B37F5B9FC6897390584E7
                                  SHA-512:EE36322C3A7A42879786FED53ABF4FCE3674FEA017FF7C301EEC16F7A42A3912333BDCEB53E3640D0C2ECEF71B7253F6BF2BA863F3A30F651D2B60B38BB8538D
                                  Malicious:false
                                  Preview:07:24:50.201.INFO.Signaling force websocket stop..07:26:20.279.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:26:20.293.INFO.Socket connected to getscreen.me:443..07:28:32.471.INFO.Signaling force websocket stop..07:28:32.722.ERROR.Socket unable to read..07:28:32.762.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:28:32.763.ERROR.WebSocket connection error getscreen.me/signal/agent..07:30:52.434.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:31:00.403.INFO.Socket connected to getscreen.me:443..07:33:15.789.INFO.Signaling force websocket stop..07:33:15.930.ERROR.Socket unable to read..07:33:16.781.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:33:16.802.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250301.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.947719937306477
                                  Encrypted:false
                                  SSDEEP:12:Moprr2KdXChHtvvo1XKKgrQj8P40E5jRybr2Ka82Ch4GMXtvvn:Moprr2IXGHtv6XUrDANjRSiLnG4TXtvv
                                  MD5:401C53CB933733736CD54AD6AFB337CF
                                  SHA1:2805202F92B8FD3A0FB15EC66F7DE06A5235CFF8
                                  SHA-256:C2211124CFD1DE6A3B8785A61B6798A4557E02DF9498A5958E88577272B2A713
                                  SHA-512:3A969653BC94870F138D52B65A9EAF51FB8204E195139C6D0E0D0A5BF6E1FDE002BB5378490022180362F29898CB523480A1034A8CDB61008F51778FE8010CE4
                                  Malicious:false
                                  Preview:10:48:26.216.INFO.Signaling force websocket stop..10:49:22.255.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:49:28.987.INFO.Socket connected to getscreen.me:443..10:51:34.101.INFO.Signaling force websocket stop..10:51:34.412.ERROR.Socket unable to read..10:51:34.442.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:51:34.442.ERROR.WebSocket connection error getscreen.me/signal/agent..10:54:00.014.INFO.Signaling force websocket stop..10:54:07.934.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:54:12.183.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250303.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.9424988576977595
                                  Encrypted:false
                                  SSDEEP:12:Iv5iKWs6Qj8P40msb5esXCha2tvv+QK7xQj8P400K5uKxzXChLtvvn:8QTDAwzXG9tvGQkDAouwXGLtvv
                                  MD5:EE07FB0A4009E2E4C4FE45088AA3DD70
                                  SHA1:E071CAD85917DA86C2049328A23DB770ADF2898A
                                  SHA-256:6CB2DCD3ECD4C6028493640C4D043F0241582460220A80AFD71A87E84643B00E
                                  SHA-512:00F77991A257401AC1329B19FF79091EE789682A6D44A521AFB74E1C8D0871E56522951CCC64B63810DFAB1268AE12A7F15000A74FFF0EF4019D30F126C33F27
                                  Malicious:false
                                  Preview:14:09:08.030.INFO.Signaling force websocket stop..14:09:11.128.ERROR.Socket unable to read..14:09:11.148.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:09:11.148.ERROR.WebSocket connection error getscreen.me/signal/agent..14:10:46.270.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:10:59.244.INFO.Socket connected to getscreen.me:443..14:13:09.809.INFO.Signaling force websocket stop..14:13:09.990.ERROR.Socket unable to read..14:13:10.010.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:13:10.010.ERROR.WebSocket connection error getscreen.me/signal/agent..14:15:23.123.INFO.Signaling force websocket stop..14:16:04.783.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:16:05.900.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250305.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1744
                                  Entropy (8bit):4.996077592752941
                                  Encrypted:false
                                  SSDEEP:24:lmw7C7WDAn28XG6tvqwQ0ODA45pGptvVwmSDAR4EGP9mtvJPDAqT:57IWDE282uHRODf507qPDceP9K9DbT
                                  MD5:3F504B0C418D3029FDFF213BE3DDD411
                                  SHA1:42496280DB7ABD5FA4DC38FDE9651C5A17802333
                                  SHA-256:13C7C26C525B8F2B0285D1E3032ED204A8D71C5BED3920F3ED785C8BC9CAD5DA
                                  SHA-512:B42E6AA86CA65117409C6C9783A95A90AA43DAC5D7FA6C03810B423F708156CD381E1ADFA77FD8DF49E41E2E5FFA781A5D557DBCA4BABE9412AA06A0D5EF2CC7
                                  Malicious:false
                                  Preview:17:30:43.763.INFO.Signaling force websocket stop..17:30:46.084.ERROR.Socket unable to read..17:30:46.124.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:30:46.134.ERROR.WebSocket connection error getscreen.me/signal/agent..17:32:33.001.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:33:33.388.INFO.Socket connected to getscreen.me:443..17:34:53.403.INFO.Signaling force websocket stop..17:34:53.435.ERROR.Socket unable to read..17:34:53.439.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:34:53.439.ERROR.WebSocket connection error getscreen.me/signal/agent..17:35:59.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:36:00.902.INFO.Socket connected to getscreen.me:443..17:38:24.963.INFO.Signaling force websocket stop..17:38:25.184.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20250307.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.976385150296049
                                  Encrypted:false
                                  SSDEEP:12:oKF202Ch+5mtvvyCHfZhvQj8P40JP65bC2ChFapUn2tvvybF6Qj8P40K5T:FF2PG+ItvtBNDA2SbhG2E2tvoMDAzT
                                  MD5:4A3B06742B029EBC7485B1528F607BA4
                                  SHA1:D8D12275D5AD85DB01EE4CAD88E6ECB3CC9C9F8A
                                  SHA-256:0AEB195B7491EE11147105A328444CDA553DDB7ADBB98CF04805191833BCFE43
                                  SHA-512:104EDD589163B145EF0164CA902803E5357F41C0EFEDDA28B017A06CBCF589D11C9DEA2CA2EF3C46C06D6B27293C8F3571D7AFC9D35A19404AE28659F9F2957C
                                  Malicious:false
                                  Preview:20:58:05.041.INFO.Signaling force websocket stop..20:58:47.824.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:59:53.538.INFO.Socket connected to getscreen.me:443..21:01:01.512.INFO.Signaling force websocket stop..21:01:01.562.ERROR.Socket unable to read..21:01:01.632.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:01:01.652.ERROR.WebSocket connection error getscreen.me/signal/agent..21:02:14.735.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:02:30.896.INFO.Socket connected to getscreen.me:443..21:04:38.488.INFO.Signaling force websocket stop..21:04:38.930.ERROR.Socket unable to read..21:04:39.330.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:04:39.340.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250309.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6012
                                  Entropy (8bit):4.984904431047041
                                  Encrypted:false
                                  SSDEEP:96:oPUPjlgjwgY120QPjQ9tSfPnDekR7kcBkqoDkzNfkx:o+pg0geNQPs9tovDekR7kcBk5Dkzxkx
                                  MD5:FF90EDA4F22C4AF4A590293C5B3762D7
                                  SHA1:AE78F95A0B1C2A429A5404CF14842142955FA44A
                                  SHA-256:A4BF9DF49C49F0423E024A65F215F862282EC1457E73A984B83370BB78991ADB
                                  SHA-512:B77E544A503E9B886014112E7E8113498AD6956383F3AD61114D16ED45E45B3AE1F3C47120CF4ED080329172C29A31D59E0C6E459E3D45D2AC4B95D30129CF11
                                  Malicious:false
                                  Preview:00:19:32.581.INFO.Signaling force websocket stop..00:19:48.142.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:20:10.142.INFO.Socket connected to getscreen.me:443..00:22:12.165.INFO.Signaling force websocket stop..00:22:12.205.ERROR.Socket unable to read..00:22:12.255.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:22:12.255.ERROR.WebSocket connection error getscreen.me/signal/agent..00:24:25.395.INFO.Signaling force websocket stop..00:24:28.072.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:24:31.890.INFO.Socket connected to getscreen.me:443..00:26:53.061.INFO.Signaling force websocket stop..00:26:54.374.ERROR.Socket unable to read..00:26:54.374.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:26:54.374.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250311.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2620
                                  Entropy (8bit):5.006556288212515
                                  Encrypted:false
                                  SSDEEP:48:KNhayAD6De9pYD8DelVA9+oAQ/l1xzBCDFtncoDaT:y1DGFDV9+oAQHxdmtcrT
                                  MD5:CA0EDFE54AA629A26D7F40772629424E
                                  SHA1:8EDFBC34CF77A4C4C6E6FC8819870029734AC4FA
                                  SHA-256:629BE33EF3D15C7D9FC1BA9F8BBC361773919113C4DB6D4094143B4CEEEBE712
                                  SHA-512:1971CD56AB74FAA8C2985A73EC67EE5C5016AA4F8BB26C7E04BE40C08C2D076F633EAE1C9D07463C6AF65BD1770133A8DFAE0924752C335733FD4EBCE23862FD
                                  Malicious:false
                                  Preview:04:36:40.769.INFO.Signaling force websocket stop..04:36:52.270.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:37:14.026.INFO.Socket connected to getscreen.me:443..04:39:28.030.INFO.Signaling force websocket stop..04:39:28.100.ERROR.Socket unable to read..04:39:28.140.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:39:28.150.ERROR.WebSocket connection error getscreen.me/signal/agent..04:41:46.618.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:42:46.144.INFO.Socket connected to getscreen.me:443..04:44:11.400.INFO.Signaling force websocket stop..04:44:11.931.ERROR.Socket unable to read..04:44:12.352.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:12.362.ERROR.WebSocket connection error getscreen.me/signal/agent..04:46:37.452.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250313.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.735228136034253
                                  Encrypted:false
                                  SSDEEP:3:OSf4eXNaXXINF+WgIO0/Vyn:OsQXIX+WgIJUn
                                  MD5:23704F3A0BA09CD55FBC89424262C975
                                  SHA1:BE2F5FFBFDE0C5CA930425D4488A2E0CBBEC12A8
                                  SHA-256:DC6B280D7C4DDD3210D404216B56F69409CF6486FC0FFD08C2250063F6A5F087
                                  SHA-512:B94629F5823A10B81785A630528AE459A9467F0CF6BB878D74E1978D5EA613AD744817111A01E65F1C9CD3569D0A2AB429FED0391A842610B11CC63245741FC2
                                  Malicious:false
                                  Preview:08:37:07.522.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250316.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):607
                                  Entropy (8bit):4.934961534799517
                                  Encrypted:false
                                  SSDEEP:12:9IChIFitvvKR2KR2VkqOQj8P40+xVkqn5EChVmtvvn:9IGeitvU222V6DAjxVtEG4tvv
                                  MD5:1EDDDF32F97427E05C36476E22D3E877
                                  SHA1:7C9DDAA521A9CE0525EA8B4B7A8EC7AD8C935C04
                                  SHA-256:CBB00A1488A53D13C78694FAA1CFFCF33264229C042681AEC5E00F27841C76F7
                                  SHA-512:5A072A79564A2B95A459971A2D56B1CBCC0C591BBC01BD8CB4195CBFE32D55D0C503DD64ED79B38BA707B34F8304ABAEF2FCFBB33E1339FD6D7EACCB835775BA
                                  Malicious:false
                                  Preview:11:53:00.590.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:53:11.800.INFO.Socket connected to getscreen.me:443..11:55:22.836.INFO.Signaling force websocket stop..11:55:23.026.ERROR.Socket unable to read..11:55:23.047.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:55:23.047.ERROR.WebSocket connection error getscreen.me/signal/agent..11:56:50.699.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:56:55.161.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250318.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2801
                                  Entropy (8bit):4.997452721553778
                                  Encrypted:false
                                  SSDEEP:48:aDwyo0D503kOCDCF4ZDuBLvsdDsAgTRD4ivY:3yJUnF1BLvTAz4Y
                                  MD5:7FBA854FC6CE330306E1DC620C84519A
                                  SHA1:1DA1195162E5C370DC2A7C4292CEA52F74B2B3B1
                                  SHA-256:A91C35AC4365F8AD111337E008F381FA23054F7C69A7CE0A9D3991365A8F3E2A
                                  SHA-512:92FDD0870E706E32B83B73FF2BB5842803BA61C8DC2814A13AC6F44777B1900E7FB298D6879E33F97336E045D7428DD83FB9CF8FAFBBC83CD76DA50273BEA9B5
                                  Malicious:false
                                  Preview:15:12:47.197.INFO.Signaling force websocket stop..15:12:50.968.ERROR.Socket unable to read..15:12:50.978.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:12:50.978.ERROR.WebSocket connection error getscreen.me/signal/agent..15:13:19.843.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:13:20.081.INFO.Socket connected to getscreen.me:443..15:15:31.772.INFO.Signaling force websocket stop..15:15:32.093.ERROR.Socket unable to read..15:15:32.093.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:15:32.093.ERROR.WebSocket connection error getscreen.me/signal/agent..15:17:57.450.INFO.Signaling force websocket stop..15:18:00.231.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:18:07.123.INFO.Socket connected to getscreen.me:443..15:20:25.502.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250320.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:EfQXVLP4X2XINF+WgIO0/Vyn:EahwX2XIX+WgIJUn
                                  MD5:784D77236C26ACD36315EE9117586865
                                  SHA1:AFF2428DAD9CC728513459E848D104F0C7D976DC
                                  SHA-256:F633023FDEC5397432E447032A110A86FCBFAD0462E05070049BE4B43A30B8A3
                                  SHA-512:55DC57FE9F26ED078D235D192027160A8BC659265E11D35B51486BE626684FE0E5B2FA8ED50FD324BE3C83A845BC0ADBB0050DCD7197AB95A48F5B9E55421A39
                                  Malicious:false
                                  Preview:18:52:28.087.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250322.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1151
                                  Entropy (8bit):4.9898104658243705
                                  Encrypted:false
                                  SSDEEP:24:C2MtvktDACb8URXGTxtvxQz5DAGbZ2jQG1tvv:CfaDXb3wTTm5DnbZAn3
                                  MD5:87F4D50F091336E5C889DF7413745D12
                                  SHA1:B5454BF3219AB17910BB407F38D43BE0007B5531
                                  SHA-256:2F98DEDFEF4B5FCB2C76E0CA18221D11D55753AB731F593167E76DAE515088EC
                                  SHA-512:34487A66354F533DAE958806A601A029AD830FA2BCA1DC7AA0E2073051A346DE0FC9021C0CC8B60195E3E961CE85535FB412E56E22085E739A9246D32CAC8082
                                  Malicious:false
                                  Preview:22:07:04.996.INFO.Signaling force websocket stop..22:08:38.052.INFO.Socket connected to getscreen.me:443..22:09:33.964.INFO.Signaling force websocket stop..22:09:34.245.ERROR.Socket unable to read..22:09:34.285.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:09:34.285.ERROR.WebSocket connection error getscreen.me/signal/agent..22:11:59.558.INFO.Signaling force websocket stop..22:12:04.939.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:12:11.627.INFO.Socket connected to getscreen.me:443..22:14:32.459.INFO.Signaling force websocket stop..22:14:32.800.ERROR.Socket unable to read..22:14:33.371.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:14:33.381.ERROR.WebSocket connection error getscreen.me/signal/agent..22:16:58.486.INFO.Signaling force websocket sto

                                  C:\ProgramData\Getscreen.me\logs\20250324.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2351
                                  Entropy (8bit):4.972685564469787
                                  Encrypted:false
                                  SSDEEP:48:KmSLDKIk2FgDMk+Sqo7L2DckSqDh4DMkHsODskmvAG3:KJqIk2rkoSkSYkH2kMAw
                                  MD5:819B0F94493EA5D440ACBD00C9070B7C
                                  SHA1:EB1EDB6FE61136B0E9049C6F784707BCA1C05AAC
                                  SHA-256:6C47FAAB470329E56E6CDE12E3F18182E4B0EBE422BA97BBA192A1E0D3AA8813
                                  SHA-512:D368A3F81048A3EC4D939B350E2BCCDDFAFD825F25DBCE74A764AFDD81B1D15FB8A507C627ED83D35D21C75B7A01A48A43448F8DF419B2619135EAE9C26A8183
                                  Malicious:false
                                  Preview:01:32:50.701.INFO.Signaling force websocket stop..01:32:54.700.ERROR.Socket unable to read..01:32:54.730.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:32:54.730.ERROR.WebSocket connection error getscreen.me/signal/agent..01:35:16.587.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:35:25.280.INFO.Socket connected to getscreen.me:443..01:37:40.838.INFO.Signaling force websocket stop..01:37:40.908.ERROR.Socket unable to read..01:37:40.908.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:37:40.908.ERROR.WebSocket connection error getscreen.me/signal/agent..01:40:06.298.INFO.Signaling force websocket stop..01:40:23.173.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:41:25.664.INFO.Socket connected to getscreen.me:443..01:42:37.050.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250326.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.950775912189756
                                  Encrypted:false
                                  SSDEEP:12:okPePxQj8P40WK5QoQChGtvvHk9cQj8P40K5QgwXChaQtvvn:okPePxDArieGGtvPk9cDAXDIGXtvv
                                  MD5:874B8632D0F3859701CA79BC3E77CAD7
                                  SHA1:4319D73004BED7701F7C4734AA2613BDFC555064
                                  SHA-256:3376497A3009EB65D6690FF1661E65A96764876E1A8C6F7D85413994C8D74151
                                  SHA-512:1ABDA305DE796D8051F8F94A18FEA7550142FC49C9AD3C1B850EE8105ACCACBDD64596A570664BF8B634BF90894408E8D78A0B8212739C99E7CF4575FAD6D034
                                  Malicious:false
                                  Preview:05:08:24.320.INFO.Signaling force websocket stop..05:08:27.070.ERROR.Socket unable to read..05:08:27.070.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:08:27.070.ERROR.WebSocket connection error getscreen.me/signal/agent..05:10:30.342.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:10:30.590.INFO.Socket connected to getscreen.me:443..05:12:52.578.INFO.Signaling force websocket stop..05:12:52.609.ERROR.Socket unable to read..05:12:52.609.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:12:52.609.ERROR.WebSocket connection error getscreen.me/signal/agent..05:14:08.491.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:14:09.841.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250328.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.9958373926157496
                                  Encrypted:false
                                  SSDEEP:12:c52q/MQj8P400N5OmNwR2Chrtvvpe3rKBQj8P40m5T:c52q/MDAFjOmCQGrtv8WDATT
                                  MD5:BD9201B89C5E6092FB9CC72ECD337DF7
                                  SHA1:341009FD7BE8AE6692924B0861F6AF3D82A191F7
                                  SHA-256:5AC0A21D40C7F2C1CEFBE866C0148E006E7F8643270274D872D5C4A21014C691
                                  SHA-512:A3F18E7213AAFFCD526AE4792ACBB4C06B08D4DCA9452A7A6ED3C372FBD0B7854CC787D1D043BAA3F02774874584028707DB83091D23BCEB7D703050FBC2B85D
                                  Malicious:false
                                  Preview:08:30:43.166.INFO.Signaling force websocket stop..08:30:59.821.ERROR.Socket unable to read..08:30:59.821.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:30:59.821.ERROR.WebSocket connection error getscreen.me/signal/agent..08:33:13.807.INFO.Signaling force websocket stop..08:34:18.984.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:34:21.453.INFO.Socket connected to getscreen.me:443..08:36:43.192.INFO.Signaling force websocket stop..08:36:43.262.ERROR.Socket unable to read..08:36:43.292.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:36:45.123.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250331.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6563
                                  Entropy (8bit):5.005226026889122
                                  Encrypted:false
                                  SSDEEP:192:4cLosSU3oLbKgw378wBdbG+eAJnL9XK+qE3:7l
                                  MD5:5FBB9796AD98ABB2E076CFCF4FEA0F02
                                  SHA1:680C3461F2912CEC2378C608F1473F44ED6907BB
                                  SHA-256:ABCAD8F70589AB3258C6E4B76A7CDF5CD54651ABE275E050F6258525B47357B8
                                  SHA-512:11BD4C61C3FF5C2C3596A7594E72EE5601D8EE5DF3829336EEBB983CFC9FF7278B9788D84787A0207A3E92826A87083EDB931FB254A35B0A14D227D4DB5D6FC5
                                  Malicious:false
                                  Preview:11:52:43.951.INFO.Signaling force websocket stop..11:52:45.812.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:53:06.593.INFO.Socket connected to getscreen.me:443..11:55:14.215.INFO.Signaling force websocket stop..11:55:14.746.ERROR.Socket unable to read..11:55:14.776.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:55:14.797.ERROR.WebSocket connection error getscreen.me/signal/agent..11:57:28.273.INFO.Signaling force websocket stop..11:58:59.401.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:59:18.666.INFO.Socket connected to getscreen.me:443..12:01:24.774.INFO.Signaling force websocket stop..12:01:25.246.ERROR.Socket unable to read..12:01:25.246.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:01:25.247.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250402.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.978408308645835
                                  Encrypted:false
                                  SSDEEP:6:Ks2XIX+WgIJUUZUUMmUzKHud2M0CCQP5K0C5UzKDDNBQEQ4:R2KZ3uxQj8P40QuK5T
                                  MD5:3513D2826891776DD2C9514E00DB89BF
                                  SHA1:6863156E33FEA130AC6113A48225B62B4F522FEA
                                  SHA-256:F8B126C530BF09AD3E1B27B66447946B2F38FCA71F9690036915F01FE52FE63C
                                  SHA-512:015B77CBB3EA58CF21514A8B13DE4EA4F9CDA3DBAB7B490650EA24311122C376A2EDB5006987BCB1CE3DA674A89CA25659F4A3B90F2C809396A8B2CFB8A00E76
                                  Malicious:false
                                  Preview:16:20:08.504.INFO.Signaling force websocket stop..16:20:13.557.ERROR.Socket unable to read..16:20:13.597.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:20:13.597.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250404.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.809885734480457
                                  Encrypted:false
                                  SSDEEP:6:RcSiXIX+WgIJUUtgss2XIXNLD4EQmTimdzvRWl8Rvvn:RjiKtgsXChTimtvvn
                                  MD5:1183AF72688B184FF635151030331859
                                  SHA1:AF9CB469B108A05C95E85F43F486FD69A46C2797
                                  SHA-256:864F1FB6254A90CE22B5D4EA2A99C0051B6E901FD6E1B34C5CB5A4607E0917EA
                                  SHA-512:1D636A5812C36B071AB0A97A2D0F8D9A1E7A795F5A7693BBAA5765AC68B500BD2E27DAA516791B4D4FA60A415AED1C5D34F4217E7FF8C71564238758DE62936F
                                  Malicious:false
                                  Preview:19:35:12.728.INFO.Signaling force websocket stop..19:36:02.670.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:36:05.602.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250406.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2004
                                  Entropy (8bit):4.9897576224939755
                                  Encrypted:false
                                  SSDEEP:24:ZGDArbsGVXtvfQDAyb5gGwtvQlDAGbMXI2GgXtvWlDAFbum8QGLtvv:QDCbhVdgDLbHgqDjbFgdkDMbhQh3
                                  MD5:EB9BF85E7C988AB5EA2FDF6BA7A1F63A
                                  SHA1:7CDA74FFF672D37FF4FE34A8E4B2B99A5AD7A5C9
                                  SHA-256:BA3FB7974F31FA9A5B1C5190218ECBB1BD5410F8B04BDC788CCA537398A5C4A0
                                  SHA-512:BDEC138C5690F39D95484BADA479B1E4546279CF280FB30CF0FD27782B18B51C2386035FF6695071967453E0FAB1F94ED4287FCE635A30A5FAE8C30564C39E15
                                  Malicious:false
                                  Preview:22:50:40.624.INFO.Signaling force websocket stop..22:50:42.721.ERROR.Socket unable to read..22:50:42.731.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:50:42.731.ERROR.WebSocket connection error getscreen.me/signal/agent..22:52:59.252.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:53:01.021.INFO.Socket connected to getscreen.me:443..22:55:22.997.INFO.Signaling force websocket stop..22:55:23.198.ERROR.Socket unable to read..22:55:23.238.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:55:23.248.ERROR.WebSocket connection error getscreen.me/signal/agent..22:57:48.409.INFO.Signaling force websocket stop..22:59:19.871.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:59:21.668.INFO.Socket connected to getscreen.me:443..23:01:44.549.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250408.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.941891534646425
                                  Encrypted:false
                                  SSDEEP:6:pXXIX+WgIJU1SEkMjSEkud2M0CCQP5K0CA/SEgDNBQEQ4:pXrSsSeQj8P40xaX5T
                                  MD5:FBD7CC96C3A4065F5ECA25E4C3E3CF8E
                                  SHA1:9A9DE3C389E76ECB257D38731DEF5FE45A6E342C
                                  SHA-256:9BC0A1F29BABECA9F433BAAE375D74D9749B892B33DB3983E84DF5CF5245C6AE
                                  SHA-512:B039D4CF91F61DC4AC0CC53A12F2BC2DB1C558853B60CFF3B98789F452B61CDBC7B567152FACD67C764DF8703BF23BBF7FF4DCAF3FB7D2F6142DD4DE20CF7E30
                                  Malicious:false
                                  Preview:02:27:34.399.INFO.Signaling force websocket stop..02:27:38.172.ERROR.Socket unable to read..02:27:38.172.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:27:38.172.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250410.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.806656707462825
                                  Encrypted:false
                                  SSDEEP:3:0wsN3qs2XINF+WgIO0/Vyn:0fX2XIX+WgIJUn
                                  MD5:8C2BA617DA7FD71295926369C42AB6A0
                                  SHA1:A29649BD22CF36208C85A77C0A5353807832D6B2
                                  SHA-256:E659B557D2D5DE12FF373F36A6578B75090C0009AD3D7F3D4849137D6F45522C
                                  SHA-512:86D742D9DBF9F47FE4035C06931BD077BFEC19586FF5E388CB09C028545A86D8FE943E0BB266C98CC173F7184B27416A68B4587751EF1856F28F70BAD45F80C3
                                  Malicious:false
                                  Preview:05:43:29.486.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250412.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):571
                                  Entropy (8bit):4.988012343123006
                                  Encrypted:false
                                  SSDEEP:12:IqZXTJvsXChTtvvBUXo4O4t0xQj8P40VC58U5:lTGGTtvCXmDAR8U5
                                  MD5:F09B744919EDABA82012DB2D4711B23A
                                  SHA1:4C42C2A063AACE57412BED8C0B1887453FF0A4AC
                                  SHA-256:DD88509702A49AF828A3548A5D00919E8BBFF4F56833FE86BB1CD50B58B91D53
                                  SHA-512:6C97F0C6EF074356F0597578A6C0B81A18BEC8D207B1F75E96FD214F3FE5D267B2C7C5A50138D2487ADC82E5BEB153A1DFCECF9948193BE47DA08E64363A5FD2
                                  Malicious:false
                                  Preview:08:59:10.691.INFO.Signaling force websocket stop..08:59:28.309.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:59:35.688.INFO.Socket connected to getscreen.me:443..09:01:51.952.INFO.Signaling force websocket stop..09:01:52.203.ERROR.Socket unable to read..09:01:52.233.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:01:52.243.ERROR.WebSocket connection error getscreen.me/signal/agent..09:04:05.678.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250415.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.974550036263957
                                  Encrypted:false
                                  SSDEEP:6:OMfwoWXXIX+WgIJUUsedLXZXXIXNLD4EQm2dzvRWl8RvvjMWXIX+WgIJUUURuHMO:4XKsCLpXChGtvvdKIdcOQj8P405S5T
                                  MD5:0D0AF9E325F7ABA6F1B03B855B244D50
                                  SHA1:1754FCBB8E0BCBBD5FF241E8929F0AD77C350C87
                                  SHA-256:E58AB7391CF55B721D909E1B93E0994E7D06FB345D29A5531DE70A4DA30E9945
                                  SHA-512:DEB01799135E07A8A049A0D02B4F78BFC5B939F172C147A38C8DF17478CE6BE520570519AD42E4F3818FF223B6EB60513F7610E795ABCDC11ADC2D46948B8FE7
                                  Malicious:false
                                  Preview:12:18:43.719.INFO.Signaling force websocket stop..12:19:48.283.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:19:53.431.INFO.Socket connected to getscreen.me:443..12:22:13.978.INFO.Signaling force websocket stop..12:22:14.189.ERROR.Socket unable to read..12:22:14.239.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:22:14.259.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250417.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):139
                                  Entropy (8bit):4.766576075512688
                                  Encrypted:false
                                  SSDEEP:3:J8gRV5jmXINF+WgIO0/VyUgRUIXXINFDhL1JDEELD8Kru5:CgR7mXIX+WgIJUUgRUIXXIXNLD4EQh
                                  MD5:3FBD71288D57B82ECB359FD5D7826C5B
                                  SHA1:E8276347274EA0F806F767A58C2EF626E56D7CA5
                                  SHA-256:3200D06A42799C48E3FCE293BA7F8D362F348DC1C561A2CBCE3DED0A1BC14A25
                                  SHA-512:6FB3F67BA6C2E0E9A9D2B22B50EDB9C375367AE0EA6B1868DA5A107660A9CD6134A604E3EDF255460C9917A0A4FBC1CA09CA9C0C95DABD1B64148EC81DE91EFD
                                  Malicious:false
                                  Preview:15:38:46.340.INFO.Signaling force websocket stop..15:38:46.341.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20250419.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):325
                                  Entropy (8bit):4.981709499400014
                                  Encrypted:false
                                  SSDEEP:6:E2oriXIX+WgIJUUSt+XdzvRWl8RvvRQRud2M0CCQP5K0CyhCqDDNBQEQ4:EbiKSMXtvvnQj8P400q5T
                                  MD5:72B2D16752E16D77C79B36AF93046B76
                                  SHA1:DDE21F94E66934BE9FAAC4BB388ED445B46A7518
                                  SHA-256:4B1EF70C9EBC7B6A3E337557186839ABE937496E8217EDE1DEE91FD69CC99647
                                  SHA-512:F4AAC6B2170FC614C4CC9EE37B12A56BFD722EF10CC6E78A095D34E0EE11719D3059689316966733FC9052F001C4918470F17A41712F4EE020F83D665CF06113
                                  Malicious:false
                                  Preview:18:53:18.353.INFO.Signaling force websocket stop..18:53:19.528.INFO.Socket connected to getscreen.me:443..18:53:19.951.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:53:19.961.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250421.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1030
                                  Entropy (8bit):4.973060197242189
                                  Encrypted:false
                                  SSDEEP:24:4YQG5ZXtvudXUA6AhDAtAybFTIjXGetvkFDAoiT:v5Zd26PADSvbS2yODcT
                                  MD5:C34667E23634A622973641FE069C04A8
                                  SHA1:722A33B816357206DC5E3C788999BD3EFE39727A
                                  SHA-256:569FEE918CDC106EED29D6741104DE6781E4B573475943CE90DBE9ECE741F912
                                  SHA-512:3F6723C3875A8E4CF5BDB7D8A5474EFE58EEB11E77FE237A8D94B97208AC6AB6E197E934A39F6B6060B615231DE7A95213C098B213EE942796D4D8C62E5C6F63
                                  Malicious:false
                                  Preview:22:08:58.148.INFO.Signaling force websocket stop..22:09:52.122.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:09:56.583.INFO.Socket connected to getscreen.me:443..22:12:24.739.INFO.Signaling force websocket stop..22:12:24.850.ERROR.Socket unable to read..22:12:24.850.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:12:24.850.ERROR.WebSocket connection error getscreen.me/signal/agent..22:14:50.021.INFO.Signaling force websocket stop..22:15:52.083.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:16:02.882.INFO.Socket connected to getscreen.me:443..22:18:17.029.INFO.Signaling force websocket stop..22:18:17.950.ERROR.Socket unable to read..22:18:17.950.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:18:17.951.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250423.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.747977937994719
                                  Encrypted:false
                                  SSDEEP:6:gWAXIX+WgIJU+lLWXXIXNLD4EQafUJypn2dzvRWl8Rvvn:TAg4XCh18Jin2tvvn
                                  MD5:61CDE8D088049A7DE6F8A8E1EF92E99F
                                  SHA1:F94D5AD70C96F8BBD25317E93C0B7655D65871DC
                                  SHA-256:9D44A98154DBEEAFF6B681531D65EDEDEFD4AD398A8E856BE1A3F67DC5184F61
                                  SHA-512:BDAB9E2F5FD4B8B5ABBA6463881C0DB13285C8C32DDE7AFF6FFFB7A3E7EE62CE1A84596EBD8AC56F093993B9C45339AB76C44B150C8604912567F63170ACBDA8
                                  Malicious:false
                                  Preview:01:33:55.050.INFO.Signaling force websocket stop..01:34:16.369.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:35:18.416.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250425.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.963775500951837
                                  Encrypted:false
                                  SSDEEP:6:u4X2XIX+WgIJUmUyMdHud2M0CCQP5K0CGbDDNBQEQYRo2XIXNLD4EQNW2dzvRWlG:zmM9Qj8P40D5zCh52tvvn
                                  MD5:E7F189BCA1F367551482A241B7023BF1
                                  SHA1:81C9F3553F824E70EC692432AF380EFB5AA5678E
                                  SHA-256:77F98D1A5C341A953ED3468472764651F4CFB8FA59E2E3857141EBAE6E7DE62F
                                  SHA-512:AF8D3C31C396AA153FB7982451E99B98199AE67269E7FC012A48DF653CBBE89E8BA1E9601C686BDDD4400B029D7C59F9DDF6395E234B1F9DA031B40254BD1BDC
                                  Malicious:false
                                  Preview:04:50:31.287.INFO.Signaling force websocket stop..04:50:33.351.ERROR.Socket unable to read..04:50:33.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:50:33.361.ERROR.WebSocket connection error getscreen.me/signal/agent..04:51:27.945.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:51:28.386.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250427.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:N1zJjmXINF+WgIO0/Vyn:/EXIX+WgIJUn
                                  MD5:F54BC57429154D29548F9A7047612E1C
                                  SHA1:5C26A3CF006C2771CA7596ABC81279828F86FF01
                                  SHA-256:C48D1D6C7005405F6D03845555ABBBD74464D7D3B232FAA73C7D260A66760502
                                  SHA-512:0B9ADBDF31DF8CF7608E2D8668206508F550312ECE8F61E9722E9D4AF94FD1ABAEE9EEFB11020D24AAB0714FA568CC42A80BFC986F8A0E8888824A9929A9FC5A
                                  Malicious:false
                                  Preview:08:07:16.312.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250429.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1800
                                  Entropy (8bit):5.00733767897821
                                  Encrypted:false
                                  SSDEEP:24:EQ0DATLuXG5tvTEwpcADAyvVgGHtvOHDAX/25GvmtvhFXBmVDAKeV5:uDSu2LbEocAD3v3NaD2/xSJJsVDteH
                                  MD5:51FABC881D6CC3B0716B91B711CCC325
                                  SHA1:C6CA10F744015A5CFA8572012EE205A742E43C58
                                  SHA-256:22D4CFF61967BC1710EBE623634D3B4B71CAB1F9FCCF368668777A054BE3422C
                                  SHA-512:FDA1A7C6E5B48AA612786B2AB37BC530253ACFDDFAAC164D398708B3C1E6C9128CE881F3106B813DB931B36DE67F7D54A375ED02506F80B83387BFB0EF612B5E
                                  Malicious:false
                                  Preview:11:21:46.479.ERROR.Socket unable to read..11:21:47.277.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:21:47.277.ERROR.WebSocket connection error getscreen.me/signal/agent..11:22:40.987.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:23:10.112.INFO.Socket connected to getscreen.me:443..11:24:54.950.INFO.Signaling force websocket stop..11:24:55.252.ERROR.Socket unable to read..11:24:55.252.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:24:55.252.ERROR.WebSocket connection error getscreen.me/signal/agent..11:27:20.473.INFO.Signaling force websocket stop..11:27:30.992.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:27:32.792.INFO.Socket connected to getscreen.me:443..11:29:56.068.INFO.Signaling force websocket stop..11:29:59.236.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20250502.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1545
                                  Entropy (8bit):4.988510473358732
                                  Encrypted:false
                                  SSDEEP:24:qtGQtvyzODAcYxG2tvg5EDA4g1GstvUHDA+T:xAKSDxfaUEDFvcYDjT
                                  MD5:A74C3DAAB050A8216E0A157751514834
                                  SHA1:1CE9CFF5EE737BC86E857408B8D3E2EB05658CDD
                                  SHA-256:BAB3FB19F0D82E0EA2B752CB39137E7F76E6D89B68C728B28D1E0AA24A80AFE6
                                  SHA-512:2DEB0161E501B9CABE4AD862F0C679BD9694D57B02DB7070A17E251B107F459C0659C3E0ED5800446D1B02C4E5885CE02A992B408AFA87F36F29C47678D52EEE
                                  Malicious:false
                                  Preview:14:53:17.032.INFO.Signaling force websocket stop..14:53:21.524.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:54:00.289.INFO.Socket connected to getscreen.me:443..14:56:10.445.INFO.Signaling force websocket stop..14:56:20.199.ERROR.Socket unable to read..14:56:20.219.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:56:20.229.ERROR.WebSocket connection error getscreen.me/signal/agent..14:58:45.485.INFO.Signaling force websocket stop..14:58:55.285.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:58:55.494.INFO.Socket connected to getscreen.me:443..15:01:09.327.INFO.Signaling force websocket stop..15:01:12.231.ERROR.Socket unable to read..15:01:12.252.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:01:12.252.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250504.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1234
                                  Entropy (8bit):4.980399553797636
                                  Encrypted:false
                                  SSDEEP:24:EeDvv2GgotvRJDAOp2gyG5XtvxDXnhzDAyw06Gytvv:EavRbDbH5d5jhzD1w4W3
                                  MD5:413EF2AD291B22C613012953AEBB4AD9
                                  SHA1:1986FC29F366ED5ACF5EE09B08EB12546D0173D4
                                  SHA-256:B3F3C1EF1944144458B493F577457D5AB7F17A0152B2248A481A6DE7C6FB50A9
                                  SHA-512:C90DE2AF4FBB781F711FEF981038891D1F8BA910B90FD2E69B03B8E17D3016FD5545375629B43CB3C9F604703CC284EC80DE56ED327EDDB269E5925E388E16B2
                                  Malicious:false
                                  Preview:18:21:00.227.INFO.Signaling force websocket stop..18:21:39.196.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:21:45.234.INFO.Socket connected to getscreen.me:443..18:24:02.819.INFO.Signaling force websocket stop..18:24:02.819.ERROR.Socket unable to read..18:24:02.819.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:24:02.819.ERROR.WebSocket connection error getscreen.me/signal/agent..18:26:15.797.INFO.Signaling force websocket stop..18:26:52.588.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:27:01.780.INFO.Socket connected to getscreen.me:443..18:29:18.167.INFO.Signaling force websocket stop..18:29:18.898.ERROR.Socket unable to read..18:29:18.908.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:29:18.908.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250506.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3652
                                  Entropy (8bit):5.010126897313368
                                  Encrypted:false
                                  SSDEEP:48:ViGDnbwCoabegDGb/pJ1D6+bi2prdgWMiD5VbH2RDmTPD1b2Tl9TncDvbAzdrQDR:VTMCVej77U+W2prVT2RW5szOszVi5Bv
                                  MD5:4C4B9F45904B27F5AB210BAA91BCE13E
                                  SHA1:E57764304CD433C3FDE95504739F695813F086CC
                                  SHA-256:426349B070C1EAC38A7C232E54412DAAD73855675EA2EEDEE4F14B06FF4D63D8
                                  SHA-512:7B2C2F94BBF8F4A82B6360538D53B2B9059CCF8D75FFCB748F28EAF710A39207F5FAFEBD15265B9256CA4F59FD7AD7C018401C513C79F814D9B04EB9E104E5B9
                                  Malicious:false
                                  Preview:21:47:21.351.INFO.Signaling force websocket stop..21:47:40.783.ERROR.Socket unable to read..21:47:40.803.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:47:40.803.ERROR.WebSocket connection error getscreen.me/signal/agent..21:50:05.860.INFO.Signaling force websocket stop..21:50:36.393.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:52:27.676.INFO.Socket connected to getscreen.me:443..21:52:50.341.INFO.Signaling force websocket stop..21:52:56.215.ERROR.Socket unable to read..21:52:56.215.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:52:56.236.ERROR.WebSocket connection error getscreen.me/signal/agent..21:55:21.547.INFO.Signaling force websocket stop..21:56:51.542.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:56:57.578.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20250508.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):121
                                  Entropy (8bit):4.705344697835151
                                  Encrypted:false
                                  SSDEEP:3:gRadLWos3X2XINF+WgIO0/VyVU5uWzJsas2dzvRWAAEzRWovn:gsd0X2XIX+WgIJU+5uEs2dzvRWl8Rvvn
                                  MD5:A1147E1037B1BB306FBB57D1711F1895
                                  SHA1:5099B4F81E9A7E96B970833092C31375EEBC8AF7
                                  SHA-256:17380CCB89A91FA31571FF2D43EB8E94C8452BD8640DF8CA9E924A691E90ACF3
                                  SHA-512:73B4FFB3DA32D409E0DC04CA94C0ADCA2FE30B520F108299D0DAC144472130DCDE4886156970E313B2489F1DA469123C719B6E0C42BA32603C276DFB813541CB
                                  Malicious:false
                                  Preview:01:49:08.304.INFO.Signaling force websocket stop..01:49:36.625.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250510.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.909761556966025
                                  Encrypted:false
                                  SSDEEP:6:07AgX2XIX+WgIJU6YMsfgud2M0CCQP5K0C8DNBQEQYKVbNns2XIXNLD4EQdNs2dz:bkCdQj8P40x5QVbNnXChktvvn
                                  MD5:6C64276538340D825CD5F9400FEF8B4F
                                  SHA1:F14B794250F083566484D0486A6668ED9BF785EF
                                  SHA-256:CA03C77483775798D9FBD487621186EA67CC3BB4236A4C1EBD892D40B4E1DCCC
                                  SHA-512:ACA050A0AE3DBBAFF05B72F29E835F780CA88934EA2E69A2AB2B6C5C468CC2ED8E92105009C790978E155E99C963C820DD9045E26726A70DD9877D7ECF2DB235
                                  Malicious:false
                                  Preview:05:04:42.787.INFO.Signaling force websocket stop..05:04:46.006.ERROR.Socket unable to read..05:04:46.006.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:04:46.006.ERROR.WebSocket connection error getscreen.me/signal/agent..05:06:28.955.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:06:32.557.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250512.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.9729334886431005
                                  Encrypted:false
                                  SSDEEP:6:YriXIX+WgIJUP1pMZ1pud2M0CCQP5K0CK/9DNBQEQYdeTn2XIXNLD4EQBP2dzvRB:zR1E1EQj8P40x5k2ChM2tvvn
                                  MD5:41DFDC2AAEB199772FF1ED9DA5D51146
                                  SHA1:B1DAB1BEF9191F00592B36FF08DC8C9BE30AFBBD
                                  SHA-256:587D6641C8AE26DC16B2A6E5DC83853EB5F6A35EEB254938EE3EB90DF97DFBA5
                                  SHA-512:B832955F6915BB50D2B664A3A64C8D3A08AA39A9497239F63400062FAE268BE3E6065D875CBF45ADF46612C955E62FC4561794A42C8E7FDC3BB233E39B35B12B
                                  Malicious:false
                                  Preview:08:22:35.779.INFO.Signaling force websocket stop..08:22:38.969.ERROR.Socket unable to read..08:22:38.969.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:22:38.970.ERROR.WebSocket connection error getscreen.me/signal/agent..08:23:59.415.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:24:02.079.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250514.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.6637995646056805
                                  Encrypted:false
                                  SSDEEP:3:N+ShdRjmXINF+WgIO0/Vyn:nhdRjmXIX+WgIJUn
                                  MD5:1C2B9AB0D9196C9E29447F8432950226
                                  SHA1:42A479917D2841F421006C6DAD938AC65E1BDB05
                                  SHA-256:BD2B5C176EBDEF871556F3C27B2653889426362DBADF46E65294253CCE2E3CF9
                                  SHA-512:293618C561400AF11F144C1DCADDC2F9FFE3B3F808D383B227AA2AD41D6E4DA88D1632633FE5710D4A7D74901C612DCFF40A2F9B5EE7D47EEC716283F80969D4
                                  Malicious:false
                                  Preview:11:38:50.888.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250517.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.985122011684633
                                  Encrypted:false
                                  SSDEEP:6:IvVIHM+fud2M0CCQP5K0CLbDNBQEQWR2XIX+WgIJUn:INIrWQj8P40Q/5H25
                                  MD5:FC42DA324EE9B23B8D3ED83BD41AB162
                                  SHA1:473C7294079AE9DE5B6E6EBBCFD2726FDF939AC4
                                  SHA-256:6C5C4A31BF1610B58919C3B5F620382F0EEE0369456BF44CE08E875C5E5BEFD9
                                  SHA-512:EAEA258E058BD4F9C1D66AC285220EDA5D65C90BB46F567D48918EC51A5678AA944B48FBE4B9C8977315669D44424F9F1C9BB0871CD058915C74220EEC74B202
                                  Malicious:false
                                  Preview:14:53:22.039.ERROR.Socket unable to read..14:53:24.616.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:53:24.616.ERROR.WebSocket connection error getscreen.me/signal/agent..14:55:37.344.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250519.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4100
                                  Entropy (8bit):5.004914153710725
                                  Encrypted:false
                                  SSDEEP:48:EECrZD0wd7IYDHSxGOxDmiAzmrD8/DavolVMDqhkFhdNDx2DFwDnfHwDFon3:5CK+7LSDAa8EU/hMhdT2DYfso3
                                  MD5:A078AF50420B41CD4CA74D38820320AE
                                  SHA1:6E62E5AC63342CF7431FB11248546D4C54BDC774
                                  SHA-256:58D132F7EEAB7D3DA188BAE734B507FD5CA3BD45F0F51FD2CBABEF7B7F2F0CBB
                                  SHA-512:3901187E58EE5BF744F564FAE6AED8AA6B3D9A92199295DE7B15BA19B6D906B894A889CFCC62F93FB330602EFA890E85D61ABB4574887A712BDA55141BAFCED3
                                  Malicious:false
                                  Preview:18:10:26.905.INFO.Signaling force websocket stop..18:10:49.225.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:10:52.391.INFO.Socket connected to getscreen.me:443..18:13:14.557.INFO.Signaling force websocket stop..18:13:14.858.ERROR.Socket unable to read..18:13:14.908.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:13:14.918.ERROR.WebSocket connection error getscreen.me/signal/agent..18:15:40.356.INFO.Signaling force websocket stop..18:15:44.819.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:15:49.962.INFO.Socket connected to getscreen.me:443..18:18:08.273.INFO.Signaling force websocket stop..18:18:08.845.ERROR.Socket unable to read..18:18:08.865.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:18:08.865.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250521.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1856
                                  Entropy (8bit):4.997843491241839
                                  Encrypted:false
                                  SSDEEP:48:FD5bAwtiMDybG1TNvhBDZSbfvs/KODa5T:7kwEUubzr5T
                                  MD5:30F0F12A63049E841B21C4594AD1CA1C
                                  SHA1:5BFA2E641D09BD68C2F0D66D35B45B094BAE4435
                                  SHA-256:5CB18A387D921701DB6A51E9D5C39B0BA593AC45DE299D93F0A6019811D75293
                                  SHA-512:EE9D6E4AFFC78258658EAE6E16F592CA339193D8326D2403E57591C90BBB3282A3FFFEF14B70B2E8520C7EFCA9398D1F88799EBB82ED2A721E855CB5D6B83B30
                                  Malicious:false
                                  Preview:22:02:25.708.INFO.Signaling force websocket stop..22:03:23.114.ERROR.Socket unable to read..22:03:23.164.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:03:23.164.ERROR.WebSocket connection error getscreen.me/signal/agent..22:05:48.223.INFO.Signaling force websocket stop..22:06:29.158.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:06:39.918.INFO.Socket connected to getscreen.me:443..22:08:52.956.INFO.Signaling force websocket stop..22:08:52.966.ERROR.Socket unable to read..22:08:52.986.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:08:54.340.ERROR.WebSocket connection error getscreen.me/signal/agent..22:11:18.192.INFO.Signaling force websocket stop..22:12:04.910.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:12:28.180.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20250523.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.735228136034253
                                  Encrypted:false
                                  SSDEEP:3:gW5VQYXXINF+WgIO0/Vyn:gWXXIX+WgIJUn
                                  MD5:37CA237F1BA0681066BB44B42B087BCC
                                  SHA1:206ABD698A50926A8639A83E00E67C0D7EC4DDC1
                                  SHA-256:5DFDCD57B3A5510C946821751E4F510B9634C7D0463DE6A286BDDE4F292C0B10
                                  SHA-512:4116146472089F17E1D26AE999A59289264879D53C5E99C0A564AF6E4E8218F1C27AB927263A2631A1C19BAA8BA0444A3012E0182BB15C4014FD93135315D8B0
                                  Malicious:false
                                  Preview:01:34:37.102.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250525.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):663
                                  Entropy (8bit):4.94952898383828
                                  Encrypted:false
                                  SSDEEP:12:rZChIX2tvvL2qxQj8P40/K5KChlpn2tvvn:rZGIX2tvT2qxDAKiKGPn2tvv
                                  MD5:4AFB628CD6B98B7B11451E218FC5C159
                                  SHA1:BEFCB8F4E7B72D42FD60F762941F862C12E5A8C8
                                  SHA-256:FEF2235FD3A6E34A8608E1276CBE3A00968E9D4DB34BAFD34F4E4571C695ACE2
                                  SHA-512:A90A193955F1F6A693A810C4983DD03457FB4745B987CD2ABB5386486AFDD33C5C7905213A1BA033F90A364645D3F23C2C8DF0FCB32BD4B6F29941F66C2FC1C2
                                  Malicious:false
                                  Preview:04:49:56.728.INFO.Signaling force websocket stop..04:49:57.897.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:50:39.566.INFO.Socket connected to getscreen.me:443..04:52:25.066.INFO.Signaling force websocket stop..04:52:29.492.ERROR.Socket unable to read..04:52:29.493.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:52:29.493.ERROR.WebSocket connection error getscreen.me/signal/agent..04:53:40.013.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:53:42.016.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250527.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.970185551701096
                                  Encrypted:false
                                  SSDEEP:12:Qj/K0cW0cjQj8P40xu0cU5PRBH2ChuitvvPeXVQj8P40U5T:y/K0cW0cjDAgu0cAJBH2Gbtv3aVDAlT
                                  MD5:2D36ECF20F438384340A0D0F120BDAE9
                                  SHA1:829FC97CB9A631148472F89B7869E3B43AA07CE5
                                  SHA-256:A9E9291DB25BAB6E5A4F02771114BE18C0D2C75E8B3F8473F74293753C67C790
                                  SHA-512:A48B7AC3675FC7F301F5968C329CA52C0ABEBA11E9F705D891A2AD56AE1BA63434CC4472EF7850BB6435745C0F848AF9A2CD49A391BCC5794FEDA1F98CB7B036
                                  Malicious:false
                                  Preview:08:08:54.427.INFO.Signaling force websocket stop..08:09:01.001.ERROR.Socket unable to read..08:09:01.001.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:09:01.001.ERROR.WebSocket connection error getscreen.me/signal/agent..08:11:13.735.INFO.Signaling force websocket stop..08:12:54.677.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:12:59.179.INFO.Socket connected to getscreen.me:443..08:15:20.291.INFO.Signaling force websocket stop..08:15:20.361.ERROR.Socket unable to read..08:15:20.392.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:15:23.108.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250529.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6619
                                  Entropy (8bit):4.999834311203596
                                  Encrypted:false
                                  SSDEEP:192:NvhfxAsnNvmdZIMdXsUJc46XYzYUB122dDU6K0E:rx5wbc46O+
                                  MD5:B4E86A7CFA0559058AB3D0528297FAD1
                                  SHA1:FA89B131B3B09F4AB69BB91A0D02282A8DCBAB3A
                                  SHA-256:D2B6C904A31421E6105B10691A70DC04C6DA828DC1422C76B958CE80B315E0AD
                                  SHA-512:3B84A45D48E5D75930E00D02C54483C2358F9C2EE7E25E0D022670CB55B5CA476EC46122362E38154F15E8882E2FFB165C21E982AE35CADF14885E14D971487C
                                  Malicious:false
                                  Preview:11:30:09.633.INFO.Signaling force websocket stop..11:30:52.960.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:30:53.179.INFO.Socket connected to getscreen.me:443..11:33:16.870.INFO.Signaling force websocket stop..11:33:17.301.ERROR.Socket unable to read..11:33:17.331.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:33:17.331.ERROR.WebSocket connection error getscreen.me/signal/agent..11:34:52.723.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:35:56.600.INFO.Socket connected to getscreen.me:443..11:37:06.576.INFO.Signaling force websocket stop..11:37:06.637.ERROR.Socket unable to read..11:37:06.998.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:37:06.998.ERROR.WebSocket connection error getscreen.me/signal/agent..11:39:13.872.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250601.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):255
                                  Entropy (8bit):4.862847418287474
                                  Encrypted:false
                                  SSDEEP:3:JaFjHKZA124Vb3X+//KKX76VyITHiC1uPLRyOML0Hiq2VGsgsTAUOg1MGXAELD84:8M6lHud2M0CCQP5K0Cls2DNBQEQ4
                                  MD5:638CC3EE74287F8609C7DA62B796BB8B
                                  SHA1:4EF4BA24D426BDCBE4C63C5DAEF06D8666372975
                                  SHA-256:3F8A0E2338FE0F14A04906D263A8909DBEB42CDA641C90518C92DEAAE65A191A
                                  SHA-512:8565F134D7C9EDBB7182035762D2D7082AEF2E1BEBDD4DEF55811BA8B611EACB86E7114E8CBD1069E4F1825CE6AA70AAC02C64D7B5ED3F98F02BA8CCF3770AB1
                                  Malicious:false
                                  Preview:15:54:05.608.ERROR.Socket unable to read..15:54:08.197.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:54:08.207.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250603.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.752294528785093
                                  Encrypted:false
                                  SSDEEP:6:WF4mXIX+WgIJUUq6r2XIXNLD4EQketOidzvRWl8Rvvn:WF4mKGChlAtvvn
                                  MD5:6B5B23436D4B059828B9732C17A50A0D
                                  SHA1:1996D3F5EA4259ADFA21F5F7250DF013FD981FEC
                                  SHA-256:3341170B47D8C5482590B40ACE1545BC54560CBA298DDB6EA42CCB74F582EA1E
                                  SHA-512:7BD8418E2C268A8669192390AF43066E2E492C231B56B834BAF7DE9245B6329BD39BA5A7E19806E4A139C7828E99C97AAF6798B3939A3FE25DC00ED3B3576C9C
                                  Malicious:false
                                  Preview:19:09:50.521.INFO.Signaling force websocket stop..19:10:11.927.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:10:14.630.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250605.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.958312742546196
                                  Encrypted:false
                                  SSDEEP:24:wGXzDAlbQariGE2tvcDWMyMzDAbMwbZOIXG+mtvv:w2DgblEaEKMyMzDoMwbwtD3
                                  MD5:A27E99B4C1AFC98117B08E45151D4A25
                                  SHA1:64135E9E0D78A29C5F330077FD3475B69B002C70
                                  SHA-256:F645B095F43FE16E37A3E28A7A247C7551C25214741C1A689F4A2022FDEF8151
                                  SHA-512:C9F49E94A5F0B69399869F120387B22A0154C7E4608CCF36560E9EB06A81734E61CCFFF775B73CF75E785DFFC3078B98ADFF1AEE41C3ED69E2A7F7410E50FD1D
                                  Malicious:false
                                  Preview:22:26:18.464.INFO.Signaling force websocket stop..22:26:21.027.ERROR.Socket unable to read..22:26:21.027.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:26:21.027.ERROR.WebSocket connection error getscreen.me/signal/agent..22:28:34.337.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:28:38.616.INFO.Socket connected to getscreen.me:443..22:30:46.281.INFO.Signaling force websocket stop..22:30:46.292.ERROR.Socket unable to read..22:30:46.292.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:30:46.292.ERROR.WebSocket connection error getscreen.me/signal/agent..22:33:11.449.INFO.Signaling force websocket stop..22:33:16.639.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:33:19.608.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250607.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.984396823526351
                                  Encrypted:false
                                  SSDEEP:6:gWXIX+WgIJU+5+2UMofR++Hud2M0CCQP5K0CN++DDNBQEQYG0R4x2XIXNLD4EQn9:9g5+b5+lQj8P40tW5k0RzChOFFtvvn
                                  MD5:9F46B0F5BC023F5FE562D71450B8D2CB
                                  SHA1:13FBF0071B2BC7A58A3BF8078473153F5075AF2E
                                  SHA-256:D8C92ADB02605C56B30C1F807811696E02124A90A44134A8854101B7BF6BF0D0
                                  SHA-512:ADB90C6A8E1490809F55D35ACF26D1A5DCEC2B1C04D55893BEB436587A732417CBC40EC41999F440CF3927D30451261B9A766B1DDF72653A477F82F1D0F4AB77
                                  Malicious:false
                                  Preview:01:48:17.743.INFO.Signaling force websocket stop..01:48:21.331.ERROR.Socket unable to read..01:48:21.361.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:48:21.361.ERROR.WebSocket connection error getscreen.me/signal/agent..01:49:47.565.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:49:52.961.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250609.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.963775761223355
                                  Encrypted:false
                                  SSDEEP:6:00XdiXIX+WgIJU6WCkEMsfuQBkud2M0CCQP5K0C2DDNBQEQYKVSvfns2XIX+WgIv:ZkkfVxQj8P40l5QVS3Xk0FiChYXtvvn
                                  MD5:2CF76D9B7FC3E104A0637EBE76B00C12
                                  SHA1:DAD1FD240BFF73F23E21C95B5D92A226DB00352C
                                  SHA-256:CE2C3264C4D24C9D05272D7A4650AA0BA0637180C09C6528E9F95622B8968272
                                  SHA-512:2589CF4A2B74F687BCCD589D256B68D2824CC6DE46D523250AA01509D511C595912ECF35DE7ACAF847E1E2DFA8DC9D8D34059606372E22B841DEB17D7A5176E2
                                  Malicious:false
                                  Preview:05:05:22.648.INFO.Signaling force websocket stop..05:05:26.062.ERROR.Socket unable to read..05:05:26.092.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:05:26.102.ERROR.WebSocket connection error getscreen.me/signal/agent..05:07:51.267.INFO.Signaling force websocket stop..05:08:21.468.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:09:21.493.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250611.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:PvLXIs4X2XINF+WgIO0/Vyn:rXe2XIX+WgIJUn
                                  MD5:CF52F15DDE93D60442428A3BF89FB58F
                                  SHA1:1D19D251A4A372F6BB34A6B591C215A6C9E14947
                                  SHA-256:77BE55F035D6ACAE4CE0C6E71332EB8510A714A9BBFF8D4F75D86A09D6C71226
                                  SHA-512:47E3B673D87DC73C44811D5DCB4F556A13FE568B66EF0E3840F64C34F523A63E4DF4E577887C703C2C362A75C928BF4414B09676D18BE47ADCD7EDC1E8CFF7A3
                                  Malicious:false
                                  Preview:08:24:37.214.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250613.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1256
                                  Entropy (8bit):4.994246217592702
                                  Encrypted:false
                                  SSDEEP:24:qDAB02GVWtvI/DjDAwANGuztviXtAJAjDAgAAhGY:qDI0vV6KDjD5AQKq9mwD//sY
                                  MD5:9B8C17E02BE6D5840B467CAB480FE08C
                                  SHA1:D707F9FC20322E18160B12F0C6CF68A10984538C
                                  SHA-256:1375DE1EAC3462DDB813CF7F68F6E159A29166F568AC4AA49B724FD04064099A
                                  SHA-512:7C9C4E2E9BD48B1D6D2675E95AC3A252CE8032FAC9F6DA38F826FA8315FC7263DF77CC14EB95E342ACEC728828C43EBD5F68F9A48DD7903B461BD4004945B942
                                  Malicious:false
                                  Preview:11:39:08.122.ERROR.Socket unable to read..11:39:09.229.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:39:09.229.ERROR.WebSocket connection error getscreen.me/signal/agent..11:40:22.926.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:40:25.589.INFO.Socket connected to getscreen.me:443..11:42:35.468.INFO.Signaling force websocket stop..11:42:35.659.ERROR.Socket unable to read..11:42:35.659.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:42:35.659.ERROR.WebSocket connection error getscreen.me/signal/agent..11:44:55.702.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:45:05.982.INFO.Socket connected to getscreen.me:443..11:47:20.755.INFO.Signaling force websocket stop..11:47:21.287.ERROR.Socket unable to read..11:47:21.287.ERROR.SSL

                                  C:\ProgramData\Getscreen.me\logs\20250616.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.979479858374412
                                  Encrypted:false
                                  SSDEEP:12:NqXKI5itvvDQj8P40F5JEXCh5umtvvVKWQj8P4095AhStKdChY:gFitvbDAKyXG5Rtvd3DAaAh4kGY
                                  MD5:B41CCBF14CB0BC4EBA27E5B47072E749
                                  SHA1:E9D80F8ADA9AD28707D79B7586FB50EB289E1894
                                  SHA-256:80CBF8A997EA6698424807D376789C7BFC030B71847991A8B8B5287B74C9823D
                                  SHA-512:872E671EC2D7CAC72916899101D04750AD54A2C598C7778E08FAE15E6D81DEC204BDF1B21854728A7C39BE5B84144E0010B3D0815B8F422AC5E42569AAABE81C
                                  Malicious:false
                                  Preview:15:03:06.447.INFO.Signaling force websocket stop..15:03:06.478.INFO.Socket connected to getscreen.me:443..15:03:07.489.ERROR.Socket unable to read..15:03:07.489.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:03:07.489.ERROR.WebSocket connection error getscreen.me/signal/agent..15:04:49.029.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:05:57.045.INFO.Socket connected to getscreen.me:443..15:07:02.927.INFO.Signaling force websocket stop..15:07:02.977.ERROR.Socket unable to read..15:07:02.977.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:07:04.107.ERROR.WebSocket connection error getscreen.me/signal/agent..15:09:28.079.INFO.Signaling force websocket stop..15:09:52.761.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20250618.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):473
                                  Entropy (8bit):4.977768253602717
                                  Encrypted:false
                                  SSDEEP:6:2Fvs2dzvRWl8Rvv32XIX+WgIJUUG6ud2M0CCQP5K0CmWXADNBQEQiHXIXNLD4EQh:Qtvv32KGbQj8P40/WXq5lChJf2tvvn
                                  MD5:4BACAD028EAC71B37445DC040C66B29F
                                  SHA1:5481E0192F3E662FB685A5CC4C3F9769865D1201
                                  SHA-256:1B62BF609C97A7491E7D56EFAB2347B50F36A8B62F0117525969780997F4E64C
                                  SHA-512:6C02336E0FD132937C61121408E7E0623337C0B9DED79A01B714DDEDF5EA906985349E9CACE4FD9075E558E4BD92845514CA14F94CBC23BE4222F01EDFC95E87
                                  Malicious:false
                                  Preview:15:09:59.197.INFO.Socket connected to getscreen.me:443..18:24:26.852.INFO.Signaling force websocket stop..18:24:30.150.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:24:30.160.ERROR.WebSocket connection error getscreen.me/signal/agent..18:26:49.520.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:26:55.556.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250620.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.935042172628936
                                  Encrypted:false
                                  SSDEEP:6:w2UXIX+WgIJUEWMC8/ud2M0CCQP5K0CW7DNBQEQ4:w2UK2Qj8P40Tf5T
                                  MD5:471C48CD23E540608BA97B5398B4BB1C
                                  SHA1:E6036F8F96630E211971015E1925F6BB968912C7
                                  SHA-256:B6634502B558E676C57C56042ECD2B8A4AA27307C8C0C234FF20B1FA9BF2F5F3
                                  SHA-512:A8FB4591E207038E590D097A500388D0592EE266D4048A45E1B8F3766A745F87375C50FAF2C894F572B02DC0524E5A5DBC89AC6F2536E92D409A6B1E444C1068
                                  Malicious:false
                                  Preview:21:42:01.059.INFO.Signaling force websocket stop..21:42:04.978.ERROR.Socket unable to read..21:42:05.018.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:42:05.018.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250622.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.776284004224216
                                  Encrypted:false
                                  SSDEEP:6:mfGXXIX+WgIJU49cTSIs2XIXNLD4EQJ62dzvRWl8Rvvn:muXC9crXCht2tvvn
                                  MD5:D4E38AD4A7513A623AF24AD2D1D273D2
                                  SHA1:8B30BA26D3B16CE760751CAD0FDF45C302BB741F
                                  SHA-256:CE1C1984F813FA20BDC6B5DC669E044EA1CF4D704A021B095727D40F34C30C78
                                  SHA-512:DBEFE2736B853266B3D714456D0562EC0FEBBC29610EE5F3356E635D4207D50A2AF0EC21BD100FAF7006EDF340C9C973C217EF77FCD7E9AD9D6DF1BD7C078C92
                                  Malicious:false
                                  Preview:00:58:07.782.INFO.Signaling force websocket stop..00:58:08.767.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:59:19.856.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250624.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1489
                                  Entropy (8bit):5.001708419522451
                                  Encrypted:false
                                  SSDEEP:24:Y4seIDAFXcmG7tvQuDAgAVnGAtvdl/jDAaAoymGnrtvv:A3DUcRNDVAAw7DEVfnB3
                                  MD5:4C1E3CC0C4BA0DF7114AA55BA663D311
                                  SHA1:27795B0232A63DF63F901AD1F7585A60A3B3CD63
                                  SHA-256:2210DB1B56ED4DCDABD6AB04BDD5CC0A25B7060F55C044929CD444987AE4EEBF
                                  SHA-512:32E49D237398F3EB60F4EECC58B4E7676ACF343DFF6FCD6AAA38DDA551573003259902C6BAFD66C8B54DCE400CE094A800B2877EB014FECECDEBEC2446FF3E6F
                                  Malicious:false
                                  Preview:04:15:48.512.INFO.Signaling force websocket stop..04:15:52.337.ERROR.Socket unable to read..04:15:52.377.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:15:52.377.ERROR.WebSocket connection error getscreen.me/signal/agent..04:18:17.609.INFO.Signaling force websocket stop..04:18:57.689.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:19:05.762.INFO.Socket connected to getscreen.me:443..04:21:22.357.INFO.Signaling force websocket stop..04:21:22.588.ERROR.Socket unable to read..04:21:22.628.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:21:25.334.ERROR.WebSocket connection error getscreen.me/signal/agent..04:23:34.568.INFO.Signaling force websocket stop..04:24:15.834.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:24:21.404.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20250626.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.928232321592437
                                  Encrypted:false
                                  SSDEEP:12:SNdMOUROzQj8P40bE53WChIOQtvvbtM13OR13RQj8P40G3q5T:UdKEDAd3WGIOQtvztOOPRDAlCT
                                  MD5:4D926CB71339E461B21786D5BF10FDD5
                                  SHA1:5E25FE672909DAB6B0D111127775F146E363D065
                                  SHA-256:44109757F2230AB1065AF4919E8ADA04754AA8AFD556073F88B849CF030AC9E8
                                  SHA-512:71E47E53A7A277EAF79055B92551B303641DE8B0A004DCD21A5171C18624CBBF8164FCDEE48886B2B64B5F09ADAF1C63B35C1AC85B7C82115423362B2B9F5F5C
                                  Malicious:false
                                  Preview:07:44:06.449.INFO.Signaling force websocket stop..07:44:10.338.ERROR.Socket unable to read..07:44:10.338.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:44:10.338.ERROR.WebSocket connection error getscreen.me/signal/agent..07:45:43.487.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:45:51.333.INFO.Socket connected to getscreen.me:443..07:48:08.389.INFO.Signaling force websocket stop..07:48:08.440.ERROR.Socket unable to read..07:48:08.440.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:48:08.440.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250628.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.975488385223686
                                  Encrypted:false
                                  SSDEEP:6:H6QKXIX+WgIJUUpyXXIXNLD4EQ9ddzvRWl8RvvNjR2XIX+WgIJUUkM6KHud2M0C5:TKKpuChstvvpR2KrOQj8P40zn5T
                                  MD5:3AA78F871C28C87DC6F41A45FAC7CC37
                                  SHA1:D42CD46AD70B0B88337AC9615BCC7F9C12AF1E66
                                  SHA-256:6B6413939FD2E9FCDDB617D47DC7F3F292ABA564A8BDA3C19C648335BDDB842E
                                  SHA-512:72F28A3B8CC5EE00B19B20387FBB4EB783E86CD87ECF6D8B129B2CA85C0B5DE23EB03292DC98B355A7111DFB75B44BD55AB752D099005DE35C7A103AB66166CC
                                  Malicious:false
                                  Preview:11:05:00.100.INFO.Signaling force websocket stop..11:05:02.963.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:05:05.229.INFO.Socket connected to getscreen.me:443..11:07:28.294.INFO.Signaling force websocket stop..11:07:28.435.ERROR.Socket unable to read..11:07:28.455.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:07:28.455.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250701.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2519
                                  Entropy (8bit):4.993415207399086
                                  Encrypted:false
                                  SSDEEP:24:DsGrXtv8WDAlyd2GStvr9DAPhX4aG5tvevBDA5LFGW2tvQSsXDAEHGsUn2tvUQNp:tRNDQKv2hDW2bLABDYsWasDNmXasiDtT
                                  MD5:1F860D8A167E959795AFE32C8B142E85
                                  SHA1:96B8E1408167DCBCD598968530D0959884BB2586
                                  SHA-256:D7F76A9F001502BF10D3D1FEDB41356B75031171AE6A949DE1DA47847D45071D
                                  SHA-512:5513076CD18FB20CAF831CF88E50A6083942909717FA1B3785E8789ED3C310F47B935E951FC5512F03FA752A89B6E1C32854729B7A868935B0C72ACF626B0C2F
                                  Malicious:false
                                  Preview:14:22:55.240.INFO.Signaling force websocket stop..14:23:37.675.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:23:41.467.INFO.Socket connected to getscreen.me:443..14:25:49.463.INFO.Signaling force websocket stop..14:25:49.514.ERROR.Socket unable to read..14:25:49.544.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:25:49.544.ERROR.WebSocket connection error getscreen.me/signal/agent..14:28:14.684.INFO.Signaling force websocket stop..14:29:01.436.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:29:01.682.INFO.Socket connected to getscreen.me:443..14:31:26.804.INFO.Signaling force websocket stop..14:31:28.187.ERROR.Socket unable to read..14:31:28.187.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:31:28.188.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250703.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3677
                                  Entropy (8bit):5.0228131031119885
                                  Encrypted:false
                                  SSDEEP:48:ECZWHIYBDwSl1dDzEUdWSDdNqcdpDIjpu7BD0SH3JDVau/k0e:VZW/lLEneAcwjpaHXaL0e
                                  MD5:FA0BFEB0E1A5681AB4C556FB651B6B5A
                                  SHA1:AB537CC4E690DD105C8384567D7F246FABC635AC
                                  SHA-256:0EB8EC752EE229EB8789F9914AC19E1346F002D6213B1F66FC437A3E83C45A3B
                                  SHA-512:78819EB6F8A71E07294724AF49498DFAA51A05F1373317BE726C471019746C7D92AB69B44F5DCDDBE9E05C93A089AA2A7D76C6FF788358D1C8403B93FCAB4B7C
                                  Malicious:false
                                  Preview:18:02:36.462.INFO.Signaling force websocket stop..18:03:31.107.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:03:34.913.INFO.Socket connected to getscreen.me:443..18:05:56.404.INFO.Signaling force websocket stop..18:05:56.545.ERROR.Socket unable to read..18:05:56.545.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:05:56.545.ERROR.WebSocket connection error getscreen.me/signal/agent..18:08:22.027.INFO.Signaling force websocket stop..18:08:59.549.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:09:59.819.INFO.Socket connected to getscreen.me:443..18:11:13.433.INFO.Signaling force websocket stop..18:11:13.624.ERROR.Socket unable to read..18:11:13.624.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:11:13.624.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250705.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1171
                                  Entropy (8bit):4.985077041816029
                                  Encrypted:false
                                  SSDEEP:24:92TZYp4mGap2tv8gXK0R0ODA105bgJGXtvwX21DRDAkT:9dBpakg6+rDoob3d4XaDRDRT
                                  MD5:8344ED91B66DF14B987009D3AF43A8D8
                                  SHA1:546F5E1223700BDE23BE65433A51B805BEBD762E
                                  SHA-256:6E790D60F7DB13B6E5A3599E18B5D327E9897ECF213C1F6A4573FE6D4F72497F
                                  SHA-512:A8D9E53A67F98C46599A8ADAA947B2156873EC86A3C5503CD353385D2CC8B1B216D367F80CF5A5313004F5C29FF297424519F218479EDF9D6A87F7127A126285
                                  Malicious:false
                                  Preview:22:12:29.406.INFO.Signaling force websocket stop..22:15:00.113.INFO.Signaling force websocket stop..22:17:25.407.INFO.Signaling force websocket stop..22:19:50.763.INFO.Signaling force websocket stop..22:22:16.072.INFO.Signaling force websocket stop..22:23:40.266.INFO.Socket connected to getscreen.me:443..22:24:41.514.INFO.Signaling force websocket stop..22:24:41.855.ERROR.Socket unable to read..22:24:41.855.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:24:41.855.ERROR.WebSocket connection error getscreen.me/signal/agent..22:27:06.942.INFO.Signaling force websocket stop..22:28:04.265.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:28:09.429.INFO.Socket connected to getscreen.me:443..22:30:28.846.INFO.Signaling force websocket stop..22:30:29.127.ERROR.Socket unable to read..22:30:29.127.ERROR.SSL

                                  C:\ProgramData\Getscreen.me\logs\20250707.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):139
                                  Entropy (8bit):4.731348759309524
                                  Encrypted:false
                                  SSDEEP:3:gRTSSmXINF+WgIO0/VyVU5sLxjmXINFDhL1JDEELD8Kru5:gMSmXIX+WgIJU+5sLxjmXIXNLD4EQh
                                  MD5:DE182D36B6EC0B44FE8CD48E0DD819D0
                                  SHA1:809D3211468B88A93EFDCD8CE4D9A073BED47AD7
                                  SHA-256:9B92381FFDAF116981893449F9417733748EF7115CC30BD52C902EC005C8405F
                                  SHA-512:DA4F4FE93ACB59FEFCC5AA0C5C8BA7965F34A35DDFF7FF92E4E26C3E2F13C195E388648FC60F311F45669379976C8AC56130EA62A7FF43CF9182132D6CDD7D47
                                  Malicious:false
                                  Preview:01:46:01.281.INFO.Signaling force websocket stop..01:47:00.200.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20250709.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):325
                                  Entropy (8bit):4.940398462340339
                                  Encrypted:false
                                  SSDEEP:6:0gUW9mXIX+WgIJU6Ms2dzvRWl8Rvvxwud2M0CCQP5K0Cg0gDNBQEQ4:VUW9mkMXtvvxFQj8P40NH5T
                                  MD5:D5AD5090CEFAD9B056D31B05C382A490
                                  SHA1:7206FEA4E3B8E4D40D3942D1C5B4916EA4A750E6
                                  SHA-256:CF4DA94E99212796A3A0A6A0941FC3F85CA00978573DEBC042F02A23C3C4AA91
                                  SHA-512:8B049BD0EAB84B304EB5ED72EF4E67BA852FD6D3725AEFF55933F8403919225073BA1BF0EAEDC2AE56DB08A61AD36D6996ED5800CD71DF3FABD8C8235A018B1F
                                  Malicious:false
                                  Preview:05:01:27.843.INFO.Signaling force websocket stop..05:01:28.155.INFO.Socket connected to getscreen.me:443..05:01:30.724.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:01:30.734.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250711.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):663
                                  Entropy (8bit):4.93859888123742
                                  Encrypted:false
                                  SSDEEP:6:MsmXIX+WgIJUuXXIXNLD4EQBbL09mdzvRWl8RvvvKMUXXIX+WgIJUPaq0MZaq0u0:MbkXCh0xtvv6R/VQj8P40a5VChRitvvn
                                  MD5:8BF36D9CC7129000FBD434949C88ED61
                                  SHA1:83EC42A8E1A7CA8D0325943470F4369A59CBE4DB
                                  SHA-256:EDBB2B3F2785DB98A484B9C7FF028EB16907DE6A3B1CA10B75913E26EC324DDB
                                  SHA-512:BE23FE4F98810C60470A39B8513A35F303E9A4B9B20DD25DA68C02F85E0E955E9261E00CB302DB529D11F83661819B2C68D8D69D61DDA12C23370A58F1CD5A98
                                  Malicious:false
                                  Preview:08:17:59.503.INFO.Signaling force websocket stop..08:18:13.522.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:18:30.980.INFO.Socket connected to getscreen.me:443..08:20:53.789.INFO.Signaling force websocket stop..08:20:54.180.ERROR.Socket unable to read..08:20:54.180.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:20:54.180.ERROR.WebSocket connection error getscreen.me/signal/agent..08:22:40.269.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:22:41.185.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250713.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.972776958406244
                                  Encrypted:false
                                  SSDEEP:6:nhTzQXIX+WgIJUUBS+MOStwEud2M0CCQP5K0ChStBDNBQEQ4:nhTcKBSWStWQj8P40Ltx5T
                                  MD5:8EDEF74765D4EC1F0E057B43F9B9E7F8
                                  SHA1:F0F0AD1AB73BEA5C81127E1F70244E7E0F6CAF24
                                  SHA-256:74EA538D7C3ED2E820D3727E7AE925F20680F20A3951D091FDA71B89BCBBCA39
                                  SHA-512:1623E087699CB8685B7EB0C4AF54703F3CECF992914ACC55C9254587807AA1A24C040DB79DEB422058D03658B5406D16761B76FB5FB1379FEA85E0A5DACBB8C7
                                  Malicious:false
                                  Preview:11:38:50.640.INFO.Signaling force websocket stop..11:38:53.999.ERROR.Socket unable to read..11:38:54.029.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:38:54.049.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250715.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.768393609741683
                                  Encrypted:false
                                  SSDEEP:6:Ihi2XIX+WgIJUUvXXIXNLD4EQx/W8s2dzvRWl8Rvvn:Ihi2KPChJ2tvvn
                                  MD5:B62E5C0CD167DFDDFB87BD15915BC1AF
                                  SHA1:0E827A0CBE72CB03172FA8281B2D7CD9D224A4A4
                                  SHA-256:99A33D85CEC119649D1402D22181ADD36C9FEF096D5CE13F3B053CBAB55C70D2
                                  SHA-512:FF6C3B1450FC4ADF95090AD585BC578457772B8F35700DBE06A70BED74C274527E9BBB7A06CBB2C873F9B1CFB8206F4E993F743CDC33B0438201AE76E762FA42
                                  Malicious:false
                                  Preview:14:55:16.750.INFO.Signaling force websocket stop..14:55:25.189.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:55:33.932.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250718.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.993873379449901
                                  Encrypted:false
                                  SSDEEP:12:ErWnXKWjSaQj8P40r552KWFChktvvt2KWAxvxQj8P409V5u2Chltvvn:ECXdTDA452rGktvV22DAEbu2Gltvv
                                  MD5:702E5BC643356F00541268A8547F95A6
                                  SHA1:0384AA8E5B5EEDB947A365FD26723D0F04F4DD68
                                  SHA-256:33936DB48C5E74D4CA192C753C6DDBE9667D5DD36A2075CD2F55F7AF39064687
                                  SHA-512:94A68F1C660DF441197F9E3E27B0E8770232519D54956E4BB9D7DFF7181D3CB6E609177C27AA9D2086A7D74208F65AFB0D677849CEADE8463D4345983663E585
                                  Malicious:false
                                  Preview:18:11:14.755.INFO.Signaling force websocket stop..18:11:17.914.ERROR.Socket unable to read..18:11:17.954.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:11:17.954.ERROR.WebSocket connection error getscreen.me/signal/agent..18:13:34.286.INFO.Signaling force websocket stop..18:15:10.793.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:16:48.777.INFO.Socket connected to getscreen.me:443..18:17:35.351.INFO.Signaling force websocket stop..18:17:35.642.ERROR.Socket unable to read..18:17:35.692.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:17:37.503.ERROR.WebSocket connection error getscreen.me/signal/agent..18:19:30.056.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:19:31.872.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250720.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2259
                                  Entropy (8bit):4.998155268003656
                                  Encrypted:false
                                  SSDEEP:48:sdDJbU8RDnb0qtrGGyDXbl8aGa/JND12bmZgfAaVDWT:wgoYqt1sxIa/JH2QgfmT
                                  MD5:6CD5A1E5B3A9389FA876D2E14FE20129
                                  SHA1:6BB2C0886FB53C0EE35E6F9E2030EF02597BF780
                                  SHA-256:A468AA1B1D7E5E127FDF90DB39E23DA50A5C188B30EEF0C80E27D4EF68E2DA47
                                  SHA-512:02338E51D8E977A2B303E6C6AD60070151447034006D6D715BB212330CF6C17233E5472CEBC2EF1758649EC253123A6DB3082031FDD99E22AF1F5EC28548D1DB
                                  Malicious:false
                                  Preview:21:34:31.656.INFO.Signaling force websocket stop..21:34:35.314.ERROR.Socket unable to read..21:34:35.344.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:34:35.344.ERROR.WebSocket connection error getscreen.me/signal/agent..21:36:51.838.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:36:55.870.INFO.Socket connected to getscreen.me:443..21:39:42.640.INFO.Signaling force websocket stop..21:40:04.327.ERROR.Socket unable to read..21:40:04.327.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:40:04.327.ERROR.WebSocket connection error getscreen.me/signal/agent..21:42:29.655.INFO.Signaling force websocket stop..21:42:30.117.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:42:34.854.INFO.Socket connected to getscreen.me:443..21:44:54.735.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250722.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1545
                                  Entropy (8bit):4.991758431880661
                                  Encrypted:false
                                  SSDEEP:24:ZhGZttvtxxDA5ikzX6GGREtvN35DA2ki2bG1tv6ma0RDAflCT:WR7xDYik+/RkDD7kiXniQDm8T
                                  MD5:3F7E69F3B937337A43C5A823833B618D
                                  SHA1:7E04D94DE8EE4C8ACA4C51FED3740618673248DF
                                  SHA-256:26613D6100DCA554D3A0ECDB3DAE1F38D5D029AB766DCA2DBAB8F1DD039AE75B
                                  SHA-512:577A52923D9C5EBD3D7F042FBD88344E3C0C576ADD06A8585A58EBB94AE9D4D59AD0473055023AADF82B4B03F9B3D6B0EBA8BF0405C4D736A1BD760263115696
                                  Malicious:false
                                  Preview:01:10:48.517.INFO.Signaling force websocket stop..01:11:14.627.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:11:20.597.INFO.Socket connected to getscreen.me:443..01:13:37.161.INFO.Signaling force websocket stop..01:13:37.352.ERROR.Socket unable to read..01:13:37.372.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:13:37.372.ERROR.WebSocket connection error getscreen.me/signal/agent..01:16:02.639.INFO.Signaling force websocket stop..01:17:15.482.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:17:25.100.INFO.Socket connected to getscreen.me:443..01:19:39.305.INFO.Signaling force websocket stop..01:19:40.558.ERROR.Socket unable to read..01:19:40.558.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:19:40.558.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250724.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.9395767436840075
                                  Encrypted:false
                                  SSDEEP:12:5Om3QChemtvv1QCOjQj8P40wU5aCRNN2Chej2tvvn:LgGemtvNQBDASaST2Gej2tvv
                                  MD5:3069F79C486013371F8BB0E159A275AB
                                  SHA1:1390EFB72DEC94F80116C51D7A65CD8534598264
                                  SHA-256:DFE35EA7A38D3FDB2BF6606B4B674725F6147F20803A2854C7841F2EC8991F3D
                                  SHA-512:78EE602B863BBF94D0D4CEA0BAB222735F37494539E18E40D682265789C9F3BC2731DE3DB12C690DEFB993B47E04917AAF35E66A47230825C1A9CACDFFFA792A
                                  Malicious:false
                                  Preview:04:42:15.843.INFO.Signaling force websocket stop..04:42:16.748.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:42:19.309.INFO.Socket connected to getscreen.me:443..04:44:42.590.INFO.Signaling force websocket stop..04:44:42.681.ERROR.Socket unable to read..04:44:42.681.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:42.681.ERROR.WebSocket connection error getscreen.me/signal/agent..04:46:55.832.INFO.Signaling force websocket stop..04:47:43.332.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:47:43.776.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250726.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.914295014281855
                                  Encrypted:false
                                  SSDEEP:6:OR2iXIX+WgIJUNsaAHMbsaAHud2M0CCQP5K0CK9saADDNBQEQ4:ORDQ1CQj8P40xsT5T
                                  MD5:7BF67BB05ADF69D5C051FFF020AA5EEC
                                  SHA1:6D10F76FAD79420F88A420172826E4CF3C82ECE6
                                  SHA-256:EEF6E6DFF16EEC911F4B56888C86A3D1BF52D82311C5A93C3821F53ABE8865B7
                                  SHA-512:1B7FBAD1B7A5F6AB289CCD2D2F7E029D75649AFFFA378D23B915CBFFFAD07B7B2F4A504DCBE64EF26AF3648EFE1D487B22EA9B63B940FFB671773F160E8E183E
                                  Malicious:false
                                  Preview:08:02:14.779.INFO.Signaling force websocket stop..08:02:17.297.ERROR.Socket unable to read..08:02:17.297.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:02:17.297.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250728.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.964549631347863
                                  Encrypted:false
                                  SSDEEP:12:f2KFChjRtvv5XK91Qj8P40Y5uPChbws2tvvcXKUCBRQj8P40qBq5T:eYG1tvZmDAluPGks2tvkXbCjDAPAT
                                  MD5:1D9D4E54245B0B9E66C1EA8EC2DB0F78
                                  SHA1:A6E14AA2D4524DC3512C02EE17B5866CF72A3597
                                  SHA-256:F7E8D77463894882DCF8471A5B18F557EADD4AADA6AA33F2B5007C5D53AECC94
                                  SHA-512:088130BDA1C64928681597E41E36F4C3F990AAEB1A7CE59F954BE04AF941A38E6B6AEB630D176F0F01A9172B38418BC1D7E28DC2007E8462A230240B4E1FBDC4
                                  Malicious:false
                                  Preview:11:18:27.114.INFO.Signaling force websocket stop..11:18:51.492.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:18:55.069.INFO.Socket connected to getscreen.me:443..11:21:16.018.INFO.Signaling force websocket stop..11:21:16.449.ERROR.Socket unable to read..11:21:16.499.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:21:16.509.ERROR.WebSocket connection error getscreen.me/signal/agent..11:23:37.007.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:23:40.826.INFO.Socket connected to getscreen.me:443..11:26:05.638.INFO.Signaling force websocket stop..11:26:06.150.ERROR.Socket unable to read..11:26:06.601.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:26:06.601.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250730.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.710285683933885
                                  Encrypted:false
                                  SSDEEP:6:IrYsXXIX+WgIJUUOtmXIXNLD4EQVZN2dzvRWl8Rvvn:IrYQKOAChiZQtvvn
                                  MD5:45215A30D17214AD1A4943261910C55A
                                  SHA1:6C2E05BE28446424F851EDFFC62693E3BB4C5F7B
                                  SHA-256:C8890D6444A7816DA4CD17767688B30272D21A9A73A6B13FA599A90EC92E18EF
                                  SHA-512:29665BC3D6F50ED2CD7662F50DAA029B006705413838169017FEB1E3259A389AD3B9E653933F9FBC9E9A322BFC0D77A2847A66515E28569E20F4AF6F8ADCB6FE
                                  Malicious:false
                                  Preview:14:40:52.202.INFO.Signaling force websocket stop..14:42:44.382.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:42:49.310.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250802.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.981030986957622
                                  Encrypted:false
                                  SSDEEP:6:dXIX+WgIJUUxSbpQBEMuSbpQBEud2M0CCQP5K0CRSbpE3QDNBQEQ4:dK2pQtpQjQj8P40Y0pe65T
                                  MD5:BDE9D5C51B3F3EA1963605109796988B
                                  SHA1:FF8D02F9A25A33E8E72F2F09B118A31A6129A5E5
                                  SHA-256:92847B987AF85B3E738AE2BE74457CB6491DDBC6ED2B179B484A3CCA59EC9F55
                                  SHA-512:4C2DEE7C921EA9EE6C6B7579CB5C797FB3E88AB3F8D3C9B744F8C1E1EF4BE7B89150FD9AB75B96A7903B4C235930F4315643AF9E655427ABCD53B241FB7C9F20
                                  Malicious:false
                                  Preview:17:57:23.660.INFO.Signaling force websocket stop..17:57:26.869.ERROR.Socket unable to read..17:57:26.869.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:57:26.870.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250804.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.723861837315582
                                  Encrypted:false
                                  SSDEEP:6:KN2XIX+WgIJUEcXIXNLD4EQ4i1s2dzvRWl8Rvvn:KN23ChBSs2tvvn
                                  MD5:CAB7EAF171CA85184EA71ECD3949AD7B
                                  SHA1:DDCCCFEB163E382269FE0D79255AA92D4EB5F4B8
                                  SHA-256:4060F069E3A3D1FBB837366602BDB0A50240548B6EAA85F43D3E64EFFF429EEE
                                  SHA-512:1479F468058D2FAF0966071C83DCFAF3F5FB4697527B3C93ED4047F443B61D35657E3FC66FCE37823096BFDDA54745DE028A70FF42743D1D181904633DF405C8
                                  Malicious:false
                                  Preview:21:13:24.352.INFO.Signaling force websocket stop..21:13:25.988.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:13:33.336.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250806.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3896
                                  Entropy (8bit):4.965624077813874
                                  Encrypted:false
                                  SSDEEP:48:qDgDfCaTJDSZDZ1mDOw6WYDzQIvnYDg4Y+v5DZlKZCRDIBGaMDsk7zCa3:LDfQRhw6hQWV4Y+nl2BNk7z3
                                  MD5:F272D59A1446ECAF03E66BC17FCFAB5D
                                  SHA1:3F3D35CA09580DD99C7272457EAB61BF6E069D2C
                                  SHA-256:A7E524AF7B895B3DE4B6E01E1B8724C2FC51CF3A13BB421BDCE65337DC72B141
                                  SHA-512:79A1AB390BE81DC57EDA16E1118FB71DF0F78E4C9E780630DA3757C2DB5D05740BDBAAF51464BD97E76BDF10675B7019FB79475E43785054026328F109663BF0
                                  Malicious:false
                                  Preview:00:30:17.618.INFO.Signaling force websocket stop..00:30:20.438.ERROR.Socket unable to read..00:30:20.458.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:30:20.458.ERROR.WebSocket connection error getscreen.me/signal/agent..00:32:33.199.INFO.Signaling force websocket stop..00:33:10.602.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:33:13.956.INFO.Socket connected to getscreen.me:443..00:35:35.568.INFO.Signaling force websocket stop..00:35:35.628.ERROR.Socket unable to read..00:35:35.648.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:35:39.259.ERROR.WebSocket connection error getscreen.me/signal/agent..00:37:38.328.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:37:43.694.INFO.Socket connected to getscreen.me:443..00:40:01.586.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250808.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:5fscn2XINF+WgIO0/Vyn:Oc2XIX+WgIJUn
                                  MD5:EB7E47271D6F7B959A1347339260BD04
                                  SHA1:950C0456D880E59A89699C4BF96EA9008DFE361A
                                  SHA-256:41F550CDB9923BABC34C900448AED18E977DDF39E2465626A9A360C66ADA0A6E
                                  SHA-512:FE66A2F4931BD9F7B551210F11FD0F9717297A8EFC972F83798E83D8E0FDF29F1DA6D3879C42DE7ED434A33DC030FB6711E1C50C886500019E7A101AC03A2DC2
                                  Malicious:false
                                  Preview:04:20:09.366.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20250810.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):255
                                  Entropy (8bit):4.849112683378822
                                  Encrypted:false
                                  SSDEEP:6:SWuMufBoud2M0CCQP5K0CLtSBqDDNBQEQ4:SW43Qj8P40vqn5T
                                  MD5:417409DB6B7729C40EE881EB5AE95884
                                  SHA1:19FF9AD178F665905FA672A19B643ECAB427403C
                                  SHA-256:1D39A218048285E791DD7BDC47FC9047ABFEF623F2BCC464F30F9A8A9DA2CF6D
                                  SHA-512:7C5102E77B9BA5062FC35D16C13E4059FBBB0973AD97A3A48AA63074DE9DFFAAECD826CD6CD8607E2E355AA2A36D7A37C8F6E825077DEE1E3B4236053196D86E
                                  Malicious:false
                                  Preview:07:34:42.271.ERROR.Socket unable to read..07:34:45.237.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:34:45.247.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250812.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1433
                                  Entropy (8bit):4.969171140489493
                                  Encrypted:false
                                  SSDEEP:24:MsXOGWtv9xs6DAUtjmGYPtvSpjDAyjDraXGh8tvuVDAET:F36HD1jfOMDzjDra2KEDNT
                                  MD5:83E9D77E7824A0DAB4C97F5022503B86
                                  SHA1:38DAAD2036F0BE05093ECA328AEE7416B3DFF51D
                                  SHA-256:2C021EAA955957E5AA93932AD9B3A7FFADA4B0553BC410CCC6FE8A0081579D64
                                  SHA-512:187BF9F16E2652587293D9F5035B88AF43A5EE4AB6495FCE4798C355850B9895F7C3A9D56E44445AA0E510A78E47FEE7AF28E594D90162A28E0EB64868A16DEA
                                  Malicious:false
                                  Preview:10:49:49.619.INFO.Signaling force websocket stop..10:51:02.988.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:51:02.992.INFO.Socket connected to getscreen.me:443..10:53:22.118.INFO.Signaling force websocket stop..10:53:22.189.ERROR.Socket unable to read..10:53:22.189.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:53:22.189.ERROR.WebSocket connection error getscreen.me/signal/agent..10:55:38.659.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:55:39.785.INFO.Socket connected to getscreen.me:443..10:58:02.884.INFO.Signaling force websocket stop..10:58:02.884.ERROR.Socket unable to read..10:58:03.616.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:58:03.637.ERROR.WebSocket connection error getscreen.me/signal/agent..10:59:55.155.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250814.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.719055709907023
                                  Encrypted:false
                                  SSDEEP:6:IrXXIX+WgIJUUgA2XIXNLD4EQ1IizmdzvRWl8Rvvn:IrXK72Chlbtvvn
                                  MD5:C47700BEFA45E0A5A6F65FFF5C217F8D
                                  SHA1:E7410F295A852167A1E90118112389FDE557B263
                                  SHA-256:D3F5FEAB447331C1A08E885AA0BBF39FEE88355534AB6F3A4C9BA8B7659D96D1
                                  SHA-512:07F5FAC9FFD51D34F5775B1F39DAD6BA2CF529F69658C68E6ADF25E67B1205EFBF22B32A4D978BEAA7DDD47F4EDD53434D16ECFC480F6391C01EC620748D30EE
                                  Malicious:false
                                  Preview:14:19:12.039.INFO.Signaling force websocket stop..14:19:41.034.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:19:48.748.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250817.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.94284837841746
                                  Encrypted:false
                                  SSDEEP:6:rONriXIX+WgIJUU3QxMXEMoQxMXEud2M0CCQP5K0CXQxMXADNBQEQ4:MriK38J88Qj8P405d5T
                                  MD5:B6078CF07300725BA2AB3363AAAA2CC9
                                  SHA1:C0D7E6B01868BEC6150FE85450891AF5B7D11F66
                                  SHA-256:575FA3F25BAE3457DC6CEF295485335BE1B3162042A03738A86D5623CD85C427
                                  SHA-512:3B982A7CCDAE9E315FAD242F6D542895FFEAE0B38AFDDE451A6E0B0593E8CE72BE6D8EEFDEBEC996971085DDCDB7357D3D382A67B50B84537BBBBC12F1A95537
                                  Malicious:false
                                  Preview:17:35:00.450.INFO.Signaling force websocket stop..17:35:06.940.ERROR.Socket unable to read..17:35:06.940.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:35:06.940.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250819.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2060
                                  Entropy (8bit):4.99669675837234
                                  Encrypted:false
                                  SSDEEP:48:T+ADDpPbV2+Vo4jD2Ab1oK+98DbbMIaBGAxDoibn:T+Ak+G4uAhoKqeYLbz
                                  MD5:FC004ED804C7F8A98C2CCCDD712AB572
                                  SHA1:61831138C06C9EF3FC49A450DD4F5BBAE1B86788
                                  SHA-256:2F29AE04B31EAAA3ECEE6C06DC4EF4C97D3B81386C3F7FABE6C12C3B6007E9AE
                                  SHA-512:714985ED76DC2D1DD8DA26C269A833A1FB53248E00C5F5B7E53BFF80F825EE05E2A70CF5D8F02AB3517CDCC5C714E1980C21F6791AD12D31E97DDFF7804BBB79
                                  Malicious:false
                                  Preview:20:50:48.362.INFO.Signaling force websocket stop..20:51:47.169.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:52:01.457.INFO.Socket connected to getscreen.me:443..20:54:10.534.INFO.Signaling force websocket stop..20:54:10.604.ERROR.Socket unable to read..20:54:10.634.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:54:10.645.ERROR.WebSocket connection error getscreen.me/signal/agent..20:56:32.434.INFO.Signaling force websocket stop..20:58:21.977.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:58:28.013.INFO.Socket connected to getscreen.me:443..21:00:46.282.INFO.Signaling force websocket stop..21:00:46.873.ERROR.Socket unable to read..21:00:46.903.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:00:46.903.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250821.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1122
                                  Entropy (8bit):4.953501356538825
                                  Encrypted:false
                                  SSDEEP:24:TAQG+ltv97uxDAtiBGEtvN7vGeEDAy7wlGPltvv:YiRuxDkiMkITDNwIPX3
                                  MD5:18E7E9C8823C0869C44EF48DC656F8DC
                                  SHA1:56823D43615C4E547436E2C41B0BFA3835A8E0EF
                                  SHA-256:AC120B4DAF38D3EA9357AB8FDDBA836B8C963E899AE975CEAE5623116CD64645
                                  SHA-512:747405850614202AFC63F948DE75719FEC360CF05565D8F396B8EB250A731170D51CF477DF1849FFFC8B1845A2819BE465C0AA1A5929E5B138937ECEBDA10A89
                                  Malicious:false
                                  Preview:00:28:42.308.INFO.Signaling force websocket stop..00:28:42.685.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:33:16.413.INFO.Socket connected to getscreen.me:443..00:35:19.403.INFO.Signaling force websocket stop..00:35:28.327.ERROR.Socket unable to read..00:35:28.377.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:35:28.377.ERROR.WebSocket connection error getscreen.me/signal/agent..00:37:20.207.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:37:29.202.INFO.Socket connected to getscreen.me:443..00:39:44.593.INFO.Signaling force websocket stop..00:39:44.653.ERROR.Socket unable to read..00:39:45.385.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:39:45.385.ERROR.WebSocket connection error getscreen.me/signal/agent..00:41:45.628.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250823.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.985214676132375
                                  Encrypted:false
                                  SSDEEP:12:OtS2Wm/NQj8P40Iu52rig5XChaI5aXtvvxq3Qj8P40cZ5T:OtS2NDAo2riglG9Mtvo3DANPT
                                  MD5:503FD294D8BCA7B25E7D97CE21371CCC
                                  SHA1:8A6C2DE902C0421CA0551D7B1B26561302C4ED44
                                  SHA-256:1CD018C979937C4CE27FD9EC157E7294FD7B84FCE70B19337A66E46E0A1B4780
                                  SHA-512:003D019ECDFAB47C611D9641AF507DBF5CA396432602254C850EAE3B6E73BAFFD47AC6B6389163409A81CA885BD17F6FC40AA6FAB5E3558981E10DE289127377
                                  Malicious:false
                                  Preview:03:57:19.166.INFO.Signaling force websocket stop..03:57:22.585.ERROR.Socket unable to read..03:57:22.585.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:57:22.585.ERROR.WebSocket connection error getscreen.me/signal/agent..03:59:34.337.INFO.Signaling force websocket stop..04:00:10.847.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:00:10.875.INFO.Socket connected to getscreen.me:443..04:02:34.100.INFO.Signaling force websocket stop..04:02:34.421.ERROR.Socket unable to read..04:02:34.421.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:02:36.487.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250825.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.969725570846803
                                  Encrypted:false
                                  SSDEEP:12:Sr9NUp5XChBW2tvvGTQbO/bRQj8P40gvbq5xCh3n2tvvD/2B6+PQj8P40gO45T:sfc5XGXtviHdDA0xG32tvKEwDAtT
                                  MD5:1F4BE6024A638C56B2CA3D2846CA9D03
                                  SHA1:505C44F346BF948CFE8CB79F86FDE934EE3AB3C5
                                  SHA-256:9D5AD787AC5D28B99B84F395F371C0D32F175636A754E524E495DE4F33C24862
                                  SHA-512:814B2B58DFFDCBC025BBCD5AB40CB4E8C02AA5ADA5E76B91E2F86D78EA5E707D9FF60032DB4C25F8CB859B9C1020018090EDEF0EBBFBACFB299848D139D20491
                                  Malicious:false
                                  Preview:07:17:24.492.INFO.Signaling force websocket stop..07:18:43.205.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:18:43.254.INFO.Socket connected to getscreen.me:443..07:20:55.425.INFO.Signaling force websocket stop..07:20:55.646.ERROR.Socket unable to read..07:20:55.646.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:20:55.646.ERROR.WebSocket connection error getscreen.me/signal/agent..07:22:42.215.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:24:27.951.INFO.Socket connected to getscreen.me:443..07:25:07.144.INFO.Signaling force websocket stop..07:25:07.405.ERROR.Socket unable to read..07:25:07.586.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:25:07.586.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250827.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4897
                                  Entropy (8bit):4.989697849300193
                                  Encrypted:false
                                  SSDEEP:96:1d2FjXCjzNaxUijFLXFz/XnXGtd/urgiCtO9Y:1d2FjXCjzwjFjFz/XnXGtd/urgiCtO9Y
                                  MD5:032C3719F3C33623C623AC1D5463557C
                                  SHA1:70145B6D27AF4BA7551EBFE4EADFF66ABED67C1B
                                  SHA-256:9A6F14F4E6B95B6100232C16C375D5BEAE764BAEF7A56E964F5C8707554CB7F3
                                  SHA-512:EC9E2BBBC7287A1BFEAD94DA39577672D18972C0B11B59EEA0F8E75309ACFEED22E6AA46DF17A961323735C4D9A448F251128BCE577B5B5277ECDD76C21C4A22
                                  Malicious:false
                                  Preview:10:40:17.906.INFO.Signaling force websocket stop..10:40:24.305.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:41:29.230.INFO.Socket connected to getscreen.me:443..10:42:38.299.INFO.Signaling force websocket stop..10:42:38.490.ERROR.Socket unable to read..10:42:38.530.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:42:38.540.ERROR.WebSocket connection error getscreen.me/signal/agent..10:45:03.672.INFO.Signaling force websocket stop..10:45:08.439.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:45:16.326.INFO.Socket connected to getscreen.me:443..10:47:34.324.INFO.Signaling force websocket stop..10:47:34.665.ERROR.Socket unable to read..10:47:34.685.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:47:34.685.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250829.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):121
                                  Entropy (8bit):4.5904675529600265
                                  Encrypted:false
                                  SSDEEP:3:IfzfHfjqXXINF+WgIO0/VyU+US5jX2dzvRWAAEzRWovn:IrHeXXIX+WgIJUUrS5r2dzvRWl8Rvvn
                                  MD5:41AC5363397CAF6BA4FCB2F10E3F6176
                                  SHA1:6E6179DC70EC3CEF3563FB6553389200C503374A
                                  SHA-256:1915D6A609309CBE7B3977D00C49EBDAB37D97D02EE13194B1484750D9592B8B
                                  SHA-512:F4AC98D473E8927BA1F0D84BE0A4D3B5C6CA3B0533F9EB0090F5D441C5B09C0DABFE2F1F3CF0076C405F1E021D6C1767874B4264FD16754EA4F4B45891035072
                                  Malicious:false
                                  Preview:14:40:37.491.INFO.Signaling force websocket stop..14:41:14.315.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250901.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4355
                                  Entropy (8bit):5.00824716033478
                                  Encrypted:false
                                  SSDEEP:48:3lDw9sW+Dp2pGRVuPXDFMp8dwRDA8rqqDGxtKfeeMD7jgLBF8DXOLXa5YKD7D1YM:3q9sJ2Up8ma8sxWeemjgtFeOLDd6QW1
                                  MD5:682A310FD45E34BA1B58C2676BC4AE93
                                  SHA1:9E393E57C856F28F6BD2C842D295E6810101C458
                                  SHA-256:E59198043F3658209ED0F9AE589EE392D5278FF91DB6D7721EEFE081C5B20C18
                                  SHA-512:52FEC07FC7361A15D4FDCCD0B656FABEDE2A4AF877FCFFCC907887E59EFC858F2C9B549C17C227832772D03E56CD38107C1776C453CCF64B0A58D7F198A8DE8A
                                  Malicious:false
                                  Preview:17:56:43.394.INFO.Signaling force websocket stop..17:56:46.343.ERROR.Socket unable to read..17:56:46.373.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:56:46.384.ERROR.WebSocket connection error getscreen.me/signal/agent..17:58:24.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:58:27.468.INFO.Socket connected to getscreen.me:443..18:00:49.881.INFO.Signaling force websocket stop..18:02:23.217.ERROR.Socket unable to read..18:02:23.227.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:02:23.227.ERROR.WebSocket connection error getscreen.me/signal/agent..18:04:48.405.INFO.Signaling force websocket stop..18:05:18.780.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:05:35.773.INFO.Socket connected to getscreen.me:443..18:07:43.016.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250903.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.997723139774623
                                  Encrypted:false
                                  SSDEEP:12:CiraX/zjQj8P409U5bqrXA0ChV0aXtvvlmhRQj8P40O5T:CiraX/zjDAYAbYXVGWaXtvtmDDA/T
                                  MD5:13B951A43DFCB80152AEED34E4E5DC51
                                  SHA1:431082099B6A01A14DDE388343D23EC7759ADFFA
                                  SHA-256:02DA86F87E3B4C3364C829F396A10A3010270B16037659057FBB147135707C20
                                  SHA-512:BEFE0BA317675D3B897BFB3E0F8ADCBCAA4043768EB351B2BEF68BF74C9A8D0AE657064EA61AAB5B195102E087258459740476353F16E7F2A3CFA26E7F8AF932
                                  Malicious:false
                                  Preview:21:52:49.355.INFO.Signaling force websocket stop..21:52:57.413.ERROR.Socket unable to read..21:52:57.413.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:52:57.413.ERROR.WebSocket connection error getscreen.me/signal/agent..21:55:11.508.INFO.Signaling force websocket stop..21:55:21.892.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:55:27.055.INFO.Socket connected to getscreen.me:443..21:57:46.560.INFO.Signaling force websocket stop..21:57:46.620.ERROR.Socket unable to read..21:57:46.640.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:57:50.017.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250905.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3896
                                  Entropy (8bit):4.983822958647544
                                  Encrypted:false
                                  SSDEEP:96:ZmoRkelkjVk/PkxTPkLVkiTCXUqhktTGgigizT:UoRkelkjVk/PkxTPkLVkiTYkt4T
                                  MD5:3AB52F5070A1BF54117FFB0C2EF554F9
                                  SHA1:638604A6CA4D4D8F9BDCE4FB511C33B43E45EF7F
                                  SHA-256:64AF45B5BF12E70809BA6EFBFBFE7E18E41AA81DD69CC8F41515E7738D81C7FD
                                  SHA-512:956FA3FD735235DF0D9B3B2D5550681646EDCC3C8D7F937071539194D805C5C814D07C9C76A8A878660659DB2687B056F2C92989234D2EAA85A26CB64E692EBB
                                  Malicious:false
                                  Preview:01:12:38.090.INFO.Signaling force websocket stop..01:13:11.094.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:13:36.828.INFO.Socket connected to getscreen.me:443..01:15:34.169.INFO.Signaling force websocket stop..01:15:34.229.ERROR.Socket unable to read..01:15:34.269.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:15:34.269.ERROR.WebSocket connection error getscreen.me/signal/agent..01:17:59.045.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:19:03.472.INFO.Socket connected to getscreen.me:443..01:20:12.862.INFO.Signaling force websocket stop..01:20:12.922.ERROR.Socket unable to read..01:20:13.123.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:20:13.123.ERROR.WebSocket connection error getscreen.me/signal/agent..01:21:58.622.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20250907.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.950904789190562
                                  Encrypted:false
                                  SSDEEP:12:yYkpUCh1P2tvvZkvI1Qj8P40R5QPEtkpCha2tvvn:FkCGl2tvhkA1DAabtkpG9tvv
                                  MD5:82EF078829BD2AD5E5DD49DE9FC57A57
                                  SHA1:20D7FD81D76EFAC0419D6EF13AB7E6B9E3F775E0
                                  SHA-256:60C1A04CDFB7B35BABA8E4D88B418430463E30389006DB622904808BD6E30458
                                  SHA-512:E74B18BE364A889E907C6FF933A4EB55B0F678A1576894C04C52C516BD75C1FB2346E7F45749595ECAD26D44E471348DACBFE2034580EF330718B14DBACA0AE0
                                  Malicious:false
                                  Preview:05:06:13.060.INFO.Signaling force websocket stop..05:06:25.742.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:10:19.270.INFO.Socket connected to getscreen.me:443..05:12:26.429.INFO.Signaling force websocket stop..05:12:26.690.ERROR.Socket unable to read..05:12:26.740.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:12:26.740.ERROR.WebSocket connection error getscreen.me/signal/agent..05:14:52.189.INFO.Signaling force websocket stop..05:15:06.540.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:15:11.674.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250909.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.970218935762347
                                  Encrypted:false
                                  SSDEEP:24:ZWduD4DAmnvG7tvpD2LFlVDAuOAnGnLtvv:ZbMDruRVUPD/Gh3
                                  MD5:967481C82E180325D0A2457256DF3777
                                  SHA1:1D7316D8670B10D71B72B8709952E7A4742A69CB
                                  SHA-256:1D31E2FACAD9959C515664FAB99CAF5E3683BBA21EF4AB4009D0CFDC3715BC38
                                  SHA-512:1C82CC85B938598F854D1E72E77BA0F8ECF3FE331850BF107F80186B5B93CDD3C2937BF2A457CCF877F4FD1A750303B3391E19D5111305862088CECB898563C3
                                  Malicious:false
                                  Preview:08:31:38.595.INFO.Signaling force websocket stop..08:31:40.492.ERROR.Socket unable to read..08:31:40.522.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:31:40.522.ERROR.WebSocket connection error getscreen.me/signal/agent..08:33:34.673.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:34:34.701.INFO.Socket connected to getscreen.me:443..08:35:48.666.INFO.Signaling force websocket stop..08:35:49.337.ERROR.Socket unable to read..08:35:49.348.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:35:49.358.ERROR.WebSocket connection error getscreen.me/signal/agent..08:37:33.458.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:37:34.605.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250911.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2718
                                  Entropy (8bit):4.986899527593716
                                  Encrypted:false
                                  SSDEEP:48:G25DOoGWfDO4hfSBwbDA9CElfDqaE4/WD5W8qHiQDfT:GEGWJvw9Rl2a5/2W8EiST
                                  MD5:58F1D20C92A4AF33594AE4CA452B2EAB
                                  SHA1:E0F23525DED82D9B83DD0EFF2AECFF9DBB21E33F
                                  SHA-256:3D3F5545CF0E89C914B6D38DCD6C6EADB44A70902CB5CC6B80565F493EE25E37
                                  SHA-512:D9D418A8ABE5DF9C3A45D5AF019AF9E695A2578FA3C199CEFBB45F9476824066E439D0C2F0B9969A20E9A8D7DEBFC2B570323EE11B661739CA402C98E4376ED0
                                  Malicious:false
                                  Preview:11:52:10.484.INFO.Signaling force websocket stop..11:52:13.935.ERROR.Socket unable to read..11:52:13.965.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:52:13.965.ERROR.WebSocket connection error getscreen.me/signal/agent..11:53:36.644.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:53:40.690.INFO.Socket connected to getscreen.me:443..11:55:50.687.INFO.Signaling force websocket stop..11:55:50.757.ERROR.Socket unable to read..11:55:50.808.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:55:50.808.ERROR.WebSocket connection error getscreen.me/signal/agent..11:58:16.154.INFO.Signaling force websocket stop..11:59:03.923.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:01:28.093.INFO.Signaling force websocket stop..12:03:42.048.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20250913.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.7705915558971075
                                  Encrypted:false
                                  SSDEEP:6:eQ12XIX+WgIJUURzn2XIXNLD4EQ132dzvRWl8Rvvn:eQ12Kp2ChXtvvn
                                  MD5:6A7FE9A3810DDD36926661D170AE96F3
                                  SHA1:C11DF18FCBC49AAD50D2EA53E347404299C03684
                                  SHA-256:69C5334560C32C63383C9029112B1E374ED325148DC8C687D3A55D7447165332
                                  SHA-512:B73E83711359467BB4DFD4C3FA4A104C56A45183599EE558AB0FC9EF18BAEF14033CC972E4E8F811A9B3A70C72F234DF25219D38140D43999B8651F94DE84BE5
                                  Malicious:false
                                  Preview:15:31:13.556.INFO.Signaling force websocket stop..15:32:08.974.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:32:14.138.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20250916.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3804
                                  Entropy (8bit):5.000911112710511
                                  Encrypted:false
                                  SSDEEP:48:E5eDfU5iPD52w2DDW9XFDhPBEembjD1ABNebDoktXIDSsID58DTT:1UI2dWBPBibtABLktbsID4T
                                  MD5:6A3B45CC05DD4A2CDBA7E0E90AB09A19
                                  SHA1:C4DFEE81EDE347C29309917374175B80688166C8
                                  SHA-256:2A9888DE50C26E893079138A00CF499B3F5D93351BECB5561663FE20C6615493
                                  SHA-512:C497C418BCDD5E80C6A2C1125C4D097B6058FB4A693567F7FDF6D11E1B00A512C62CF66EF4564426F08593F0B492081DCA3C15EA6BBC37823891F36EF3BE4B62
                                  Malicious:false
                                  Preview:18:48:25.437.INFO.Signaling force websocket stop..18:48:28.944.ERROR.Socket unable to read..18:48:28.985.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:48:28.985.ERROR.WebSocket connection error getscreen.me/signal/agent..18:50:34.864.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:52:54.763.INFO.Signaling force websocket stop..18:53:12.653.INFO.Socket connected to getscreen.me:443..18:55:19.887.INFO.Signaling force websocket stop..18:55:20.148.ERROR.Socket unable to read..18:55:20.148.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:55:22.600.ERROR.WebSocket connection error getscreen.me/signal/agent..18:57:45.277.INFO.Signaling force websocket stop..18:57:47.314.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:57:51.084.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20250918.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1086
                                  Entropy (8bit):4.996935219486063
                                  Encrypted:false
                                  SSDEEP:24:5amGa5tvunoM0xxDAhTstbgw2GItvoBDAlb/5:YfaLGoMmDCTstblvoGDAbx
                                  MD5:54C722471F3D482308401B80EDAE015C
                                  SHA1:6810958C04994329FC4D05BFDDEE7BC103E09A34
                                  SHA-256:7764F42BABD62BBC444581747FF07754DED8AF1C71B36998D1241BC414AADB87
                                  SHA-512:B6CD027CB87B72FA7EE5568EEB2CD5938240A9DDFA4254593349FD1288279B06F63879D34D6A9F54B324A0DD2B49235DE6EFD008CFB15159DFB1362556EA1C4A
                                  Malicious:false
                                  Preview:22:41:02.457.INFO.Signaling force websocket stop..22:42:14.521.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:42:33.153.INFO.Socket connected to getscreen.me:443..22:44:37.882.INFO.Signaling force websocket stop..22:44:37.942.ERROR.Socket unable to read..22:44:37.972.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:44:37.982.ERROR.WebSocket connection error getscreen.me/signal/agent..22:47:03.581.INFO.Signaling force websocket stop..22:48:10.316.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:48:19.775.INFO.Socket connected to getscreen.me:443..22:50:35.689.INFO.Signaling force websocket stop..22:50:36.330.ERROR.Socket unable to read..22:50:36.350.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:50:36.350.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250920.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2463
                                  Entropy (8bit):4.988597031282519
                                  Encrypted:false
                                  SSDEEP:48:7XtTNEDt2INWDDjv6NGxDSixXE3DKNLD9KwdNxpBDBST:79W2TjvDxqDEKwdpPST
                                  MD5:8F9BCDEDA6E90D9EE72AFC672BBEF7AD
                                  SHA1:D1508DEFB497009060A246128FA81F0C3B21322F
                                  SHA-256:C0E70ED1CB0CBA1CEF13B6CBB7747233A534F5BE0D3374EA4462669509C38E47
                                  SHA-512:B224AF1C440D1726993C46771726A3BAE5A73A6FF8F8D6BB46566DFF846D1F34D3E4FA73C3C8671546931D87C679E41D05F031CCAD3B28E50AAE2BD05E1A259B
                                  Malicious:false
                                  Preview:02:07:37.566.INFO.Signaling force websocket stop..02:07:40.930.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:07:51.160.INFO.Socket connected to getscreen.me:443..02:10:07.482.INFO.Signaling force websocket stop..02:10:07.883.ERROR.Socket unable to read..02:10:07.883.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:10:07.883.ERROR.WebSocket connection error getscreen.me/signal/agent..02:12:19.892.INFO.Signaling force websocket stop..02:12:27.615.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:12:50.641.INFO.Socket connected to getscreen.me:443..02:14:52.708.INFO.Signaling force websocket stop..02:14:55.355.ERROR.Socket unable to read..02:14:55.365.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:14:55.365.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250922.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2423
                                  Entropy (8bit):4.998811628525657
                                  Encrypted:false
                                  SSDEEP:48:6CvDpsDJ4NLulCLOrDxPTdlN1YD1kkaZDxTMc:6YVo45Nabp1QkJTMc
                                  MD5:833473B5FD812B368C733CCD0C35AE92
                                  SHA1:26A06E537D70EA8B53C6184AA915DB5830AAEE4F
                                  SHA-256:F2A68700780F286F3943F333985322654BD9A5E67AB6432FAF0FF3FDC71E94D6
                                  SHA-512:A4CCC5AC5D98694E0B910996A04D70581025F76CB9E5ECD88FA5E57D57A1ECE1AE3061C216E80944624FC794CC6319AAB517889097237A1ACDCF03F59D371C87
                                  Malicious:false
                                  Preview:05:45:24.584.INFO.Signaling force websocket stop..05:45:37.026.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:46:26.953.INFO.Socket connected to getscreen.me:443..05:48:40.292.INFO.Signaling force websocket stop..05:48:40.723.ERROR.Socket unable to read..05:48:40.723.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:48:40.723.ERROR.WebSocket connection error getscreen.me/signal/agent..05:51:05.913.INFO.Signaling force websocket stop..05:52:30.637.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:53:41.357.INFO.Socket connected to getscreen.me:443..05:54:44.724.INFO.Signaling force websocket stop..05:54:45.736.ERROR.Socket unable to read..05:54:45.756.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:54:45.756.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20250924.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1518
                                  Entropy (8bit):4.974520970568799
                                  Encrypted:false
                                  SSDEEP:24:cotvWFxDAOi8lXkG6t2tv72KDA+8d6QGhtvT2MDA88825:VUxDPiWp6taDXDHBtDdDF1u
                                  MD5:DF68D824C33EFC1F558523BFC8569194
                                  SHA1:2018403B0B9CE21C13660F442E30942D0D984845
                                  SHA-256:AA5C31A025C4C26BE14B907E14A61AF92578DDCE68A250A9A1D0708D577044E9
                                  SHA-512:535416023D1E1C24DEB9DE116FDAE8D2C5CC985570A3FA296EA748729A533034FDAA858A085458C5661BF73E00C9C2D7A4764D8FFD9545AB917A0B53907C6A66
                                  Malicious:false
                                  Preview:09:36:05.227.INFO.Signaling force websocket stop..09:39:27.189.INFO.Socket connected to getscreen.me:443..09:41:39.231.INFO.Signaling force websocket stop..09:41:44.569.ERROR.Socket unable to read..09:41:44.590.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:41:44.590.ERROR.WebSocket connection error getscreen.me/signal/agent..09:44:10.055.INFO.Signaling force websocket stop..09:44:18.910.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:44:29.891.INFO.Socket connected to getscreen.me:443..09:46:42.816.INFO.Signaling force websocket stop..09:46:43.549.ERROR.Socket unable to read..09:46:43.980.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:46:43.980.ERROR.WebSocket connection error getscreen.me/signal/agent..09:49:09.212.INFO.Signaling force websocket sto

                                  C:\ProgramData\Getscreen.me\logs\20250926.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.989451764387323
                                  Encrypted:false
                                  SSDEEP:6:u+ss2XIX+WgIJUUJy2XIXNLD4EQgjdzvRWl8RvvP8ZFjX2XIX+WgIJUUXyM8yudX:d2KJy2ChVtvvP8ZFr2KXwjQj8P4035T
                                  MD5:51C3533BA177035DADF6DF32D3A3E419
                                  SHA1:3B085F242645A020C64503F06EB220EE69127FB5
                                  SHA-256:7749AD1BA795C3E1853874555A6B78DA216CD9BBCDF14C2DEAB3095170E3D8A9
                                  SHA-512:AE8B56C240F44A3C5F92AA31DAEA7BC64F94CDE3A33F28A152EC511F3C118CE55AF6CDD5BD5C31149A1CF8402BDAD19611EBD06A333B50A7C3EE901E55510995
                                  Malicious:false
                                  Preview:13:09:15.546.INFO.Signaling force websocket stop..13:09:17.306.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:09:19.670.INFO.Socket connected to getscreen.me:443..13:11:43.266.INFO.Signaling force websocket stop..13:11:43.587.ERROR.Socket unable to read..13:11:43.587.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:11:43.598.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20250928.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4064
                                  Entropy (8bit):5.011300100646424
                                  Encrypted:false
                                  SSDEEP:96:rwlvul4U+j3eCXkbWRORC58QsWBQ7f4ST:rwlml4UYOCXwg4CmbWBQTT
                                  MD5:AFF356DEC3C1334DDD637CF7E4938B89
                                  SHA1:8A7DB7DB2F4CE61ADD522F712C3A9D5C8A195451
                                  SHA-256:170B6C797D0593962B4019796499CAEF8B5D179B3157FD51E2F9B60FA8EB178C
                                  SHA-512:6E567C4BFA9D3E00A25168274A950C38E74FB26D6966E524CE504F0EB7562C752308A536EDF3CC6D4FB4ADE70297137C119486C61423F3BB2F2F22FBB2B7095C
                                  Malicious:false
                                  Preview:16:27:56.058.INFO.Signaling force websocket stop..16:27:56.065.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:29:05.058.INFO.Socket connected to getscreen.me:443..16:31:24.047.INFO.Signaling force websocket stop..16:31:24.278.ERROR.Socket unable to read..16:31:24.308.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:31:24.308.ERROR.WebSocket connection error getscreen.me/signal/agent..16:33:49.367.INFO.Signaling force websocket stop..16:34:05.546.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:34:16.330.INFO.Socket connected to getscreen.me:443..16:36:29.362.INFO.Signaling force websocket stop..16:36:30.644.ERROR.Socket unable to read..16:36:30.645.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:36:30.645.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251001.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.756484494335452
                                  Encrypted:false
                                  SSDEEP:6:CJ2XIX+WgIJUNcXIXNLD4EQj6dzvRWl8Rvvn:CMgCh+6tvvn
                                  MD5:6351855088B6D724FE5C043E85469C5E
                                  SHA1:95C3FE8962DBCA89829F61B909B804327D26A8FA
                                  SHA-256:EAB95DB43699202A251564E458ABD199459F82DE1052A6D265081B260C2D4BE5
                                  SHA-512:7604DD9A5718515C02EBDF1065943219A23EC10590220AEB9BE6DBB89AB5FE67033D83F239E1C04AD138AB511CA629838DAD3FA5ED4EBAAAB33DBA1E227B6369
                                  Malicious:false
                                  Preview:20:25:42.790.INFO.Signaling force websocket stop..20:26:38.960.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:26:47.223.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251003.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.992338088901946
                                  Encrypted:false
                                  SSDEEP:12:gYWf7jQj8P40qU5bFYUs4X2Chms2tvvNY6By6BBQj8P40M5T:gjnDAIbF/QGmXtv1FxjDAVT
                                  MD5:7878DBF2EB8F5040BAEA70F1D64BA4B5
                                  SHA1:EE1486127686BDF90B35EC788B31C32B7C8BCD8E
                                  SHA-256:05A59168CEA5DBEAD844450CB3A578A60AABA49C32DB09C4AAA8516806FC3664
                                  SHA-512:7DB3B0320BB4669A6754206B0DEB23A8B739AA053380F8D6528393A79115E3B0B12223DD8F2EA7E924C6A3E5BDC8660D00FF5E68D69202ED258051BB47A45DAF
                                  Malicious:false
                                  Preview:23:43:20.938.INFO.Signaling force websocket stop..23:43:24.667.ERROR.Socket unable to read..23:43:24.687.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:43:24.687.ERROR.WebSocket connection error getscreen.me/signal/agent..23:45:41.262.INFO.Signaling force websocket stop..23:46:39.524.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:46:39.754.INFO.Socket connected to getscreen.me:443..23:49:03.435.INFO.Signaling force websocket stop..23:49:03.696.ERROR.Socket unable to read..23:49:03.696.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:49:04.602.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251005.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:O+3znXXINF+WgIO0/Vyn:O+3rXXIX+WgIJUn
                                  MD5:7EBC8E5EFD7F4EA98DDEDB965F3CD71B
                                  SHA1:38C4C86916D9014C2601CC8B8D5664F4588287FD
                                  SHA-256:4D1D381ABBA74B2C3154472F67A13E7309B94BA27463211C0977B656D0F43A13
                                  SHA-512:978F6AEEEBCEB901DE92BC94ECC14CFF9045BBE99233728A013ADBBA84B76D936FDC701A0BE897A2C6022D49DE48E858729B2A6C192DF767600AEAA2B6EB0007
                                  Malicious:false
                                  Preview:03:03:46.289.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251007.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.988317318561967
                                  Encrypted:false
                                  SSDEEP:6:mmWXXIX+WgIJUQNn2XIXNLD4EQPuXdzvRWl8RvvBQvXIX+WgIJUWcMwcud2M0CCC:mTM2CheytvvBQvoSZQj8P401oi5T
                                  MD5:50E29F1634243F8048F86419FEFF829D
                                  SHA1:32E6222485B7F0DD9A721FFC469332FD33AB89BE
                                  SHA-256:F3394B39B9E4975246BC4B1D15B3045637B576431B58834C91A277F40CDF494B
                                  SHA-512:1892C6B305BD3CA1FAE3836A8DD32FA72B2AAC077E4B8A7914C85F36BE3C6093D12901C81FCDFB526E8AB98866C8601727516EFC37E559B431AC7E49216F7323
                                  Malicious:false
                                  Preview:06:18:51.113.INFO.Signaling force websocket stop..06:19:19.717.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:19:23.740.INFO.Socket connected to getscreen.me:443..06:21:33.300.INFO.Signaling force websocket stop..06:21:33.581.ERROR.Socket unable to read..06:21:33.581.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:21:33.581.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251009.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):598
                                  Entropy (8bit):4.959783178688526
                                  Encrypted:false
                                  SSDEEP:12:4q4oNChYL2tvv5yo+UE+UjQj8P40dUU58lChY:+YGS2tvk0IjDA7A8lGY
                                  MD5:5789EF65A699FAD05EBED08C963ED24D
                                  SHA1:100B98FB4694ECD54510E32ED4E096DF5EC03027
                                  SHA-256:FED13E044FAF0DD3DCE69947D9EA94CD8DFF0FF0F89B3E7DDC3552255734868C
                                  SHA-512:D10EAB675E56D18876C646E90836993DE5C739C70E4366B1DB13CBAF3425072116DD387B9445FD4D04DB1FE2326E537443DA583801AEEEA7C497F1A28C212989
                                  Malicious:false
                                  Preview:09:37:27.279.INFO.Signaling force websocket stop..09:37:29.031.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:37:30.435.INFO.Socket connected to getscreen.me:443..09:39:54.462.INFO.Signaling force websocket stop..09:39:54.944.ERROR.Socket unable to read..09:39:54.944.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:39:54.944.ERROR.WebSocket connection error getscreen.me/signal/agent..09:41:31.785.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20251011.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.806656707462825
                                  Encrypted:false
                                  SSDEEP:3:OfQT+4JsKiXINF+WgIO0/Vyn:OezsXXIX+WgIJUn
                                  MD5:40185B5D7A0C9B38144BB058508AE3AF
                                  SHA1:96E489102825648850B5CCECD80420286B3235B1
                                  SHA-256:D20F1A6FD38A464A90B598D1C01887C5FA433FF112427A59E33134BAD3FEC74C
                                  SHA-512:65CB0C214DED99C1D5ACEC134779AB3947B6D78CAE83E290844ACFBD475BDF55A9FAFED08C8F35FC381B4C79E36295A23997555D75054EBF574876151130C71F
                                  Malicious:false
                                  Preview:12:56:37.879.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251013.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.699513850319967
                                  Encrypted:false
                                  SSDEEP:3:KfiMUSN3qs2XINF+WgIO0/Vyn:KqO9qs2XIX+WgIJUn
                                  MD5:8996E8AD987D665291CE7F45D6E0363E
                                  SHA1:42BAF7A5CAE1C98B5967D8933014360D643D4CC6
                                  SHA-256:0E497701A2F317A1C13A4D4E9A069D8C6A671BFD978A31770AB0AE30A0519609
                                  SHA-512:C4A3BADC24C20A2DF22998E6B81A4C484813B97FF31ABFCD2901D61E2421CF5232829F98F84E07C5E7F4047CCAAD14440EF513DCEAD5F91F9E6DAE74FB8C028F
                                  Malicious:false
                                  Preview:16:12:23.367.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251016.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.735228136034253
                                  Encrypted:false
                                  SSDEEP:3:F19h1KWXXINF+WgIO0/Vyn:nNXXIX+WgIJUn
                                  MD5:25CE0235188BB553376E0FB1EF555610
                                  SHA1:9F95A88A5E671720BD74325734F15C2919895757
                                  SHA-256:FCDA03663568FB4D74F010A320AF963AC3B34DA95C8F72CCE38410958699900A
                                  SHA-512:AAF5369D3AE981A83AD5E147194989F37CC714247DDCDD3E40D492EEE9559C76CDE203B92570F2CDA255229FACDE25D6F5B2C3845D32DBBEE82B8A52F61C8122
                                  Malicious:false
                                  Preview:19:28:02.083.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251018.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65
                                  Entropy (8bit):4.229362621582544
                                  Encrypted:false
                                  SSDEEP:3:/QTR9ridzvRWAAEzRWovn:IdJidzvRWl8Rvvn
                                  MD5:306172E1F5EB572A867247C48E0E91F2
                                  SHA1:A18150FEC34CDCD11EF6DD6EDAE7324B927F77DB
                                  SHA-256:3D3A5F79953F83A7EEFACFE7C13BA7BF7862BD5DE583348367A641F907595931
                                  SHA-512:59DFB5CC36584F7B09FA5180320C99CD547D614E71D103A6FC817B7C813A9BEE1ABBB691926FE95B1D142A67196D598A755DF603B54145A96F922FBB94EE561C
                                  Malicious:false
                                  Preview:22:42:47.642.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251020.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.91364502199665
                                  Encrypted:false
                                  SSDEEP:6:gQGwiXIX+WgIJU3AMhAud2M0CCQP5K0CA9EDNBQEQYX2fQC12XIXNLD4EQLcLDrU:Ep3Qj8P40x9G5p2fQC12Cha6Dr2tvvn
                                  MD5:263719718B5BDA6C546CE669562B892D
                                  SHA1:45864FB2D69F08BC67A6B3BBF1EE22D4867A5EAA
                                  SHA-256:FE3666B0C1915054ED90F8C1950135D3086041A51640CE578B5BF021227D11CA
                                  SHA-512:41B197CE9DD4E4CD374CFAA82FE4186420EC77A542B9FE42E7FF1D7C69EF6B691FC73F558D6E9AE62CB7422DB4EB8B5935CA641AF7B4EB1F12E0899ED563A602
                                  Malicious:false
                                  Preview:01:58:03.210.INFO.Signaling force websocket stop..02:00:46.992.ERROR.Socket unable to read..02:00:46.992.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:00:46.992.ERROR.WebSocket connection error getscreen.me/signal/agent..02:01:56.966.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:02:01.004.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251022.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.936389812244427
                                  Encrypted:false
                                  SSDEEP:6:04s2XIX+WgIJU61DHMsf9Hud2M0CCQP5K0CVDDNBQEQ4:vk1r1OQj8P40In5T
                                  MD5:802C23EB089533A320A4FB9DA68A97C4
                                  SHA1:0CC1555CE77BA16BD5661F65A3938A702B5FD7DE
                                  SHA-256:0B47D4D452DFFA00E84E39F094B5F8EDC386FDF100846BE16B098BE172D4F882
                                  SHA-512:9EBF62DD7BD6C8F8A720D04F9D9EA749AD9156DE5A09907C352C6E315A440D7BC60AA5BD4BC7F0202F6FF0BA43FF9CD81574BCDB4B1A03AB4E3DFC01676B34BC
                                  Malicious:false
                                  Preview:05:18:11.197.INFO.Signaling force websocket stop..05:18:14.605.ERROR.Socket unable to read..05:18:14.645.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:18:14.645.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251024.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6563
                                  Entropy (8bit):4.9930239348430305
                                  Encrypted:false
                                  SSDEEP:192:3TzOCIvZWhDGnIkpf2VdWxhZ+o8C2bBMAi5GPv:3AIKba
                                  MD5:8AFCD193D77A7B2E2CE4D3FEC67FD992
                                  SHA1:9FFE7E0581C99F6EA9D5505EBE2318B435C73A34
                                  SHA-256:2000FDA22B09F7C8A907CCBF2BFB9A77670B030F6E732DCF1BE6AA3B2BAD97F5
                                  SHA-512:44492FA150EDF8FB6B1FD2EAE4FB31DA4761B8603275C06F33CCA93E2FE0544DC984CDE94E648CD88926C7D551F1B5A6BBB0721E20986DF12A85D381D9DED7EC
                                  Malicious:false
                                  Preview:08:32:52.556.INFO.Signaling force websocket stop..08:34:10.171.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:35:12.442.INFO.Socket connected to getscreen.me:443..08:36:24.007.INFO.Signaling force websocket stop..08:36:24.298.ERROR.Socket unable to read..08:36:24.338.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:36:24.348.ERROR.WebSocket connection error getscreen.me/signal/agent..08:38:15.154.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:38:39.182.INFO.Socket connected to getscreen.me:443..08:40:40.488.INFO.Signaling force websocket stop..08:40:41.059.ERROR.Socket unable to read..08:40:41.280.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:40:41.280.ERROR.WebSocket connection error getscreen.me/signal/agent..08:42:58.901.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20251026.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.985926668515525
                                  Encrypted:false
                                  SSDEEP:6:OcsHrr2XIX+WgIJUUoyHMnkEud2M0CCQP5K0CIsDNBQEQhXIX+WgIJUUoxXIXNLW:YH2KoyokRQj8P40Q5gKoxCh3l52tvvn
                                  MD5:610E30BA32A5AF862963B1B46D6B013D
                                  SHA1:1E79C2B6C317B8B557D5D91B11CBAB8127849EA7
                                  SHA-256:20D559E004CBF9C5A564B1142B30F72411C51919F74E5D83D243BEE3191E14B7
                                  SHA-512:5D6ACD85F8AEE304EFE1E0B9AE9413675A488329F4F9CFDC53631F2BFF27DAF86C37E2FA6AC0AD65CA42B581828219806E177FA88A015E9250016834B45D4922
                                  Malicious:false
                                  Preview:12:54:22.577.INFO.Signaling force websocket stop..12:54:26.455.ERROR.Socket unable to read..12:54:26.485.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:54:26.495.ERROR.WebSocket connection error getscreen.me/signal/agent..12:56:51.752.INFO.Signaling force websocket stop..12:57:15.123.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:57:20.466.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251028.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.959610801213795
                                  Encrypted:false
                                  SSDEEP:6:KofXIX+WgIJUU6foEMPfpUud2M0CCQP5K0CafpQDNBQEQmRfUOfns2XIX+WgIJUO:/fK6fKfLQj8P405fs5RNnXKG2ChQtvvn
                                  MD5:ED431FB9AEE1DA205B058C3C7585FD7C
                                  SHA1:A052ADD6A2138F6740185050B5C5756B631E9F18
                                  SHA-256:BD94182FFB6092842920AD39FF2F39FAB6B5B824ECA511D02DEC2EADFD58146B
                                  SHA-512:F694452AD95EAE7CC0F5BEAC8D0D52DA5B4F3073F40855524AA713155F289CEB0225615BEAC8AA5713A93DEB0546981548E8F31DDF84AC340C8E80D2CCB4ABBF
                                  Malicious:false
                                  Preview:16:12:06.951.INFO.Signaling force websocket stop..16:12:11.580.ERROR.Socket unable to read..16:12:11.620.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:12:11.620.ERROR.WebSocket connection error getscreen.me/signal/agent..16:14:36.967.INFO.Signaling force websocket stop..16:14:49.104.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:14:58.060.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251031.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1030
                                  Entropy (8bit):5.004740275113588
                                  Encrypted:false
                                  SSDEEP:24:U8xDAOiEZAiUjX2GgtvefDAVm2wGBitvv:zxDfinrvQ6D4m4Y3
                                  MD5:78D16A6E6C56E910C788437B98822D71
                                  SHA1:B1573C8BF7B4A0F68FA2F71F790ADD90D16C772E
                                  SHA-256:1E380F9F9BC7F457E3EF408DF4B5CA30A4D73BE58886892C11D699EF63073B72
                                  SHA-512:4FF376DC11AD2237DB1B17CC2EBC13B908A41D9EEC244DAFEC749ECF4B3FFF030CA96A68BF84BFADD9E36A3652ABD7686FE495464B1AA3372E84FA194B768329
                                  Malicious:false
                                  Preview:19:29:55.685.INFO.Signaling force websocket stop..19:30:00.213.ERROR.Socket unable to read..19:30:00.254.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:30:00.254.ERROR.WebSocket connection error getscreen.me/signal/agent..19:32:13.642.INFO.Signaling force websocket stop..19:32:56.686.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:33:07.187.INFO.Socket connected to getscreen.me:443..19:35:20.879.INFO.Signaling force websocket stop..19:35:21.010.ERROR.Socket unable to read..19:35:21.010.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:35:23.492.ERROR.WebSocket connection error getscreen.me/signal/agent..19:37:46.146.INFO.Signaling force websocket stop..19:37:55.514.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:38:02.921.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20251102.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.992141512702165
                                  Encrypted:false
                                  SSDEEP:12:cTR2EeG6Qj8P40Kls5b7nmYzQChzXtvvqY3zq3BQj8P40oi5T:E2EeG6DAlGb7nmtGzXtvCXxDAeT
                                  MD5:202418B86DE9004C8CC286C959E63330
                                  SHA1:3812D97BFD5B55CB7A9A58C20FF60357118768B9
                                  SHA-256:AEA78F563F2F8962989F2BC50C48A346E5ABE0816B953E61A592354FA2317BC4
                                  SHA-512:D8FCD626AF6E424FA31A1B457B5669C7D9876C40325FE6763042CA7EC2B243DC826D9800CDE299679A57842A6950BA313E001C67580A5D7F737FFAF1CE112882
                                  Malicious:false
                                  Preview:22:54:39.666.INFO.Signaling force websocket stop..22:56:38.759.ERROR.Socket unable to read..22:56:38.799.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:56:39.013.ERROR.WebSocket connection error getscreen.me/signal/agent..22:59:03.962.INFO.Signaling force websocket stop..23:00:39.622.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:00:48.355.INFO.Socket connected to getscreen.me:443..23:03:02.770.INFO.Signaling force websocket stop..23:03:03.131.ERROR.Socket unable to read..23:03:03.151.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:03:05.358.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251104.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2499
                                  Entropy (8bit):4.982706543133085
                                  Encrypted:false
                                  SSDEEP:48:PRNxDzwXaNDiuBBDjBSHTNTCsDvD01NgDQYJTNhDjgDM3:Phw9uBBBSHRCOD0pmLgDi
                                  MD5:840859BC70F3E496E9CDE59EF20E3E96
                                  SHA1:A50E3504A6832F1C56AC040D3D679A609DB1B68A
                                  SHA-256:6426AA9A1C04BC223AF88DC4AC5BFB0373C8AD930D843AE3C2B164FDD111779C
                                  SHA-512:F75B9B87D9562186FC0762316B60E305E50DEFF99676277DC93D1D776FCA1D13F719A4A4614D975EAE0C889A28DF76E8FDFB5A72358326FBA22E85AEFC78FB04
                                  Malicious:false
                                  Preview:02:18:06.868.INFO.Signaling force websocket stop..02:19:24.817.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:20:25.304.INFO.Socket connected to getscreen.me:443..02:21:39.113.INFO.Signaling force websocket stop..02:21:39.153.ERROR.Socket unable to read..02:21:39.183.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:21:39.183.ERROR.WebSocket connection error getscreen.me/signal/agent..02:23:34.067.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:23:36.126.INFO.Socket connected to getscreen.me:443..02:25:58.266.INFO.Signaling force websocket stop..02:25:58.467.ERROR.Socket unable to read..02:25:58.828.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:25:58.828.ERROR.WebSocket connection error getscreen.me/signal/agent..02:27:17.948.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20251106.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.893300400092206
                                  Encrypted:false
                                  SSDEEP:6:0Qg2XIX+WgIJU6gMsfsud2M0CCQP5K0CgDNBQEQ4:9kqRQj8P40h5T
                                  MD5:FBFD916639AE59015209C6EF6EE26EFF
                                  SHA1:7A56234A1608FB71E463EA23925C14B06D6A4819
                                  SHA-256:5CA723E3C37055E33911B5C949EB1E235AD7207502E42E888613998E972B677A
                                  SHA-512:4AD4E3AAD2D1CDBA714736B7D1A13DA7628A1FDCA7E8E2215410A6DAFADFC7DAABE5A7B46226D9486BAF7B5027CD4F3CCF3743D3F8BF55C0B9E3582A7F23A456
                                  Malicious:false
                                  Preview:05:54:03.345.INFO.Signaling force websocket stop..05:54:07.385.ERROR.Socket unable to read..05:54:07.415.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:54:07.415.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251108.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.6637995646056805
                                  Encrypted:false
                                  SSDEEP:3:4vZnQXINF+WgIO0/Vyn:4RQXIX+WgIJUn
                                  MD5:56D964AEB3F3FF5AA3CCBEA23EC9A2D3
                                  SHA1:EB61EF0753D89AB8EE0481783828D6865382984F
                                  SHA-256:D32AC547833A1655FE05A7634DA66889AFC6C53DE9A565F83218B7E648912F99
                                  SHA-512:40BF8E62587A52A34529248116086CE5B47A6003686416A0D2C8E0E919BE84488AA3385DC1DBED87E8532CE62AF2D084352019018AF679694DACE72FA7F43DDF
                                  Malicious:false
                                  Preview:09:08:49.993.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251110.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):775
                                  Entropy (8bit):4.9869607723947205
                                  Encrypted:false
                                  SSDEEP:12:M6NFChDKwt2tvv/QKke6Qj8P40gb5jn2K1Ch+oaXtvvPQ5:M6DGD3EtvHQL5DABjn20G72tvnQ5
                                  MD5:1B249EF63107554539B307323EF924F5
                                  SHA1:DDF46C3CAC5833B5532786924A95CF88A4414E45
                                  SHA-256:C86A8139E4E5EFD66742BA84843E8A60278C6576A0D811AB0A0506CB62B93A70
                                  SHA-512:B99329CA1E07F5AA90E06D9FF351FB507AD850E3BE0DEDC27A0DBCF16336F36E3BED725A31EC11AA1B467E383B32B51BA3F621FD8242C10CB89840996D9CDB24
                                  Malicious:false
                                  Preview:12:24:49.951.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:25:45.100.INFO.Signaling force websocket stop..12:26:06.304.INFO.Socket connected to getscreen.me:443..12:29:08.590.INFO.Signaling force websocket stop..12:29:08.761.ERROR.Socket unable to read..12:29:08.781.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:29:08.781.ERROR.WebSocket connection error getscreen.me/signal/agent..12:31:34.286.INFO.Signaling force websocket stop..12:31:35.218.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:31:38.775.INFO.Socket connected to getscreen.me:443..12:33:59.780.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251112.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):403
                                  Entropy (8bit):4.910847224982158
                                  Encrypted:false
                                  SSDEEP:6:buBUM2NyUud2M0CCQP5K0CpdQDNBQEQFPnXIXNLD4EQoAR2dzvRWl8Rvvn:buBBBQj8P40g652nChNAR2tvvn
                                  MD5:30666E231FEFB9B08F49F7D079374930
                                  SHA1:E8DD01FD70C53A936F2EBD7004B313B683D8B487
                                  SHA-256:A6E69DFE7E6E97DEACA46450BBAB7930B73C13F9515FDC87DFB222F07D8C82B2
                                  SHA-512:1EF60124CAD7E05C269EF799C0679E28A386579047602594BD1477ABF415D3F5612854C4B9B94C5FD7665C84ADC0C62130532688BD7001859AA67491B5F09173
                                  Malicious:false
                                  Preview:15:50:29.854.ERROR.Socket unable to read..15:50:32.222.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:50:32.232.ERROR.WebSocket connection error getscreen.me/signal/agent..15:52:29.040.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:52:31.306.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251114.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2866
                                  Entropy (8bit):4.997848725888176
                                  Encrypted:false
                                  SSDEEP:48:JDFqeekgDZ4weqDH39uDgltKCVDc4WbiDiLu3:Xqp4g3FltKJ4eLo
                                  MD5:1E36D772848D64C278C2E7AE9E45C538
                                  SHA1:ADA714CD8BB3245624ECCDAA4DFE28A216B56AA6
                                  SHA-256:CF458EBD999E9E7B24E1129FDDC658BEA619D7A3025DE8FB7BAFC53262A346E8
                                  SHA-512:A69410A968450219E1D947049A7D6F21AE7316134EB515725C850168427226E8EA6EA2F32EBF7B80F0F76B6F3604599DE40DB70636468AA18EC8C8A023A89FA0
                                  Malicious:false
                                  Preview:19:08:30.660.INFO.Signaling force websocket stop..19:08:32.727.ERROR.Socket unable to read..19:08:32.727.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:08:32.727.ERROR.WebSocket connection error getscreen.me/signal/agent..19:10:42.271.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:11:07.084.INFO.Socket connected to getscreen.me:443..19:13:05.724.INFO.Signaling force websocket stop..19:13:05.896.ERROR.Socket unable to read..19:13:05.906.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:13:05.916.ERROR.WebSocket connection error getscreen.me/signal/agent..19:15:03.284.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:15:25.415.INFO.Socket connected to getscreen.me:443..19:17:27.000.INFO.Signaling force websocket stop..19:17:27.392.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20251117.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1800
                                  Entropy (8bit):4.989213762907863
                                  Encrypted:false
                                  SSDEEP:48:tD7b7cvTmDibODNObOwDqbA1TD7nD/8bH:1nmF4OskhD778T
                                  MD5:621E2D96B22C7875AFF81883800CD245
                                  SHA1:D2255B77A14B392D053F4F64789E534EA47ECAF9
                                  SHA-256:D63113BCE1BF98EAA5D4BA8735A6360C5D88EBFD78541F873354763983A45374
                                  SHA-512:17A662B4820A9F44C090CE05AAD8B51883F4135A9737105D5C8581A37311801E19D0FA4B7FB821B0000997734CBFCA224262E24D2C89574F3B5D66C278509DF7
                                  Malicious:false
                                  Preview:22:49:13.325.INFO.Signaling force websocket stop..22:49:16.292.ERROR.Socket unable to read..22:49:16.322.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:49:16.322.ERROR.WebSocket connection error getscreen.me/signal/agent..22:51:30.116.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:51:35.264.INFO.Socket connected to getscreen.me:443..22:53:43.830.INFO.Signaling force websocket stop..22:53:44.231.ERROR.Socket unable to read..22:53:44.242.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:53:44.242.ERROR.WebSocket connection error getscreen.me/signal/agent..22:56:09.487.INFO.Signaling force websocket stop..22:56:30.527.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:56:41.694.INFO.Socket connected to getscreen.me:443..22:58:54.582.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20251119.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.7747815214474665
                                  Encrypted:false
                                  SSDEEP:6:WmXIX+WgIJU1U24r2XIXNLD4EQLcpdzvRWl8Rvvn:Wmr3ChaStvvn
                                  MD5:0A97963E4521AE251EB4CB34DEDE1885
                                  SHA1:E447915D4C80BA13D87820F2CD3554B4D94C3B2E
                                  SHA-256:041259DD9A9E3273A1C956A561B7A49DF4BF740C76B0FD0CE1765AE69E282161
                                  SHA-512:50F271E63C1A3A6CBEE721182ADCAE4C764D2CCC9010E94AAB6BAC5EBACBC42D662951B9E19BE7EAD040F868AF49AAEC261D5CFC3CA1D79E1AA5B5F39DD82FE4
                                  Malicious:false
                                  Preview:02:21:39.929.INFO.Signaling force websocket stop..02:21:41.735.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:21:56.350.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251121.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.973359001580345
                                  Encrypted:false
                                  SSDEEP:12:W+kl3+l3RQj8P40a3q5Q/Ch63tvv94rik+eI+ejQj8P40JO5T:W+klulBDAhSMG63tvgikJIJjDAlT
                                  MD5:7EED342EFD15315DD2C8D334C3560C83
                                  SHA1:4C32DEEE9ECDD694484496723401F6D16CFF2A5F
                                  SHA-256:12D6563D6014B83D7A2A8DE4D1294CC11B94CFAC1696722B50C23486F164FCF9
                                  SHA-512:0245E9B4F45182D0FC8FFF13E4AC72408444B14EE8ED0A69F4B6E60A8DAA2A9CF1D22B2D1063BB821D5FE1F431E3A7D5E58CFF7D34661BF09AD962CB07537653
                                  Malicious:false
                                  Preview:05:37:22.459.INFO.Signaling force websocket stop..05:37:31.080.ERROR.Socket unable to read..05:37:31.080.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:37:31.080.ERROR.WebSocket connection error getscreen.me/signal/agent..05:38:53.628.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:38:55.005.INFO.Socket connected to getscreen.me:443..05:41:17.713.INFO.Signaling force websocket stop..05:41:17.784.ERROR.Socket unable to read..05:41:17.784.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:41:17.794.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251123.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2575
                                  Entropy (8bit):4.995189406533606
                                  Encrypted:false
                                  SSDEEP:48:gvOKHDSEAU1aVtEDBP2MfsDB0CFdoHD1CyfyvpDTT:KiNUiEP2NfdgCyf6BT
                                  MD5:038707CD2A10111AFC9191975CAA79BF
                                  SHA1:32131ED63B96E13303134F62C4295D3DB5AFF3EA
                                  SHA-256:5300FA9755254CF459FD7A7909D48BEA616CD5162AAEDC39D298BDC9FFD2AB94
                                  SHA-512:4D271939F2DCA3E411BE2DA23889E14ECD2DE6038B2BA81AE27402F9A434E23347CC21EDAF1B240B019D26F6F8EF682AEBDEBFBD010475CC15C869698840ED12
                                  Malicious:false
                                  Preview:08:56:52.775.INFO.Signaling force websocket stop..08:59:31.126.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:59:34.489.INFO.Socket connected to getscreen.me:443..09:01:56.191.INFO.Signaling force websocket stop..09:02:02.791.ERROR.Socket unable to read..09:02:02.831.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:02:02.841.ERROR.WebSocket connection error getscreen.me/signal/agent..09:04:28.206.INFO.Signaling force websocket stop..09:04:56.835.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:05:17.716.INFO.Socket connected to getscreen.me:443..09:07:20.608.INFO.Signaling force websocket stop..09:07:25.898.ERROR.Socket unable to read..09:07:25.913.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:07:25.923.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251125.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1030
                                  Entropy (8bit):5.00912408032393
                                  Encrypted:false
                                  SSDEEP:24:h/DtGUtvFO7jXQxDAeXQir2gSG0+tvBDyDAxT:q0wKDRdfz0S4DAT
                                  MD5:BE0997EB50C440D8EFD12CE55D4F253C
                                  SHA1:DD9D2122ABFF5D6CEC14A155B5A7DED24031AAA8
                                  SHA-256:71F3E2C03A5F7491A829D4338E5C3C9AE4DA1E61822903A2321E82073A63B78F
                                  SHA-512:6E56A579A5B31AB458E0D9D660C14E3F97AE61E6A19B174C58D40ADDDC072013C622AB40AA51934CCDF86EF87BA3BFF718C4D5206FD3751E91F89D88EB5B4E20
                                  Malicious:false
                                  Preview:12:38:29.909.INFO.Signaling force websocket stop..12:38:45.897.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:39:07.850.INFO.Socket connected to getscreen.me:443..12:41:23.834.INFO.Signaling force websocket stop..12:41:24.776.ERROR.Socket unable to read..12:41:24.816.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:41:24.816.ERROR.WebSocket connection error getscreen.me/signal/agent..12:43:50.375.INFO.Signaling force websocket stop..12:44:36.748.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:45:19.927.INFO.Socket connected to getscreen.me:443..12:47:11.942.INFO.Signaling force websocket stop..12:47:12.383.ERROR.Socket unable to read..12:47:12.393.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:47:12.393.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251127.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2096
                                  Entropy (8bit):4.982082852408356
                                  Encrypted:false
                                  SSDEEP:48:/RzD6+mvx3jDuARQeJDWRgvuanYxD/HQA3:/A+glRQDRKcHQG
                                  MD5:F5145B9E4213990EF80DB630507E8BEB
                                  SHA1:A4EAEDEA972E3A308DEDFE9FDCC4B243D6F08081
                                  SHA-256:63BBEDA80E00AD405451F033D7B081FCCFC39725166A0307E0EFBD7DB9D2C3FF
                                  SHA-512:0248BCFA44ACA2E97A96E16366EF91A176478D21DEFFB316EC2B1FF168F8E58ADE88CA981DE12E437D2B3933D4DC48B7DABDCCECF61B0F9DC750429F4B77C7DA
                                  Malicious:false
                                  Preview:16:01:52.357.INFO.Signaling force websocket stop..16:02:50.849.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:02:56.244.INFO.Socket connected to getscreen.me:443..16:05:14.402.INFO.Signaling force websocket stop..16:05:14.733.ERROR.Socket unable to read..16:05:14.733.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:05:14.733.ERROR.WebSocket connection error getscreen.me/signal/agent..16:07:21.497.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:07:23.518.INFO.Socket connected to getscreen.me:443..16:10:39.853.INFO.Signaling force websocket stop..16:10:41.139.ERROR.Socket unable to read..16:10:41.240.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:10:41.240.ERROR.WebSocket connection error getscreen.me/signal/agent..16:11:58.454.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20251129.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.984392342448351
                                  Encrypted:false
                                  SSDEEP:6:RuSqXXIX+WgIJUU3iMgiud2M0CCQP5K0CRmDNBQEQ4:RuFKMzQj8P40WE5T
                                  MD5:423607706325BAF30500BA3D647424AA
                                  SHA1:468CD38A80ACA3D2F7536BCC95ABA8AED138CB8D
                                  SHA-256:ED77EAA8AE32F26D57F6F37677C4BABA52098D9474BDC56121CC6BC51D782D4D
                                  SHA-512:270B8DBC2BBC7CA75C9F098B199685CD9CD285BDAAEF59B6B15BA539C88CB13FCAFB4518983CAB7952FC4C2DEA48B86722F454F5285A984069E5FB34E9E53AC8
                                  Malicious:false
                                  Preview:19:35:41.861.INFO.Signaling force websocket stop..19:35:44.522.ERROR.Socket unable to read..19:35:44.542.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:35:44.542.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251202.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1030
                                  Entropy (8bit):4.985996333227689
                                  Encrypted:false
                                  SSDEEP:24:Gm7XG6c2tvx/mY8DAFzb7EuGWmtvNvDART:Ge2Na1n8DSzb7I7dDET
                                  MD5:AC1A28FD4001A721F25981EF94092CDA
                                  SHA1:70EC3AB504009DDDA7E2D6A2E7EAB72625213D6F
                                  SHA-256:0A3020D928E8399E0780CFE90D5974652F32EDD51931C2467F0DAB13D6688B36
                                  SHA-512:E5DA67CF7A53893D8900AAD553DF7501FE32CF0DD6D17D619F37397EB74ADAF38A104DA23EFE966ED0274D663C0D2371FC9F3FA4DAE3EA1CFA61D9FCE1C406A1
                                  Malicious:false
                                  Preview:22:50:58.322.INFO.Signaling force websocket stop..22:50:59.455.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:51:02.416.INFO.Socket connected to getscreen.me:443..22:53:24.769.INFO.Signaling force websocket stop..22:53:25.371.ERROR.Socket unable to read..22:53:25.391.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:53:25.391.ERROR.WebSocket connection error getscreen.me/signal/agent..22:55:37.352.INFO.Signaling force websocket stop..22:55:42.235.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:55:42.284.INFO.Socket connected to getscreen.me:443..22:58:07.465.INFO.Signaling force websocket stop..22:58:07.897.ERROR.Socket unable to read..22:58:07.897.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:58:07.897.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251204.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1234
                                  Entropy (8bit):4.9678887088333985
                                  Encrypted:false
                                  SSDEEP:24:F8gG5QtvlEXkBDASS9X2mG4tvlGFCf8fFDAjfucmOGHtvv:I5ANEkD4QfYNKDXjN3
                                  MD5:433C37D4CB27686A17BE15E5AEA6E217
                                  SHA1:8B39F91D94948BC5884D68F722F28DC957253C85
                                  SHA-256:E6763A722B563A7F54406351EA9407F17F984F38700D62B2C9AE023976957B57
                                  SHA-512:D3907ED9A68FB77039668B9705D21F12F7C584EF34D172711144FC01737F73BC315682E722402C6D8EFA05042EA3FC5ADF227291F60AE2D07898C813EB2C88F6
                                  Malicious:false
                                  Preview:02:13:44.341.INFO.Signaling force websocket stop..02:14:42.669.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:14:42.914.INFO.Socket connected to getscreen.me:443..02:17:30.177.INFO.Signaling force websocket stop..02:17:30.417.ERROR.Socket unable to read..02:17:30.478.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:17:30.478.ERROR.WebSocket connection error getscreen.me/signal/agent..02:19:55.843.INFO.Signaling force websocket stop..02:21:29.968.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:21:35.820.INFO.Socket connected to getscreen.me:443..02:23:55.007.INFO.Signaling force websocket stop..02:23:57.220.ERROR.Socket unable to read..02:23:57.220.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:23:57.220.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251206.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.929703061910108
                                  Encrypted:false
                                  SSDEEP:6:0yn2XIX+WgIJU6NyMsf8ud2M0CCQP5K0CQDNBQEQ4:n2kNIhQj8P40Z5T
                                  MD5:D0E9E65486C67D34EAD0955D3718208D
                                  SHA1:D548512518C57510FC76DD4309374B29E9A6228C
                                  SHA-256:12BE5EEACB0EE660736C53247D816BF1A7B9F32C8E88B504B1B2302A96263004
                                  SHA-512:BA804AAA221DBA81C34EB4341959D3EF693DDBDA117082292FC75FFB1A303516E2AF13780BF52093780D6E58DBB9528B1207884EAD08A61B62B60B4800233E2D
                                  Malicious:false
                                  Preview:05:43:14.177.INFO.Signaling force websocket stop..05:44:45.092.ERROR.Socket unable to read..05:44:45.122.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:44:45.122.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251208.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.763395815581614
                                  Encrypted:false
                                  SSDEEP:6:4G4X2XIX+WgIJU23fXIXNLD4EQ+GH1qXdzvRWl8Rvvn:Js2oPChaVmtvvn
                                  MD5:9096ECE51DD650ECA6D7AE4FA0394A05
                                  SHA1:54AD4C599E03127D0D0207A54A1B07FD300AA8BF
                                  SHA-256:8606A8CDB8EC129A6CCE025D727688A7939808F8F6E2BCC0330972E00FC1EF81
                                  SHA-512:B8017851CA8B3071D12E946D49E9ABA68CC8277DB1A9AB1AC1ED7F2E640A97BF3BCDF77DE259EB0FFA1D05429AAA3DEC9148B11A2AF499EBC2B754CB7D5F383E
                                  Malicious:false
                                  Preview:09:00:48.066.INFO.Signaling force websocket stop..09:00:52.730.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:01:31.161.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251210.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.93065757138815
                                  Encrypted:false
                                  SSDEEP:6:OCfGl2XIX+WgIJUUsPyMjpyud2M0CCQP5K0CMp2DNBQEQ4:FfbKsvpjQj8P40HU5T
                                  MD5:F4E0AF916CB0B71B08BD3018E3F15861
                                  SHA1:6AFF4FA5215250F78250B722B3F7BF36ED6D7235
                                  SHA-256:BCF1FD190228230E090528ED077A5C8BC6B8E5F6C5AC556E7E7228EC98DB50E8
                                  SHA-512:6D90045BD9408E44E8E4780D7168BD2E08D1452BB349A37D1DC954A206E27265147B1707BCC98C8DFF9310F0A7A4B0ECAEC9A25B3C3ACC4DB5428BC24079EDD8
                                  Malicious:false
                                  Preview:12:16:56.877.INFO.Signaling force websocket stop..12:17:03.701.ERROR.Socket unable to read..12:17:03.721.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:17:03.721.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251212.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6216
                                  Entropy (8bit):5.012625001891794
                                  Encrypted:false
                                  SSDEEP:192:vqxeanQgE5HhOdBrRJNRkN7Lw79dF4RjI:vSdnZ
                                  MD5:9022ADB3B07DBFA0CCAFF410F8E11AB2
                                  SHA1:3C351CAF859C579161A75B88717C70B0D5233DCF
                                  SHA-256:DEE5651A8847B3003EDF476C542400A6B21A43FE400494B81C567F2402CF261A
                                  SHA-512:44AC9BB33B667275BC324BA5CD4F1FB5205EFB38D2C0F0A588ECAB163509962C8B9B4CC47750BD71E300E40B3832301CD63EE1258830B9402B8474429FDCA483
                                  Malicious:false
                                  Preview:15:33:56.088.INFO.Signaling force websocket stop..15:34:01.663.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:35:56.441.INFO.Socket connected to getscreen.me:443..15:37:47.016.INFO.Signaling force websocket stop..15:37:50.972.ERROR.Socket unable to read..15:37:51.002.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:37:51.012.ERROR.WebSocket connection error getscreen.me/signal/agent..15:40:16.453.INFO.Signaling force websocket stop..15:40:48.638.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:41:22.589.INFO.Socket connected to getscreen.me:443..15:43:13.972.INFO.Signaling force websocket stop..15:43:18.939.ERROR.Socket unable to read..15:43:18.969.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:43:18.969.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251214.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.974891961604675
                                  Encrypted:false
                                  SSDEEP:6:Ljn2XIX+WgIJUUjMNEud2M0CCQP5K0CqADNBQEQ4:Pn2K2RQj8P40Tq5T
                                  MD5:23F737E8D13A24166886523EA93D28B5
                                  SHA1:8F0564B07191D096FD497622C0F2F2F2508C1538
                                  SHA-256:2D4F1642121EEEBD876414511504148C6F0112E981F24D1B1C353146F27CFE82
                                  SHA-512:9773D0B4AA90BD480DDC950D49FD1B57FFDF228B6E40964ABEDE462D785DC6845BE01C8CEE2AABD320AAEBF27225A9C8DA95B1149916994C040C1CEEB2CBA13A
                                  Malicious:false
                                  Preview:19:55:37.176.INFO.Signaling force websocket stop..19:55:49.814.ERROR.Socket unable to read..19:55:49.845.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:55:49.845.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251217.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.806656707462825
                                  Encrypted:false
                                  SSDEEP:3:bTsnXXINF+WgIO0/Vyn:0XXIX+WgIJUn
                                  MD5:B7147FB9B75B5840F092C0986224D8BC
                                  SHA1:724FEC3989E5A5DC0B014C30E966AA099070C7A7
                                  SHA-256:21BC7C179C54CE024D320292D384F1BE88AC498341C74CE85B17FD51754304EA
                                  SHA-512:2C886DC44FD58B4AB8B470EB1CA9A7A413023F18E0C119CA5A540472F332AA5C7984A381A96F98C9910072775FF27560DB44D1D18FC1285B621DE7C304EF3A59
                                  Malicious:false
                                  Preview:23:10:19.758.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20251219.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.945101240473816
                                  Encrypted:false
                                  SSDEEP:6:G4A2XIXNLD4EQLaBIs2XIX+WgIJU1SZ32dzvRWl8Rvv9Es2XIX+WgIJUeM4ud2MS:GN2ChaaBIXrSJ2tvv9Es23Qj8P40xi5T
                                  MD5:2A190A8EA463B287EE1CB83E4BB36472
                                  SHA1:38685FA8343F4C26440E2FAB908A8335D8D7E0F3
                                  SHA-256:90D77A54928C37DB9C233BF85B3BC691AB15D65F472A4B5CC0A95EEF491CED4E
                                  SHA-512:22DEBC08194251B9862B059FC9F88CAF406483C8374E29D2F9BADE428B854A300356AF62523983B8FE4398E36B9CCDFF50F028A80D449BEAD9DA0B18D8799611
                                  Malicious:false
                                  Preview:02:26:57.344.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:27:19.275.INFO.Signaling force websocket stop..02:27:38.124.INFO.Socket connected to getscreen.me:443..02:30:33.704.INFO.Signaling force websocket stop..02:30:33.724.ERROR.Socket unable to read..02:30:33.724.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:30:33.724.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251221.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1178
                                  Entropy (8bit):4.944503825110783
                                  Encrypted:false
                                  SSDEEP:24:wk+GfMXtvtkqVDA7EkiG5tv2XkzLxDAfiCGA2tvv:VXkdq4DWZDLOUvxD+ijAa3
                                  MD5:29550C54A871F9F38A2EC3D8610742DB
                                  SHA1:E9EF156863950ED6AE61C89C5FC0928C294733F4
                                  SHA-256:47E7AB5EAA77E2FE18DF5E544A47E509CB48426C0374609857CF8C8D68AA375F
                                  SHA-512:8609DC051B68A1854BCE21B08BA152185CFF2C9D7D568055DBA5631288C647AF6AB36F71B3AAA30A21822E0D878F94ACDDFFCEE678110037831C0AFE9DD13F04
                                  Malicious:false
                                  Preview:05:47:23.278.INFO.Signaling force websocket stop..05:48:13.318.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:48:33.055.INFO.Socket connected to getscreen.me:443..05:50:37.102.INFO.Signaling force websocket stop..05:50:37.353.ERROR.Socket unable to read..05:50:37.353.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:50:37.374.ERROR.WebSocket connection error getscreen.me/signal/agent..05:53:02.470.INFO.Signaling force websocket stop..05:53:30.214.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:53:30.657.INFO.Socket connected to getscreen.me:443..05:56:46.783.INFO.Signaling force websocket stop..05:56:47.205.ERROR.Socket unable to read..05:56:47.215.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:56:47.215.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20251223.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.939688553083243
                                  Encrypted:false
                                  SSDEEP:6:4RNn2XIX+WgIJU2C7EMgfa7Eud2M0CCQP5K0C27ADNBQEQ4:sR2oCmCVQj8P40rm5T
                                  MD5:F3992D1CBE1C869A05338B1953F0704E
                                  SHA1:FEBBD620B477824480D78675B0A3656FA0795095
                                  SHA-256:45F9E9F9AE8643FA80E2D11FECB51C100BC22F908A2E3B193C6108E8518AFFC1
                                  SHA-512:E4BB5FAFDF7D198CCAFCB98B4805FC5457A82A445F84A57538F54164B42429FE5B5F272231E5FA15C68BE00E7BE1E362FCE70CBDA2D0868D3B54B9907AD614BA
                                  Malicious:false
                                  Preview:09:14:20.076.INFO.Signaling force websocket stop..09:14:23.342.ERROR.Socket unable to read..09:14:23.342.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:14:23.342.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251225.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.787683160887414
                                  Encrypted:false
                                  SSDEEP:6:O/4LXXXIX+WgIJUUu15NriXIXNLD4EQjrIs2dzvRWl8Rvvn:1LXXKGQChGIXtvvn
                                  MD5:1ECA80556233F2F817FABDD78D450E96
                                  SHA1:5D7860C559BC645D839DAA53B7B64AC2B42C7E45
                                  SHA-256:A564456EB41955B21E515AB183D34067816B260066519C76868211FBE6DCB269
                                  SHA-512:5A63F0BA0754BBC10DFB3DA7497B17989A616C3C40713D4503FF89AD74A0A11541BBB8D63193CFA89B27F52F485E77D02E2086BDC2462EB208254BA30A8F2893
                                  Malicious:false
                                  Preview:12:29:19.601.INFO.Signaling force websocket stop..12:30:41.892.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:30:45.267.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20251227.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.952094632021904
                                  Encrypted:false
                                  SSDEEP:6:4vXXIX+WgIJUU4KbMNud2M0CCQP5K0CoDNBQEQ4:4vXK1Qj8P4055T
                                  MD5:D68AAEEF25573F58051CE445BD9814D7
                                  SHA1:38CA9B279262D0393D091CF4E95A6BE17C25D286
                                  SHA-256:B3BA060D2A05C36C7295B5DDED5958E8E52316EAD435B5C05D8FA41642849D1D
                                  SHA-512:9E57ACC991EC60000EE4630EDFE1F69627A85C8A5772BC55417879C1D96C5E755E58660C793C4EC6593B7A1BA944DD3C08DEA838F3155EB4C85E79441AB19549
                                  Malicious:false
                                  Preview:15:47:04.793.INFO.Signaling force websocket stop..15:47:07.534.ERROR.Socket unable to read..15:47:07.564.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..15:47:07.584.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20251229.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:F4uvsKr2XINF+WgIO0/Vyn:RsKr2XIX+WgIJUn
                                  MD5:5E316605ECEA6CA8E454A5E074A827D4
                                  SHA1:52024811D59A7585CABE9FFDBE7698F5A9F58C66
                                  SHA-256:A2E0332858DF34E62E2ADDC1C814E9136AC65C18F672DED9BD29269CE997C1AE
                                  SHA-512:159D39C4D26358A3E789A1D7D8697FEFF5EC02D7AB345CF6EF75E88610AA0E98912822775191A9E4BD37517DA57682EF18EDA206A15B871AA7250594F59A7A62
                                  Malicious:false
                                  Preview:19:01:50.604.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260101.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.991580019810418
                                  Encrypted:false
                                  SSDEEP:12:lLaXCh4XXtvvtM3AmuQj8P40Rl5b62Ch4aQtvvfY12acGQj8P40UP5T:lL2G4XXtvWPuDAob62GKtvo8acGDApxT
                                  MD5:FB538BF43C7C9CCE2D4792050614D14D
                                  SHA1:3E8D0349FB74286D80221CC229F4BF140BDCFB1F
                                  SHA-256:41FAB3C618B224D3BE1F33837F9E96DA836448F53EC199F7599419685593226D
                                  SHA-512:E35758B0E267F8F7A88A871F9CCC7841DE77EE0FD9B907AE1688C43B32E0BC430AB745049D5393B528AE715794623A718FE56A7FD2B6B11B03B9B28E3F414216
                                  Malicious:false
                                  Preview:22:16:39.837.INFO.Signaling force websocket stop..22:17:03.791.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:17:08.283.INFO.Socket connected to getscreen.me:443..22:19:28.181.INFO.Signaling force websocket stop..22:19:28.593.ERROR.Socket unable to read..22:19:28.613.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:19:28.623.ERROR.WebSocket connection error getscreen.me/signal/agent..22:21:29.476.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:21:35.095.INFO.Socket connected to getscreen.me:443..22:23:49.344.INFO.Signaling force websocket stop..22:23:49.395.ERROR.Socket unable to read..22:23:49.815.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:23:49.815.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260103.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3641
                                  Entropy (8bit):4.986096221110567
                                  Encrypted:false
                                  SSDEEP:48:5xuk3dKltlxD1lik3wToDJkm8KbDjDxAk2ZN3RDTCT9NmqD45vwGNNDIcGGNPDN0:5AosltljlikgUkmAk20TiFccGgFG
                                  MD5:08F3E9884E0B714161262C27565C6808
                                  SHA1:A7B115C07F58E56C77B27CC761C52B5C52589F0C
                                  SHA-256:EDA65E2585561A8323D0E00473DCAE8371D7A2714679160CEA31DB19955B4F85
                                  SHA-512:21EE798CD137E10BF6BD1A4D79F726305BA7AB1F3EDAB07D678426B8854090C48BCF5DCD38B9535B91A2C297E57EC7BACB13CA65EF63CDAC5E8DF0D597D737D3
                                  Malicious:false
                                  Preview:01:39:23.833.INFO.Signaling force websocket stop..01:40:48.342.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:40:57.084.INFO.Socket connected to getscreen.me:443..01:43:11.860.INFO.Signaling force websocket stop..01:45:25.438.ERROR.Socket unable to read..01:45:25.438.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:45:25.438.ERROR.WebSocket connection error getscreen.me/signal/agent..01:47:50.664.INFO.Signaling force websocket stop..01:47:56.928.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:48:04.292.INFO.Socket connected to getscreen.me:443..01:50:20.820.INFO.Signaling force websocket stop..01:50:21.691.ERROR.Socket unable to read..01:50:21.691.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:50:21.691.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260105.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1229
                                  Entropy (8bit):4.975696534173952
                                  Encrypted:false
                                  SSDEEP:24:hczkVrDAMMG+tv4kUuUBDAYSwGZ9mtv4ikYzDAsT:thDZBSlmD2NZ9K+kDpT
                                  MD5:5FBEC49161074B7FF7334EE6385C7FF8
                                  SHA1:CDBC07792EF1DC1617A9A30179C2DF10D9C8BEC5
                                  SHA-256:9EF8935DE4CA19C315D7826DCE3D36A762D5428F2EBBCE25FAF01D9D40B3873A
                                  SHA-512:0CAFA9B5700EE52C6721FACF841038BAB287F2D46E8594718D086972CA2ED1C6D47D851754B9A416BB493EC99EF1DFDEA27061D6CC555526B8E4AC08644DCC9A
                                  Malicious:false
                                  Preview:05:33:19.609.INFO.Signaling force websocket stop..05:33:21.879.ERROR.Socket unable to read..05:33:21.919.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:33:21.919.ERROR.WebSocket connection error getscreen.me/signal/agent..05:34:40.941.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:34:45.637.INFO.Socket connected to getscreen.me:443..05:36:54.184.INFO.Signaling force websocket stop..05:36:54.195.ERROR.Socket unable to read..05:36:54.195.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:36:54.195.ERROR.WebSocket connection error getscreen.me/signal/agent..05:38:50.850.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:38:55.322.INFO.Socket connected to getscreen.me:443..05:41:15.135.INFO.Signaling force websocket stop..05:42:44.093.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20260107.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.966975311869212
                                  Encrypted:false
                                  SSDEEP:6:Ibrn2XIX+WgIJUj9mXIXNLD4EQB55r2dzvRWl8RvvYGgR2XIX+WgIJU240bMgfgX:ImbmChM2tvvBho4M41xQj8P40V75T
                                  MD5:9EEBD88583774BC3F94C143ADB0DF943
                                  SHA1:8901D3D3E64A8968EC0C065E11A2546EBB3ABA0F
                                  SHA-256:55BD041ED1DE9036F570973D508E6A8B5053B3216B14850C9928C67401141FAF
                                  SHA-512:181373C97B6C0FF1B900E87044D13F0AB1D9813F8776755331658B88562395B4A5625337FE942BA3D5F16B5BD740A08C6E9F9ACE7CFB36112E836E5F5E9A2568
                                  Malicious:false
                                  Preview:08:57:54.695.INFO.Signaling force websocket stop..08:58:00.003.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:58:02.036.INFO.Socket connected to getscreen.me:443..09:01:21.187.INFO.Signaling force websocket stop..09:01:21.188.ERROR.Socket unable to read..09:01:21.470.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:01:21.480.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260109.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3896
                                  Entropy (8bit):5.004155920554715
                                  Encrypted:false
                                  SSDEEP:48:xcoGzDXbv9WlDEwj1D3042Ed6DIY32Dz8aAID0e4JNKD99vzZTDhM:xcffzImwZOYPYM8aUe4J0JzfM
                                  MD5:0F15DD15337ABE0FF9987AF62B3A778E
                                  SHA1:CF5770B15DA16273C6F953862BDAE0F460C0418D
                                  SHA-256:DB5AA8EC6427307C20D52686B68AF67DD446D692465EEBE03BB9273C5C09F759
                                  SHA-512:3D5A3EB5806E5D28ABED9397D0C3CF4C151CA8454B70A8A91D7BB591FD3504511A0BF969DBA368A3347C3F0ABB9D7E4A305FF523D16DD4735BDB33D4E939DEB2
                                  Malicious:false
                                  Preview:12:15:51.578.INFO.Signaling force websocket stop..12:17:02.772.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:17:03.469.INFO.Socket connected to getscreen.me:443..12:19:27.835.INFO.Signaling force websocket stop..12:19:27.956.ERROR.Socket unable to read..12:19:27.956.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:19:27.986.ERROR.WebSocket connection error getscreen.me/signal/agent..12:21:41.129.INFO.Signaling force websocket stop..12:22:19.636.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:22:20.115.INFO.Socket connected to getscreen.me:443..12:24:43.192.INFO.Signaling force websocket stop..12:24:44.034.ERROR.Socket unable to read..12:24:44.045.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:24:44.045.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260111.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3238
                                  Entropy (8bit):4.998181369120215
                                  Encrypted:false
                                  SSDEEP:48:e++MODwRrAaVBDmR9GADjCwFD2iKXKKDoiKdWDzMRZ:e+PrRrYR9ZC5hyiKmMj
                                  MD5:D7C33A0C658F22E77CDA3EFC9C0500EF
                                  SHA1:4F15705A0781FBB38CC3C25027EE940399425331
                                  SHA-256:8CF48B122C42EA7C5509B9780EB764B3CC70EB0B1A5C48CB970063C024FB0993
                                  SHA-512:0B7263BC4C96A5521F38AC7B9294B8ECCB28A5F11FF29947395D470903FCE1F8159922A0692E8CB33ACBB5666653E389A32D4B7AD46585B03F635F653B9291E4
                                  Malicious:false
                                  Preview:16:08:28.957.INFO.Signaling force websocket stop..16:08:39.088.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:08:45.991.INFO.Socket connected to getscreen.me:443..16:11:03.949.INFO.Signaling force websocket stop..16:11:04.009.ERROR.Socket unable to read..16:11:04.039.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:11:04.049.ERROR.WebSocket connection error getscreen.me/signal/agent..16:13:29.233.INFO.Signaling force websocket stop..16:14:09.422.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:14:22.376.INFO.Socket connected to getscreen.me:443..16:16:34.060.INFO.Signaling force websocket stop..16:16:34.621.ERROR.Socket unable to read..16:16:34.641.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:16:34.641.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260113.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1377
                                  Entropy (8bit):4.958046171463565
                                  Encrypted:false
                                  SSDEEP:24:lDDAgqCbVNR0+XG+s2tv+RRrRBDAgLSbVqLiG+qJtvEZZX+6rDAgyobVC2G+Ttvv:1DpvbVXL2+saWRdBDpLSbV8+GEZVDpbp
                                  MD5:52918A012DA961D7BD61C4FE0DF6D2BE
                                  SHA1:405E7CF9625A52DD7BEB2145232D19E7B6444CC6
                                  SHA-256:278D79B78C5E84BD39328E8F648CF51DCE57DB4ECE8D7B68D0A37650DAAAE21A
                                  SHA-512:5A77C3E3E001AE9E3E23CBED9A30548FD80D78CB8E033D8AFCFD422A601882A547A35D09606326D619A376209A3C1203EF6C8C065DB8CCEB94E6E03947ADEBB2
                                  Malicious:false
                                  Preview:20:00:18.191.ERROR.Socket unable to read..20:00:23.672.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:00:23.682.ERROR.WebSocket connection error getscreen.me/signal/agent..20:02:49.158.INFO.Signaling force websocket stop..20:03:32.155.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:03:32.386.INFO.Socket connected to getscreen.me:443..20:05:56.228.INFO.Signaling force websocket stop..20:05:57.511.ERROR.Socket unable to read..20:05:57.511.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:05:57.511.ERROR.WebSocket connection error getscreen.me/signal/agent..20:07:45.135.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:07:50.288.INFO.Socket connected to getscreen.me:443..20:10:07.183.INFO.Signaling force websocket stop..20:10:07.274.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20260116.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.992444286690509
                                  Encrypted:false
                                  SSDEEP:12:zY1EQj8P40O5b6sRX2ChyRdwtvv+Y/uQj8P4045T:zXDAHbB12Gy7wtvm3DAdT
                                  MD5:89AC1567E544A0741E03D66DC7745148
                                  SHA1:E4D0738046DF251C90C5B37CBE8887A8A81E099C
                                  SHA-256:48C251FAF566E7015D75AD56D5DFEAAEE4016CDCEED3C95426A96B6438F5973C
                                  SHA-512:BAC6AA9A077785E3E05A0DA58AEECFEB066A6BC4D7F7ACA801BF5F99B0EF2D1FF4DBBA38255292246AEF4C17BEF0E66999496FC6FD67E1ED04FCBEB5DD80E7D2
                                  Malicious:false
                                  Preview:23:26:44.293.INFO.Signaling force websocket stop..23:26:46.627.ERROR.Socket unable to read..23:26:46.627.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:26:46.627.ERROR.WebSocket connection error getscreen.me/signal/agent..23:27:45.476.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:27:48.873.INFO.Socket connected to getscreen.me:443..23:29:57.677.INFO.Signaling force websocket stop..23:29:57.778.ERROR.Socket unable to read..23:29:57.778.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:29:57.778.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260118.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):260
                                  Entropy (8bit):4.813258787432194
                                  Encrypted:false
                                  SSDEEP:6:0RgXIX+WgIJUzk2XIXNLD4EQLddzvRWl8Rvv9fmXIX+WgIJUn:0Rgq2Chadtvv9u5
                                  MD5:0196C6A77EBB67460ABC1C06B01F653C
                                  SHA1:87C1389BE355DEB9715DA6E602FCD7E20D4EA50F
                                  SHA-256:1AFEA8EE94DA511004C699E781199AF0B971F5C6B3D69B7C0D82C12C39CB63E3
                                  SHA-512:E743ABC2326C0F8D79318862364F0D5CC03642737B19F75BFFC34FB1A3337677EC35DEF9380D8C316A0DBD0F78A1E4A5C6999A03333CD936E3E6C42AD30EF68F
                                  Malicious:false
                                  Preview:02:44:34.158.INFO.Signaling force websocket stop..02:46:04.616.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:46:10.178.INFO.Socket connected to getscreen.me:443..02:48:29.263.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260120.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):255
                                  Entropy (8bit):4.831775959008281
                                  Encrypted:false
                                  SSDEEP:3:0Jv33EKZA125zGhB+//KKX76VyITHiC1uPLRyOML0HiEzGhFAUOg1MGXAELD8Krf:0lkMKhBud2M0CCQP5K0CEChFDNBQEQ4
                                  MD5:A7CFAD4EBB9BB141425270FD5416F180
                                  SHA1:E42C65D0F060152B68DB2E64FB5E76C44D2CA2B2
                                  SHA-256:975053519AE5FDAE3A406CE6629BF0B7DAE2FBD4B9165DEE2213631FE52EABDF
                                  SHA-512:2DD380ABB7573F1B001FCE27B048368BA008103E5A689C179C10BF4F7199E9DE558D212250D5A56CD2B9FE35FDD2272A31C65E4B2EDE2A44F14FA5FF921D35F0
                                  Malicious:false
                                  Preview:06:04:52.918.ERROR.Socket unable to read..06:04:56.018.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:04:56.018.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260122.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1086
                                  Entropy (8bit):5.010040294120263
                                  Encrypted:false
                                  SSDEEP:24:ZLGkttvLozDAl88G2GYYtv+vEXaXRDANXC8e5:wkPkzDoivY4BgRDYC/
                                  MD5:73E5390B873649EB93758B3DD52C7CDC
                                  SHA1:D9EAD39E04D646A745FD4830E8B11525244794A4
                                  SHA-256:92BE7C12BB1A2B92496188EF6D4C3538A07E30FC90BAE80D68E37B3A88255285
                                  SHA-512:417B607AB82ED22228AC2E196E47B2C884A4AEE8240A6243762118A1B929B3E50D6D14752DBEF3B0FDD3E9C6C253B42D8A602964F9CCD1C0C3CE5DF35F4FA94C
                                  Malicious:false
                                  Preview:09:20:07.157.INFO.Signaling force websocket stop..09:21:30.901.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:21:39.391.INFO.Socket connected to getscreen.me:443..09:23:54.305.INFO.Signaling force websocket stop..09:23:54.626.ERROR.Socket unable to read..09:23:54.656.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:23:54.656.ERROR.WebSocket connection error getscreen.me/signal/agent..09:26:19.938.INFO.Signaling force websocket stop..09:26:22.406.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:27:27.137.INFO.Socket connected to getscreen.me:443..09:28:57.168.INFO.Signaling force websocket stop..09:28:58.160.ERROR.Socket unable to read..09:28:58.160.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:28:58.160.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260124.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):139
                                  Entropy (8bit):4.773629672572732
                                  Encrypted:false
                                  SSDEEP:3:OfRZRkd7rWXXINF+WgIO0/VyUpTfXULV32XINFDhL1JDEELD8Kru5:O5cdKXIX+WgIJUU9ELsXIXNLD4EQh
                                  MD5:B8CD9F412E48D6943D5001DA819789C1
                                  SHA1:61A7756FBA566037DF8261B454BABA0449A763DD
                                  SHA-256:C41B8D80BBF437050D5E1AD53279DA001FD7A79ACE138857BE175B7F35DF7330
                                  SHA-512:D7640AE02CB34D9150485D450BF27D1AE4ACB577874EE15ECFD68EFAEC749A837DA2A17902684CBA67FA3E6D10A374497367681B84F40631656E81E88A249179
                                  Malicious:false
                                  Preview:12:46:04.580.INFO.Signaling force websocket stop..12:46:21.068.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20260126.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1758
                                  Entropy (8bit):4.985063675051139
                                  Encrypted:false
                                  SSDEEP:24:2WdtvoDAsV2GPtvbJDA9iTGutvS2jDAzARXffGAfMtvKBDApT:xgDdxlVDsiqCTjDGARXfeAf8ADcT
                                  MD5:BCD916909765A99981E44D5BAE88DAD6
                                  SHA1:170BF96EDE5CE24A2D9353EC6F81E8A87D907988
                                  SHA-256:6019A6058353740DCF9BB188A7AB1388DCEDD397DB225179309088949294B7A7
                                  SHA-512:4DC6C1FD9880ED67FA17FEB746E64E231BDB0E820C5D44A1062030FB15CF9314116921500EC5AB0747BCD970A0C54AAE82403D2B63C53071FB61CB8962981A0F
                                  Malicious:false
                                  Preview:16:00:48.509.INFO.Signaling force websocket stop..16:00:49.425.INFO.Socket connected to getscreen.me:443..16:00:50.995.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:00:51.219.ERROR.WebSocket connection error getscreen.me/signal/agent..16:03:15.780.INFO.Signaling force websocket stop..16:03:37.264.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:03:41.593.INFO.Socket connected to getscreen.me:443..16:06:01.122.INFO.Signaling force websocket stop..16:06:01.423.ERROR.Socket unable to read..16:06:01.463.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:06:05.676.ERROR.WebSocket connection error getscreen.me/signal/agent..16:08:10.658.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:08:10.892.INFO.Socket connected to getscreen.me:443..16:10:22.321

                                  C:\ProgramData\Getscreen.me\logs\20260128.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.963581638812141
                                  Encrypted:false
                                  SSDEEP:6:Q4X2XIX+WgIJUUSPjmXIXNLD4EQmb2dzvRWl8RvvF+70XXIX+WgIJUUV/M4wAudw:Qs2K8iChb2tvvu4KVNsQj8P40qt5T
                                  MD5:23CB7B3064C170FC6F7CBF178CB27407
                                  SHA1:C85E39506B2BE5AC5E7F76AB1CDDF31328105D43
                                  SHA-256:49997C5A63B932182FFF94BA45CD0A8160700EDFD2B2EFFD2DD8BD788F34B9B2
                                  SHA-512:2FB5C0B16F72D778E3B6E0BF0A8A1FF1786270B31B1FD6208ADEF3D04890C00AE89BE941FDAB1B686EBBD95BE2B4152E8DB44EA9E6027A027C515D27A77CEF23
                                  Malicious:false
                                  Preview:19:30:17.986.INFO.Signaling force websocket stop..19:31:15.703.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:31:21.994.INFO.Socket connected to getscreen.me:443..19:33:36.363.INFO.Signaling force websocket stop..19:33:36.663.ERROR.Socket unable to read..19:33:36.694.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:33:36.694.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260131.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):260
                                  Entropy (8bit):4.804314833742607
                                  Encrypted:false
                                  SSDEEP:6:G2XIX+WgIJU4Xd12XIX+WgIJUrLXeIXXIXNLD4EQhSs2dzvRWl8Rvvn:hgd120QCh3tvvn
                                  MD5:FC8FD84A14584A64C375A8ACAB3E23CF
                                  SHA1:38D735EB31C98CD1449D51613600D605E2E53422
                                  SHA-256:F4C9098548FC8CF0512B4913D22BA7A125B9729FB05AA0321EF34E75D746C07F
                                  SHA-512:48C43346634B2BFA49BF08BC604F299CD2DE8DB3D86A1BDFB6E882417055CB4181D1187447E4F24452B55CAF142C97BCEC216F41647C49E366A64B013F0A1B05
                                  Malicious:false
                                  Preview:22:48:23.237.INFO.Signaling force websocket stop..22:50:51.886.INFO.Signaling force websocket stop..22:51:02.289.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:51:11.457.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260202.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.948710690764124
                                  Encrypted:false
                                  SSDEEP:12:+ZXzQj8P40x9cq5pBChaAtvv9A5vKOQj8P40xs5p32ChaNtvvn:eXzDAdCbGztvlAhKODADsG2tvv
                                  MD5:448E5AFC6C567D5522B07617D9066A78
                                  SHA1:8F8F186C64D18197400D7B3A33A153C8BA2E25A6
                                  SHA-256:33DCBC146F6FF146D805741C6D0A2F22FFD796DC68EECEBA6E3EBC5EB280EC87
                                  SHA-512:DB415B9B969B3C7429979F78AF3CC7B170ACE9F2C63BEDCC6F92168C896977A076A64DCE6276D0E378CC367E914260E7A69C0A3AC092E8192E843BF093C81C9F
                                  Malicious:false
                                  Preview:02:05:58.107.INFO.Signaling force websocket stop..02:06:02.116.ERROR.Socket unable to read..02:06:02.156.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:06:02.166.ERROR.WebSocket connection error getscreen.me/signal/agent..02:08:18.958.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:08:24.101.INFO.Socket connected to getscreen.me:443..02:10:42.698.INFO.Signaling force websocket stop..02:10:42.819.ERROR.Socket unable to read..02:10:42.839.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:10:42.849.ERROR.WebSocket connection error getscreen.me/signal/agent..02:11:56.490.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:13:00.782.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260204.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.988378688062593
                                  Encrypted:false
                                  SSDEEP:12:VtkY3u4Qj8P40+5QT2ChsNtvvn5r2kjiQj8P40M5T:zkYe4DAzS2G0tv/5ikjiDAZT
                                  MD5:2E0B357B0C0AFF7B3DB14D3213E2258A
                                  SHA1:EE353C86C23D28207C2AA6086C5C99529A1777B0
                                  SHA-256:75E23FE3330614B3E36E48716DE386572F30E797B5920E0B24E1F2B4D4925F94
                                  SHA-512:E993FA4DBA9E440ADAAD2C86A0BA1A605770CFF4142095B4871600FCF7106E851B4F0EE79B3EB09C21E1ADF47B2E73BD0CC2BCC97AAFC269A757B013477BAB1F
                                  Malicious:false
                                  Preview:05:27:39.579.INFO.Signaling force websocket stop..05:27:43.151.ERROR.Socket unable to read..05:27:43.171.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:27:43.171.ERROR.WebSocket connection error getscreen.me/signal/agent..05:28:48.392.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:28:54.207.INFO.Socket connected to getscreen.me:443..05:31:12.424.INFO.Signaling force websocket stop..05:31:12.495.ERROR.Socket unable to read..05:31:12.495.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:31:12.495.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260206.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3952
                                  Entropy (8bit):4.9952685031013555
                                  Encrypted:false
                                  SSDEEP:48:ojUcD8MD2mDyJHXCABgDbBP0tt/D0pjD2De3XvnaGDyis/MkD0yvB4DYT:oYNMCJuISpvF3fS3MI7T
                                  MD5:9171E90767223C39AECFB3666F5DA75B
                                  SHA1:5AE94B9566D0D6F917AB9C666A92533985D78D2F
                                  SHA-256:52946A9CE2573244EF344E5DF5751BFC3EF9EF147FA7AB43CA64244BC752DA10
                                  SHA-512:8E65A7BD0853D84FDDA22C571423DBC60ADBE3E343DC7ED10A467C8AEB7E361840B8114D618F870DD8B19484F3B96F95C8A16281820C4BD955026C456EF46AAB
                                  Malicious:false
                                  Preview:08:45:45.758.INFO.Signaling force websocket stop..08:46:46.662.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:46:48.695.INFO.Socket connected to getscreen.me:443..08:48:58.635.INFO.Signaling force websocket stop..08:48:58.706.ERROR.Socket unable to read..08:48:58.706.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:48:58.706.ERROR.WebSocket connection error getscreen.me/signal/agent..08:49:53.468.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:50:02.445.INFO.Socket connected to getscreen.me:443..08:52:18.279.INFO.Signaling force websocket stop..08:52:18.360.ERROR.Socket unable to read..08:52:18.541.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:52:18.541.ERROR.WebSocket connection error getscreen.me/signal/agent..08:54:43.754.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260208.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.999777174516241
                                  Encrypted:false
                                  SSDEEP:6:Os02XIX+WgIJUUu2oXXIXNLD4EQnIXdzvRWl8RvvUw2XIX+WgIJUUuHYEMh4budU:c2KGChWQtvvUw2KoYA6Qj8P40n4b5T
                                  MD5:FBF59FB059DDB1354F6B648ED048583F
                                  SHA1:F2A3B947656DDE7E7A54D708C8E4110E02540145
                                  SHA-256:FBD84D044E931D539815699175CB3B5ABB04C03C24F13D172306FB6CE87E4681
                                  SHA-512:B70E9019A0FDC389BE35CDBC8DC53D73E3BF947F8A213A3B47D2A1A2BEFCDB87FADE519E4A0A28DDB39C3DAF240D2F5D695A2B353E64536388FD62F97C7415FB
                                  Malicious:false
                                  Preview:12:36:51.166.INFO.Signaling force websocket stop..12:37:24.400.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:37:51.333.INFO.Socket connected to getscreen.me:443..12:39:48.012.INFO.Signaling force websocket stop..12:39:48.363.ERROR.Socket unable to read..12:39:48.393.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:39:48.393.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260210.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):260
                                  Entropy (8bit):4.794836397409107
                                  Encrypted:false
                                  SSDEEP:6:p12XIX+WgIJUUfcuXIXNLD4EQq2dzvRWl8RvvJv1r2XIX+WgIJUn:b2KfcuChutvvVF25
                                  MD5:6AD91AA6565C53A645E0D5F5E4DE92A1
                                  SHA1:E6B05B9E8260E3C9EF9FA7DA0D9760F19E5DF4F7
                                  SHA-256:28C3F20B58317A66BE962692B09D61380792DABDFD46EF02785D440819236223
                                  SHA-512:E3B40A19CBB111011A1CC3865A846636D8D715C694E0DE0ADEA88FBB843D3AFFBAF87D4E091CFB76ECCE436FA146D41E09337210FF6853E2E997BD0870137243
                                  Malicious:false
                                  Preview:15:56:20.186.INFO.Signaling force websocket stop..15:56:56.400.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:57:05.585.INFO.Socket connected to getscreen.me:443..15:59:20.446.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260212.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1285
                                  Entropy (8bit):5.001908166643901
                                  Encrypted:false
                                  SSDEEP:24:IDAn5dumHGlftvWMvDAfXV+XGb6QtvJzDAFT:ID8IPDeoDCl+2xVDoT
                                  MD5:13C418CD39F9CFAFE4D9B5A360640CF2
                                  SHA1:C647CCEF2003FF848A201399B45DEB67CAEA6FE2
                                  SHA-256:40E851440CF16E85C6CD65F7645B4B0D34F1AA263B991AA0F7A42755D27B80DD
                                  SHA-512:2DC6C21CAF56BD8B8CFB0DC512E0C336E5B585ACBA798DA9A18646DF7A92E366FB3195C7E2D7D1ED71D2CBD6FD7236F251F87A1685E2A57E82C99FA75C3AB8DF
                                  Malicious:false
                                  Preview:19:14:30.396.ERROR.Socket unable to read..19:14:39.345.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:14:39.355.ERROR.WebSocket connection error getscreen.me/signal/agent..19:17:04.801.INFO.Signaling force websocket stop..19:17:18.897.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:18:26.049.INFO.Socket connected to getscreen.me:443..19:19:32.992.INFO.Signaling force websocket stop..19:19:33.374.ERROR.Socket unable to read..19:19:33.374.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:19:33.374.ERROR.WebSocket connection error getscreen.me/signal/agent..19:21:59.121.INFO.Signaling force websocket stop..19:22:53.055.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:23:01.310.INFO.Socket connected to getscreen.me:443..19:25:18.694.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260214.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.911032406477631
                                  Encrypted:false
                                  SSDEEP:12:D20CheatvvXMyRQj8P40Kq5b+kviChpQtvvn:D20GeatvPMyRDAvCb+kviGpQtvv
                                  MD5:0B606A585BB949177C06753B6988862E
                                  SHA1:6C7DF897629E4FD9842024617005E6FF966CAA81
                                  SHA-256:F69EA372B30BF29A9B0A75DAD8149245E51AC4E0B564461B7E6752B533313D65
                                  SHA-512:9FBD28FEDA4AD1120E4B977CCF7D81CD74CE7BC48C5AE3A5E3381DB9F28ABCEA46F6D72667E703C07D80697D1BF04F1C5D47C13997298131861E6A7A7A49EEC7
                                  Malicious:false
                                  Preview:22:42:02.156.INFO.Signaling force websocket stop..22:42:04.217.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:42:15.473.INFO.Socket connected to getscreen.me:443..22:44:22.270.INFO.Signaling force websocket stop..22:44:22.401.ERROR.Socket unable to read..22:44:22.401.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:44:22.401.ERROR.WebSocket connection error getscreen.me/signal/agent..22:46:47.565.INFO.Signaling force websocket stop..22:46:57.080.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:46:57.311.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260217.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1341
                                  Entropy (8bit):4.978471270353184
                                  Encrypted:false
                                  SSDEEP:24:yVDAYOdKH2Gitvl7X7CODAyAQf5isGoatvlLD23WDAZT:wDxO2vGN/CODIQ2oON/aWDwT
                                  MD5:B8D9F0E19072099C3F7BC5B02A8AD4AF
                                  SHA1:19DC7E3D1890FB74DBED567F2BBA3C89A8DED025
                                  SHA-256:A4244AEB3E0D9F2A740F1593D037B137206CB1857EB4EEA0C9930DA114FA4FA4
                                  SHA-512:C4BA42B8A02D56D4C75A7BEC18333EBB0F9011A65DF0276EC6BFD8B4F3A65CC2F7F86555BD6E39C6B380E9F325ABCE3D2CDE8775F5C2114A4FE59555B6145F11
                                  Malicious:false
                                  Preview:02:02:37.954.INFO.Signaling force websocket stop..02:02:45.679.ERROR.Socket unable to read..02:02:45.679.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:02:45.679.ERROR.WebSocket connection error getscreen.me/signal/agent..02:05:10.980.INFO.Signaling force websocket stop..02:05:11.676.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:05:12.120.INFO.Socket connected to getscreen.me:443..02:07:27.739.INFO.Signaling force websocket stop..02:07:27.739.ERROR.Socket unable to read..02:07:27.739.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:07:28.898.ERROR.WebSocket connection error getscreen.me/signal/agent..02:09:53.020.INFO.Signaling force websocket stop..02:10:46.979.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:11:00.257.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20260219.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3896
                                  Entropy (8bit):4.981807903590545
                                  Encrypted:false
                                  SSDEEP:96:fG+4cz8wBQVS5sby2nezOtyqLJ1DmY6T3T:u+4g8gQVX7ezoR7D56TT
                                  MD5:29FAFA7742DF758916875D3578EF1D2F
                                  SHA1:18634140E16A65FCF40C488BE95687E09341267A
                                  SHA-256:BD89E01EC993419858DFD25D593062C7DA2D89711499A40946E000398FEE5081
                                  SHA-512:ACF0E3907DFE61880A9C1F2FD98518C6921ACAC41AA23C1925C5356849EF1B476ED2528D8289FEF693116EECB581C3ABDEBDBAC352984049881E29D1C7FAB885
                                  Malicious:false
                                  Preview:05:29:06.121.INFO.Signaling force websocket stop..05:29:09.532.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:29:09.998.INFO.Socket connected to getscreen.me:443..05:31:30.319.INFO.Signaling force websocket stop..05:31:30.550.ERROR.Socket unable to read..05:31:30.550.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:31:30.550.ERROR.WebSocket connection error getscreen.me/signal/agent..05:33:46.934.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:33:48.495.INFO.Socket connected to getscreen.me:443..05:36:11.318.INFO.Signaling force websocket stop..05:36:12.020.ERROR.Socket unable to read..05:36:12.201.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:36:12.201.ERROR.WebSocket connection error getscreen.me/signal/agent..05:38:25.227.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260221.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.9798036173620535
                                  Encrypted:false
                                  SSDEEP:12:Lio52ChJTtvvamtoulrulOQj8P40Fln5T:Wy2GJtvLtpEODAI5T
                                  MD5:C820A7C294147534424B7E34B8EBF56B
                                  SHA1:37495DD31C5D5DC98251D252ABECB6639677BDB0
                                  SHA-256:4ECF46AEB4EB5ABC29220AD8EB970B16027801F709D27A9F0963284EEFAA85D5
                                  SHA-512:E2ED9D477A0A7A777F5590436AC205E5B882501ECED1ECDEF9125D17FDC60333F0498D24C6E9E8E3F0A40B8C3AE2B19FF0BB87390C059FB6B44E5ACB0F2AC396
                                  Malicious:false
                                  Preview:09:23:42.185.INFO.Signaling force websocket stop..09:25:20.346.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:25:21.777.INFO.Socket connected to getscreen.me:443..09:27:33.948.INFO.Signaling force websocket stop..09:27:34.039.ERROR.Socket unable to read..09:27:34.039.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:27:34.039.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260223.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1178
                                  Entropy (8bit):4.9837783730104634
                                  Encrypted:false
                                  SSDEEP:24:RgGJNtvzJkODAY5+QGZ2tvwYDACJGmtvv:7JvlkODX5QZazDvUK3
                                  MD5:35C99A34B57DE34F7668A8280A8A1462
                                  SHA1:E38DCAEC7D991FFB0E06123815C9662D2957AB97
                                  SHA-256:3C681C3913610C45CF579679F0FB1FA23530D71A742D20BDAD33D27B0DF11603
                                  SHA-512:5416F7AF6406B246E378B11CE79E8D3955A6E101449B360AEF694E1D84DF416A7DB126ADBECE44294D768AEED731CD952FD35CFA62F9DCEB5AE864EB474B29E7
                                  Malicious:false
                                  Preview:12:42:28.035.INFO.Signaling force websocket stop..12:43:56.672.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:44:03.381.INFO.Socket connected to getscreen.me:443..12:46:22.105.INFO.Signaling force websocket stop..12:46:22.167.ERROR.Socket unable to read..12:46:22.167.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:46:22.167.ERROR.WebSocket connection error getscreen.me/signal/agent..12:48:35.319.INFO.Signaling force websocket stop..12:48:57.078.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:48:59.334.INFO.Socket connected to getscreen.me:443..12:51:20.494.INFO.Signaling force websocket stop..12:51:20.906.ERROR.Socket unable to read..12:51:21.027.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:51:21.027.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260225.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.947155899932014
                                  Encrypted:false
                                  SSDEEP:6:KX0XXIX+WgIJUUqrM3rud2M0CCQP5K0CKvDNBQEQmVfMv2XIXNLD4EQtfWsXdzvH:e0XK0Qj8P40F5Rq2ChKXtvvn
                                  MD5:3B4A610CC3382C2E69FB8E1713399FC3
                                  SHA1:9DE7C1E0C74829C5C5FA9041951BB0914C580C16
                                  SHA-256:9600382EDB516C688F4F069B9323BE99AA516E22EB4205FED97D604F98B21E27
                                  SHA-512:E1AA8BCBC57B9B657B176695F1F2C5F10754B3F57AF3AB446B273D759861917B5E5FD53684A0879889E53190B552202916BB41FBC029AE5427EF780BA6A359C6
                                  Malicious:false
                                  Preview:16:08:28.439.INFO.Signaling force websocket stop..16:08:33.110.ERROR.Socket unable to read..16:08:33.110.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:08:33.110.ERROR.WebSocket connection error getscreen.me/signal/agent..16:10:29.606.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:10:37.922.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260227.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.699513850319967
                                  Encrypted:false
                                  SSDEEP:3:F7Zsns2XINF+WgIO0/Vyn:pZR2XIX+WgIJUn
                                  MD5:29CB33F2F478E7B4573AB0C9BC1A7DF1
                                  SHA1:8876FD88A60E1FBD9FE94DD04FCBB9EE6262B70D
                                  SHA-256:539DF49CEBBEF97886554DA76A3354D0639514418167F4CAECDFDE35A62ED1CD
                                  SHA-512:2888C908D35E2674FDEB349C43046E973540224B8273B0A92CD719AF9F6EFBEFC5237CCB4F0175D0C1EBA3946EFB3E2FFC029685949680DF261B0F9B70EEDE95
                                  Malicious:false
                                  Preview:19:26:46.194.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260301.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1285
                                  Entropy (8bit):4.995399831999643
                                  Encrypted:false
                                  SSDEEP:24:YFDAg3b5GstvltDAybb81RGUKtvhhDA+bp5:ED7bEcXDrbscU+bDzbj
                                  MD5:FAC20D1E0F61F2F53FA909EBF290E58E
                                  SHA1:6A0E3F3F697BFE1B9012AC155E8C60D969C81C50
                                  SHA-256:BD4CB065EC6B5175F831B2B5A80367F86754653292807A5951FE8F7A116BDC9E
                                  SHA-512:EC62D0C282799D4F501EDFEC2397DEE5EF368DA0F85F73C9789AB6020B6FB51A77B0D097A26C5F1F4ECBB9480234CFA08ED8F653A9E6D62056A11F2504E1BCE7
                                  Malicious:false
                                  Preview:22:41:18.245.ERROR.Socket unable to read..22:41:21.772.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:41:21.782.ERROR.WebSocket connection error getscreen.me/signal/agent..22:43:28.891.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:43:38.719.INFO.Socket connected to getscreen.me:443..22:45:52.447.INFO.Signaling force websocket stop..22:45:52.648.ERROR.Socket unable to read..22:45:52.668.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:45:52.678.ERROR.WebSocket connection error getscreen.me/signal/agent..22:48:05.731.INFO.Signaling force websocket stop..22:48:57.232.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:48:57.237.INFO.Socket connected to getscreen.me:443..22:51:20.917.INFO.Signaling force websocket stop..22:51:20.917.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20260304.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1433
                                  Entropy (8bit):4.978480873207161
                                  Encrypted:false
                                  SSDEEP:24:I6gGXtvl56DAy4cVGttvlpuNiDA65rGCtvlv8DAQT:J9dNAD/SPNvD95imN0DVT
                                  MD5:65CF6398820AD61AD73B5FD732CB82A5
                                  SHA1:07C27E772640CDE2703210DB2EB380C4F137AA4C
                                  SHA-256:600274E5568C86A6D324FF096C3C1A38D17E04FA86D08B96FBDED10C1326EF51
                                  SHA-512:6D7E3C3AF0FE94843F6A75A060349B3520F4E3EF536F574CDD847CD8FF3B0036938DE06EF0C1710D7817A43BA1017FD1F2BFE0D29DB73F72068A824697A7BF10
                                  Malicious:false
                                  Preview:02:08:28.688.INFO.Signaling force websocket stop..02:08:32.994.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:08:44.709.INFO.Socket connected to getscreen.me:443..02:10:58.308.INFO.Signaling force websocket stop..02:10:58.619.ERROR.Socket unable to read..02:10:58.669.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:10:58.669.ERROR.WebSocket connection error getscreen.me/signal/agent..02:12:40.990.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:12:45.697.INFO.Socket connected to getscreen.me:443..02:15:04.497.INFO.Signaling force websocket stop..02:15:04.748.ERROR.Socket unable to read..02:15:05.029.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:15:05.039.ERROR.WebSocket connection error getscreen.me/signal/agent..02:16:57.451.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260306.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:0sWm3qs2XINF+WgIO0/Vyn:0sWmn2XIX+WgIJUn
                                  MD5:C0910DE5E860A7DDC03ABA99475EC814
                                  SHA1:941CB9AF0B2B7C64232996D221845D56CA4B6CFD
                                  SHA-256:CCB84702B2B06E8AA67B26897D99BE913F9AFC67823DD15DE352964384D25CCC
                                  SHA-512:93C3365635827398081BE6DC0265700C0FF94DCC2350EC1EC3A363E40601CEDF484C9A174E31C07183B464751474A7B4F7E388AEC02CE85D9EB724AD64293998
                                  Malicious:false
                                  Preview:05:35:12.336.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260308.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):663
                                  Entropy (8bit):4.949407123781118
                                  Encrypted:false
                                  SSDEEP:12:w32Ch132tvvPRXRWfQj8P40Tj5yXnRbiChV2tvvn:VG1Gtvt4DAgyXnAGV2tvv
                                  MD5:F64731E30DA471BE0692CE01EAA10951
                                  SHA1:BCCCC5468A6F4BE5F0358ECC174351C4E8173D17
                                  SHA-256:5688F33CCD146C3F0D091199C87ED89A4BDF87FF9809C26C0EAC2E459E339B3E
                                  SHA-512:D531F468C169D5CF0A8E401F9AE9AA4DC70B9A1324B20C0687A6E97ADF54973B02B97AD180D5644D0242DAC95851662AA6F64C3510B8C3113E0DF8180AB16BE8
                                  Malicious:false
                                  Preview:05:35:13.404.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:50:11.514.INFO.Socket connected to getscreen.me:443..08:52:25.391.INFO.Signaling force websocket stop..08:52:25.681.ERROR.Socket unable to read..08:52:25.712.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:52:25.722.ERROR.WebSocket connection error getscreen.me/signal/agent..08:54:51.120.INFO.Signaling force websocket stop..08:55:48.468.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:55:58.066.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260310.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.988212651444154
                                  Encrypted:false
                                  SSDEEP:12:7Ks5omyQj8P40dsb5Qd+XKs3M2Ch9tvvk2KsV9VRQj8P40Wz65T:7L2myDAjQd+XL3M2G9tvc2Lr3DAFST
                                  MD5:D6840CEA958DFB69270A6F5D03815CD7
                                  SHA1:B2DC4660DCEDEEF7F51F36F87CB889EF9CD38630
                                  SHA-256:328500E2F7B1AF166562F6116C8356B9FADAD296473C9DE68AE0A25F6A600A6B
                                  SHA-512:E290829CE9357E540204EDD934D1AE05C545FE133050BF528A93BCA2079400D17DE3FB773BAE12640CE33F96208E3B9DD8BA678EC8E4D264DF61AEF8BADA2B5C
                                  Malicious:false
                                  Preview:12:11:10.098.INFO.Signaling force websocket stop..12:11:14.577.ERROR.Socket unable to read..12:11:14.617.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:11:14.602.ERROR.WebSocket connection error getscreen.me/signal/agent..12:13:28.655.INFO.Signaling force websocket stop..12:15:52.186.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:15:58.002.INFO.Socket connected to getscreen.me:443..12:18:16.837.INFO.Signaling force websocket stop..12:18:17.729.ERROR.Socket unable to read..12:18:17.729.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:18:21.484.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260312.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.72397501175825
                                  Encrypted:false
                                  SSDEEP:6:9mQXIX+WgIJUUsVXIXNLD4EQRVr2dzvRWl8Rvvn:9jKsVChkr2tvvn
                                  MD5:DF11093618903CC384479D39CB4E447D
                                  SHA1:7E0223CFDEF59769821BB0EFBCE4DEBC57A8E53B
                                  SHA-256:D0735D76B07C8752D996895E6974C257F4C2FF482A25309D960F335EA020F5ED
                                  SHA-512:152FAF997F4F0258FBB46E41B1CEC734C802A153E3F7C21F303E55F4E1CD1F7CA3D724FCA26380BF4764472C85220E46C073DD895F94515775E99F53B95FFE51
                                  Malicious:false
                                  Preview:15:33:59.120.INFO.Signaling force websocket stop..15:33:59.311.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:34:05.424.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260314.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.980950493887945
                                  Encrypted:false
                                  SSDEEP:12:E5KK5rN9Qj8P40w+5cChAXtvvgXKSAdQj8P40q5HmChE1IXtvvn:E5KYDAkcG4tvYXtAdDAzGGIQtvv
                                  MD5:CD599D044AD8FADD388CF89BCA784967
                                  SHA1:E042BBAEA4E9CC13F0F5CEE45411D3C0607902CD
                                  SHA-256:2F3154E15BA124917F1110F829ABAD0D737B8B651B5EF81FB009484943093016
                                  SHA-512:C3F1F271D7D7CB826426A005A00BABA4E115FAEFC94E4A015EB0882253CB9475802A47198B514426874439A8157ED2B82C027B7F9EE22495AB015EA024FE263C
                                  Malicious:false
                                  Preview:18:48:52.928.INFO.Signaling force websocket stop..18:48:55.588.ERROR.Socket unable to read..18:48:55.598.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:48:55.598.ERROR.WebSocket connection error getscreen.me/signal/agent..18:50:49.508.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:50:49.947.INFO.Socket connected to getscreen.me:443..18:53:49.039.INFO.Signaling force websocket stop..18:53:49.230.ERROR.Socket unable to read..18:53:49.231.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:53:49.231.ERROR.WebSocket connection error getscreen.me/signal/agent..18:55:33.281.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:55:36.219.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260316.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):506
                                  Entropy (8bit):4.991740854840064
                                  Encrypted:false
                                  SSDEEP:6:bLKs2XIX+WgIJUkCL2kM+CLcud2M0CCQP5K0C+ECLYDNBQEQaXlh0XXIXNLD4EQz:bLGNL2jLZQj8P40bLi5bVmXChEu25
                                  MD5:EF8573566BF2A1360202E30838BCE1F0
                                  SHA1:52DC17B4876B32C89BE519163D4401FA03C03858
                                  SHA-256:EEF12FF711D2837DDA237B43DD85509F384D57777E0A7190AF131FEA913B54F4
                                  SHA-512:A70BD8E8AD464729E1A17DE2718344519410AAE15F8820AB10D71C0EDDCB47FFF792CF4FEF32E666A4F56D3A97FF1F1F2EB663D36BD45B199AE72E69C9695329
                                  Malicious:false
                                  Preview:22:10:12.105.INFO.Signaling force websocket stop..22:10:16.056.ERROR.Socket unable to read..22:10:16.066.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:10:16.066.ERROR.WebSocket connection error getscreen.me/signal/agent..22:11:56.579.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:14:19.837.INFO.Signaling force websocket stop..22:17:29.404.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260319.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):325
                                  Entropy (8bit):4.94131185448702
                                  Encrypted:false
                                  SSDEEP:6:gWIs2XIX+WgIJU+pfIUPdzvRWl8Rvvafiqsg3Uud2M0CCQP5K0CNfipDNBQEQ4:TQgxpPtvvUiqBBQj8P40Ii55T
                                  MD5:338D17EBFBB021001ADAC61C6018CC62
                                  SHA1:DF5E58D4FDCAAB73218D1793817B015664C7513D
                                  SHA-256:5A268378AA00C92C23CAEC6038C6227FBB3F5EC28CCDCC20109CC3C37224A775
                                  SHA-512:D37D0462BCB72FC97A301AF4678E3EF2513AD61D627BA7A9F7AAB369D635B9DBE3CDF1BF855FDC64964E639D3CE8965E39848EB3348CA8210244D5B68B42863D
                                  Malicious:false
                                  Preview:01:33:44.625.INFO.Signaling force websocket stop..01:33:52.130.INFO.Socket connected to getscreen.me:443..01:33:54.195.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:33:54.409.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260321.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1178
                                  Entropy (8bit):4.954280411556266
                                  Encrypted:false
                                  SSDEEP:24:ues2G1tvbcYaYxDAHYiiXGntv9rhDA+1kOG+Otvv:0vnXDQXtrDH6n+i3
                                  MD5:F1D29C0282918D0431A621062EC0475D
                                  SHA1:0E198F2850F8DDFB0BCDB1801B2D8AC5B6F1F735
                                  SHA-256:DB856DB561AECF32933EB61F2CCBBE44801FE78438754774C663668F67EC02BF
                                  SHA-512:E1B30F028B33A798871E619620305D227C29B35D328558BE51E59995AE6D41ABCF08E3796604D5E9D852451241F7150EC86F5940C3FECDA60F6FA61AE8F815D4
                                  Malicious:false
                                  Preview:04:50:35.218.INFO.Signaling force websocket stop..04:50:35.726.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:51:03.120.INFO.Socket connected to getscreen.me:443..04:53:03.563.INFO.Signaling force websocket stop..04:53:03.874.ERROR.Socket unable to read..04:53:03.874.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:53:03.874.ERROR.WebSocket connection error getscreen.me/signal/agent..04:55:19.475.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:55:19.938.INFO.Socket connected to getscreen.me:443..04:57:38.549.INFO.Signaling force websocket stop..04:57:38.609.ERROR.Socket unable to read..04:57:39.310.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:57:39.320.ERROR.WebSocket connection error getscreen.me/signal/agent..05:00:04.633.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260323.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.806656707462825
                                  Encrypted:false
                                  SSDEEP:3:MTtWRKs2XINF+WgIO0/Vyn:MTq2XIX+WgIJUn
                                  MD5:746304D89B0355D28C766F66F464BE48
                                  SHA1:C058EF7D9A0F6E5DA16DCFBA8CA672FB1AAA8964
                                  SHA-256:3C234764C67D974599BF7FF1BC40F4074CD60C4086748DFB00251245FA30B670
                                  SHA-512:66B21E6531BE192DCE707796FBB7FB3A2668925F3553005AF35D4722DC775398EECD896608B62B1A8FCD332C909D2B221D0784621C694BAE9D06DB260EAE01A4
                                  Malicious:false
                                  Preview:08:16:59.344.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260327.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.991667733827083
                                  Encrypted:false
                                  SSDEEP:6:IKMZJHud2M0CCQP5K0CyJDDNBQEQJFXIX+WgIJUUn1XXIXNLD4EQxOon2dzvRWlG:I1JOQj8P40fJn5GFKn1XCh6n2tvvn
                                  MD5:324B4B80A33316E206A4607D1A16F393
                                  SHA1:7B73A0AA9B81C3094A06E0C3A57950E8D837A630
                                  SHA-256:C8A0DB5225616B744782CE9EAF309EFA5206ECB2EC33D1EBB674EFBBFB05ADB4
                                  SHA-512:A84B215863AC3DEB2AD14CB352F9543848EA7D51E0A64D9A5287B8FEFFDF749E550F817E388EBB2FA5E4C9A6B9FEDF3E9396F3BCF9AD6E054A1DD83AE16C1168
                                  Malicious:false
                                  Preview:14:52:31.724.ERROR.Socket unable to read..14:52:39.683.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..14:52:39.683.ERROR.WebSocket connection error getscreen.me/signal/agent..14:55:04.940.INFO.Signaling force websocket stop..14:55:08.791.INFO.Signaling start connection to 'getscreen.me/signal/agent'..14:55:10.556.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260329.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):770
                                  Entropy (8bit):4.960939295830492
                                  Encrypted:false
                                  SSDEEP:12:EE5KWAEQj8P40l5BjmChtFtvvp2KWW/WRQj8P40Gq5T:EE5RDAe4GjtvB21DAqT
                                  MD5:C70CD940053499860DB4AB3AF048672F
                                  SHA1:CAD3D0E871EE8EA48BE27554A17EF2926471D7BB
                                  SHA-256:3143F2C7005D75F24F175C356D3DF2ED8DE66AA8E46AEB269D0CA127CFA16218
                                  SHA-512:8D9EA6495CC787FB6E260973333F91ED2ABF1EFBCFAD0C7C1CA24BDA58C2A1A728179DBD6E8C6D1ED6933E0E2CE67B8E5E57D3520294647280FB51E5B0DE8B40
                                  Malicious:false
                                  Preview:18:10:11.182.INFO.Signaling force websocket stop..18:10:19.203.ERROR.Socket unable to read..18:10:19.203.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:10:19.203.ERROR.WebSocket connection error getscreen.me/signal/agent..18:11:50.408.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:11:59.201.INFO.Socket connected to getscreen.me:443..18:14:15.666.INFO.Signaling force websocket stop..18:14:17.520.ERROR.Socket unable to read..18:14:17.520.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:14:17.520.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260331.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1637
                                  Entropy (8bit):4.991278031081382
                                  Encrypted:false
                                  SSDEEP:24:UvG4tv6BDAqbNiUGxtv5ZJDAP6bhiGBrtvu6PDAvbW2GB5tvv:pYQDbbNETPJDk6b1fGSDubWvZ3
                                  MD5:62D46BAE20E311DF875D5267965F397E
                                  SHA1:A91741D78A9B86EBA418528EE5F6E68A27E37A83
                                  SHA-256:FFECB564ADCDC0180CC086B8265F0734A1C31BC0E5630BD81942EF7FECF6D1C1
                                  SHA-512:34903845683CE6CBE724FF7283BB59B8700580B80C2290E679EF6BA9622D430CED79789711ADD17D4E59EF9A71A343C5CD0C9C9B8780A337D100C07E357F1FC3
                                  Malicious:false
                                  Preview:21:29:33.464.INFO.Signaling force websocket stop..21:30:52.592.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:31:16.133.INFO.Socket connected to getscreen.me:443..21:33:30.321.INFO.Signaling force websocket stop..21:33:31.233.ERROR.Socket unable to read..21:33:31.233.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:33:31.233.ERROR.WebSocket connection error getscreen.me/signal/agent..21:35:56.754.INFO.Signaling force websocket stop..21:36:48.550.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:36:57.699.INFO.Socket connected to getscreen.me:443..21:39:14.078.INFO.Signaling force websocket stop..21:39:14.498.ERROR.Socket unable to read..21:39:14.508.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:39:14.508.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260403.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1856
                                  Entropy (8bit):4.976534301857455
                                  Encrypted:false
                                  SSDEEP:48:1DYk/+G+XoXeX+DCXJkFhWaEKqEyDIFkL9wDmRT:2k/OKI/JkFXTkLHT
                                  MD5:DC0A2422FF1FC35842EFFDF6E505B369
                                  SHA1:9ECC33312FEB61A10E62FC201C752F27D7B6B1B4
                                  SHA-256:27CD2EF37B7AA0967AC9046647BDF7BE5A2A1F2E0442DBB8690F3F31CA86DA31
                                  SHA-512:39E5E1E48EE90CD22B4A3819F5E7DD20D4DFD592BCA3CE844E6F8B9290D2231640DC9F9CF3A6AE101BA49DB73F5DCB0CC27E7FD4786CBC675C83D3DB12D60536
                                  Malicious:false
                                  Preview:01:00:56.712.INFO.Signaling force websocket stop..01:01:02.395.ERROR.Socket unable to read..01:01:02.415.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:01:02.415.ERROR.WebSocket connection error getscreen.me/signal/agent..01:03:23.123.INFO.Signaling start connection to 'getscreen.me/signal/agent'..01:05:48.199.INFO.Signaling force websocket stop..01:08:13.598.INFO.Signaling force websocket stop..01:10:26.901.INFO.Signaling force websocket stop..01:10:48.195.INFO.Socket connected to getscreen.me:443..01:12:52.124.INFO.Signaling force websocket stop..01:12:52.707.ERROR.Socket unable to read..01:12:52.928.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..01:12:52.928.ERROR.WebSocket connection error getscreen.me/signal/agent..01:14:42.225.INFO.Signaling start connection to 'getscre

                                  C:\ProgramData\Getscreen.me\logs\20260405.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2060
                                  Entropy (8bit):4.986878515090702
                                  Encrypted:false
                                  SSDEEP:24:e72GCtv9iYjDAVAQGe8tvNQdDAsJ5GevXtvmXnDA9tI2Gr2tv0uzuDA3Zj5:amgYjDgAtesEDF6eV+XDYgugD0t
                                  MD5:D87CE28EF3DC9EAA9B5C4DB48E0BFFFA
                                  SHA1:45E32F056D4D88DF7C28E1725F5AF5CF13F98CE1
                                  SHA-256:6B89FE076F99325F29860DDB6A63725F82D45B548D1AA70FC8A0DDA09EB0C666
                                  SHA-512:6591DA7998C9E15BE45C825EBF10C3FCDD9DE74F604DA8A95FA1167E90EA8046D81759DFF0CA84551C688AEDF6901C705C5836A5EB60D9D08F4DA0D755FA3A1E
                                  Malicious:false
                                  Preview:04:35:44.057.INFO.Signaling force websocket stop..04:36:58.790.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:37:26.391.INFO.Socket connected to getscreen.me:443..04:39:23.901.INFO.Signaling force websocket stop..04:39:24.412.ERROR.Socket unable to read..04:39:24.432.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:39:24.432.ERROR.WebSocket connection error getscreen.me/signal/agent..04:41:48.153.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:41:51.508.INFO.Socket connected to getscreen.me:443..04:44:12.629.INFO.Signaling force websocket stop..04:44:12.709.ERROR.Socket unable to read..04:44:13.380.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:44:13.380.ERROR.WebSocket connection error getscreen.me/signal/agent..04:46:27.121.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260407.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):515
                                  Entropy (8bit):4.9986907973521655
                                  Encrypted:false
                                  SSDEEP:6:MR7S0X2XIX+WgIJUxXIXNLD4EQBhqs2dzvRWl8Rvvv4QXIX+WgIJUWUMlud2M0CM:MR7SzjCh6qXtvvgQlQj8P40S5T
                                  MD5:3C580BE9BFAF8E71C40E1FB46DF7DED1
                                  SHA1:89E8EC81287C35B604E96F6AC95A6AF3AAF6AFC1
                                  SHA-256:77581423C61E5AE7FCF0D3D1ECE4FB6EC73E4AD16DA720A0B832B3DD77E82954
                                  SHA-512:B44BF42AE4B68F2EC795F8E69999DFA3A781FB47D2E6B83B1E85DC239A3E4254A88DADA96299689144628F476583C9F26ADED19E0044F8224FFF42AE65C5A557
                                  Malicious:false
                                  Preview:08:14:00.745.INFO.Signaling force websocket stop..08:14:28.240.INFO.Signaling start connection to 'getscreen.me/signal/agent'..08:14:34.367.INFO.Socket connected to getscreen.me:443..08:16:51.628.INFO.Signaling force websocket stop..08:16:51.709.ERROR.Socket unable to read..08:16:51.749.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..08:16:51.759.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260409.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1433
                                  Entropy (8bit):4.98432913997468
                                  Encrypted:false
                                  SSDEEP:24:MEGItvTiQkDAW+GPitv+n2eeDAs3Gatvstm3DAvT:io9kDbXeixeDRWOjDWT
                                  MD5:D07D051398DF43C7C8A2226E4DEEFD89
                                  SHA1:3021EC671A8BDC1F04B3EAA403244B6CE88042F9
                                  SHA-256:B525DA23E4C291292940C4DACF73C64EF6CF411AB63BD8F07DEB405EF35BEFC8
                                  SHA-512:82C8EA0D4A6984ECE0B20100625693AF2DE34EEB1EC46DF6E69FB2F4AF056AF448A932F3FF848663274BFAE37BC9783F6AFD8C37248B3FE8323D0295AA2715DF
                                  Malicious:false
                                  Preview:11:33:25.290.INFO.Signaling force websocket stop..11:33:54.331.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:33:56.145.INFO.Socket connected to getscreen.me:443..11:36:53.418.INFO.Signaling force websocket stop..11:36:53.538.ERROR.Socket unable to read..11:36:53.569.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:36:53.569.ERROR.WebSocket connection error getscreen.me/signal/agent..11:39:18.401.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:39:24.713.INFO.Socket connected to getscreen.me:443..11:41:41.636.INFO.Signaling force websocket stop..11:41:42.127.ERROR.Socket unable to read..11:41:42.578.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:41:42.578.ERROR.WebSocket connection error getscreen.me/signal/agent..11:42:52.068.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260411.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.752897239845947
                                  Encrypted:false
                                  SSDEEP:6:56QXIX+WgIJUU1X2XIXNLD4EQBNn2dzvRWl8Rvvn:JKYCh+2tvvn
                                  MD5:767CF99D1F6A163BEC11E578593744A4
                                  SHA1:BD89FAB977D4CF9594B746E948AFE95DF0D1EF8D
                                  SHA-256:308FC5BD80405172148BD1215D5454FDF0DDEEF76209BE231E4F438FDA10F091
                                  SHA-512:0F6A11245E4E7320D84C86820BFF9445B45CF099C01BDC7F2B870F6DD60520C906BA2E99DD59B5738E379AA30BF0788C9E81194051E816FDB047791BAFCD1715
                                  Malicious:false
                                  Preview:15:00:57.528.INFO.Signaling force websocket stop..15:01:52.227.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:01:54.237.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260413.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2259
                                  Entropy (8bit):5.007609164832239
                                  Encrypted:false
                                  SSDEEP:48:Ec13DLlD2a4HD6cEhTvDsYU58txD1iN5Fi0jcxDxciT:X1XlSa4ucA0Y6NjiCSRT
                                  MD5:7F29B33C26D24EF86187BB5527808C58
                                  SHA1:2F701ADB808B759DAA94E2BAC46A07370339E0DC
                                  SHA-256:48CBF0CCE55E21B4071477DF6FE2C5870B84853B581987C850515A53813FFF07
                                  SHA-512:69795869244DD7D8FD27785E363D8417FF8898ABAD2AD461E56167B6397846DD07FF81F3DEFA198D7A2F4020C5A47345FB1D93967840BD292111AF729E768844
                                  Malicious:false
                                  Preview:18:16:49.655.INFO.Signaling force websocket stop..18:16:52.262.ERROR.Socket unable to read..18:16:52.282.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:16:52.282.ERROR.WebSocket connection error getscreen.me/signal/agent..18:18:31.884.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:18:32.533.INFO.Socket connected to getscreen.me:443..18:21:04.875.INFO.Signaling force websocket stop..18:21:04.876.ERROR.Socket unable to read..18:21:04.876.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..18:21:04.876.ERROR.WebSocket connection error getscreen.me/signal/agent..18:23:30.299.INFO.Signaling force websocket stop..18:23:43.824.INFO.Signaling start connection to 'getscreen.me/signal/agent'..18:23:50.085.INFO.Socket connected to getscreen.me:443..18:26:08.034.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260415.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1030
                                  Entropy (8bit):5.001005633495406
                                  Encrypted:false
                                  SSDEEP:24:daG/2tvZvWNqDApbSsjGhtvr2M1jDAQAT:F/ahOgD0biDjBDqT
                                  MD5:BD7C8AAB32820273C31D8D4E495C2433
                                  SHA1:8B17492AE58B2F4B7CE3C79B6871CC42B5ACDD2B
                                  SHA-256:A3D910B408DD10AA8423BACC19152553CFC8F1155C764D3DA4E4B9D29DB0E2D5
                                  SHA-512:B40802A976B6D8F02D703F0483D62F6C5740A2003039B8765354ABF29C0374A853B5345D55ADC7E210E1D3765ACAD63817DBF088368FD07C4FEFCBE8D5D18466
                                  Malicious:false
                                  Preview:21:51:24.558.INFO.Signaling force websocket stop..21:52:31.749.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:52:36.466.INFO.Socket connected to getscreen.me:443..21:54:55.841.INFO.Signaling force websocket stop..21:54:56.283.ERROR.Socket unable to read..21:54:56.333.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:54:56.333.ERROR.WebSocket connection error getscreen.me/signal/agent..21:57:09.428.INFO.Signaling force websocket stop..21:57:37.025.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:57:42.410.INFO.Socket connected to getscreen.me:443..22:00:01.786.INFO.Signaling force websocket stop..22:00:02.568.ERROR.Socket unable to read..22:00:02.598.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:00:02.598.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260418.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:gUKGqsrjmXINF+WgIO0/Vyn:gUK0jmXIX+WgIJUn
                                  MD5:164CFEFA99A05B31A2B3E75BEEA51C7C
                                  SHA1:AC7B3EFC53CC4D192C6D225EB23D36EE38512814
                                  SHA-256:8238EEC16ECAC394EC9D5352A8AFA9F18570E78581223674C56D656FD9D2317D
                                  SHA-512:56E1B8AD9D745DEF13EAF8C1FBF5EEEB05C8A388AD56D1365E20E144BCEBFD7B50834CA2E613202C91EF3363814A2B29D04F3B92CEA53925F730656204CCC7C3
                                  Malicious:false
                                  Preview:01:15:23.888.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260420.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.735565835172957
                                  Encrypted:false
                                  SSDEEP:6:v4mXIX+WgIJU0gXXIXNLD4EQNEVKdzvRWl8Rvvn:vXLChTItvvn
                                  MD5:CC62E1780368F91D40B02951FB41A761
                                  SHA1:446915EA7E690CEC401578DF81673938C28C7071
                                  SHA-256:92E15092EE83883AA94BF174531717FD182F8290C2D91A4F7AA9DB3D88D529DE
                                  SHA-512:AF95E1A51679E37E98A6A7BC6F0083CF4ACAFD84EECE74CF2A207982E8A1008CBC58FB0D3498C5576C5EFF862D546F09733460B75995C7EEBFA460FA83ABC4D1
                                  Malicious:false
                                  Preview:04:30:23.742.INFO.Signaling force websocket stop..04:30:25.913.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:30:35.600.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260422.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1433
                                  Entropy (8bit):4.986667543460637
                                  Encrypted:false
                                  SSDEEP:24:u25t4QDAyGMwGW2tvSUmDAvOVQGctvUF2CbFXs6DAvXstmGqtvv:u83DxNnnmDq6Ms7pDhfe3
                                  MD5:D629BC4F98B74174C4CDBCD9CA878DC5
                                  SHA1:B0D7FE9DAC414782306C8078606194188FC6EFF7
                                  SHA-256:8123BCF17247AF2C3DB5348DD46D8D578A3B32A8290B1A94194FFAF29E39F9D1
                                  SHA-512:76435F5185E007F8A8FA6BD62D4AE85666A184BF2EAA9D8607411953ABE24950A77A2EAA7F95A523C394387A5AA78B0F32ED8C1988EE2E21E3387401173FD038
                                  Malicious:false
                                  Preview:07:45:33.326.INFO.Signaling force websocket stop..07:45:36.844.ERROR.Socket unable to read..07:45:36.864.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:45:37.526.ERROR.WebSocket connection error getscreen.me/signal/agent..07:47:16.672.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:47:22.233.INFO.Socket connected to getscreen.me:443..07:49:34.830.INFO.Signaling force websocket stop..07:49:35.431.ERROR.Socket unable to read..07:49:35.462.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:49:35.462.ERROR.WebSocket connection error getscreen.me/signal/agent..07:52:00.695.INFO.Signaling force websocket stop..07:52:43.085.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:52:48.430.INFO.Socket connected to getscreen.me:443..07:55:07.816.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260424.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):965
                                  Entropy (8bit):4.998961109216412
                                  Encrypted:false
                                  SSDEEP:24:EP4+46DAW4t12G23tvLF9UJDAg6uRG2wQ5:A4+46DN4t1vqkDiJe
                                  MD5:A185D7B07D682591F0BF1439EA67C5E3
                                  SHA1:787E517237EF571D5B7ABB37532F06E073BCA693
                                  SHA-256:70AC0C5A9103761C6B1275312D2DD42374FC09D9D936016ABDA2C133D16A5D8D
                                  SHA-512:ED1F9137B2205DC20DFA8759B77562B54821BC357D88AC4D150CEE1CDBF2A93EC3CF50DB3AF7E16AB420D0060C02F5327078744CFD009D8E10CD880FC185ABB5
                                  Malicious:false
                                  Preview:11:12:19.931.INFO.Signaling force websocket stop..11:13:21.962.ERROR.Socket unable to read..11:13:21.962.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:13:21.962.ERROR.WebSocket connection error getscreen.me/signal/agent..11:15:03.526.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:15:04.869.INFO.Socket connected to getscreen.me:443..11:17:28.643.INFO.Signaling force websocket stop..11:17:28.814.ERROR.Socket unable to read..11:17:28.844.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:17:28.844.ERROR.WebSocket connection error getscreen.me/signal/agent..11:19:41.579.INFO.Signaling force websocket stop..11:20:20.548.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:22:43.543.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260426.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.770942421748538
                                  Encrypted:false
                                  SSDEEP:3:IfTX+dsnXXINF+WgIO0/Vyn:IrX+dsXXIX+WgIJUn
                                  MD5:5B3395BB6DB2F0434DE666744BD1EE2C
                                  SHA1:17420382B443D4FE5FA8A09C814D2CEF704D1D79
                                  SHA-256:3C171D30C5B7331B4B0DA6D47D77A624CDB78641ADCC2732548D4145D641C257
                                  SHA-512:DFFF7384F17A4B94E39455EE022251BF8DA858EAA78D67E4188FB1ED0745F5A3DA86B637DF5C558E25EA7E33C7D80205B8AF46994398D3086785789C487D35B1
                                  Malicious:false
                                  Preview:14:39:22.858.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260428.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65
                                  Entropy (8bit):4.365589590386748
                                  Encrypted:false
                                  SSDEEP:3:L4LVz4aXdzvRWAAEzRWovn:m9XdzvRWl8Rvvn
                                  MD5:BB4B16F798F46AE31DFD00DC7D43880A
                                  SHA1:E81A94E6F603F137BC82EADFB777C00D752BF36B
                                  SHA-256:4EE5A0CBFA0B928C39A9E3FA7C097DD6AFFF8CC72BCC65398E16200351EF5920
                                  SHA-512:0C566E7F770B0309B9F34B1B01AB3C1DF5C63BE347908C618E5139BF1DF15B01341E98E8199DFB1BA381DD7BCE56E36EEF0DFD01598F5F8FCD7473187A2103DD
                                  Malicious:false
                                  Preview:17:55:50.883.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260430.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1744
                                  Entropy (8bit):4.991314090396775
                                  Encrypted:false
                                  SSDEEP:24:Ymj0CDA01b2UhGyXtv2wLDA5bC2GAtvbqbDA8blG5tvpRNDAST:YkDDb2PC3DsbCvw+bDpbILVD7T
                                  MD5:FDE57E5C77085204A57CB7B57C55F22B
                                  SHA1:D47D0BFAE5FA016D399CB3AA1CB8762DCB21C253
                                  SHA-256:E8C405D0554D9241EDB9AB83226FBC3668C5F8FF183461B6B49723D6C879C881
                                  SHA-512:ADFF7B69859017F0DAAD92B783F6196689A093C9F7037EC7D147C20047808EAB92C76577CEAB542B9CA1E6C39B898BBE742EC2A8FC0FF1056CACC8915E63B030
                                  Malicious:false
                                  Preview:21:11:34.087.INFO.Signaling force websocket stop..21:11:37.727.ERROR.Socket unable to read..21:11:37.727.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:11:37.727.ERROR.WebSocket connection error getscreen.me/signal/agent..21:14:03.059.INFO.Signaling force websocket stop..21:14:19.928.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:14:20.151.INFO.Socket connected to getscreen.me:443..21:16:43.263.INFO.Signaling force websocket stop..21:16:43.604.ERROR.Socket unable to read..21:16:43.614.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:16:45.638.ERROR.WebSocket connection error getscreen.me/signal/agent..21:18:46.016.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:19:58.120.INFO.Socket connected to getscreen.me:443..21:21:00.247.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260502.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.74378797244436
                                  Encrypted:false
                                  SSDEEP:6:u5iXIX+WgIJU8Q4BnXXIXNLD4EQJN9qs2dzvRWl8Rvvn:u5iOh5ChwqXtvvn
                                  MD5:0BA4B303E631A75D6588C61FE48D89DA
                                  SHA1:0BC31EA80A2D7DEAC42A27ECA07567D1552E3E71
                                  SHA-256:AF5B1B155D13371C49E6B0880A26E203E05A3C9A0824CDDBF3A75DAD27C7D8B4
                                  SHA-512:B22BF6EC1083D31CFE7019490F7102E9E6235F8DAF5CDE09733D0EDF45F2610CECC6F3786A12E16D33EC906DB73E802B7B0F3F15EC055203F08C5996744C8FFE
                                  Malicious:false
                                  Preview:00:41:09.030.INFO.Signaling force websocket stop..00:41:52.961.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:42:04.367.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260505.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3540
                                  Entropy (8bit):4.990137564268152
                                  Encrypted:false
                                  SSDEEP:48:OlD7MwoIDH+0CalkD7kSuXD0Cea/yXD8MFi2BeVsb+DSJgSp/wjDSAD9vY:SMw/+0lykgCsFi2wVsblJrWDJY
                                  MD5:EE5B056632771ABFEE0B481966AACD00
                                  SHA1:0C40AA1E4B4C476A872350ECE11C2C5962AD650D
                                  SHA-256:AF821DD00E7556615708A241DEDE55967D9CC17A1B483C5F12AC30A8EF495BB8
                                  SHA-512:C8EB7BF5143D6E138E0338E002617AAF33E4F36D1E78BE23F2E21D7770E7227DD9EC18372AB4F6A8B7EC87C457DB255E61043C242B4AA61E1C625A7FFCF87F89
                                  Malicious:false
                                  Preview:03:57:34.118.INFO.Signaling force websocket stop..03:57:45.946.ERROR.Socket unable to read..03:57:45.946.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:57:45.946.ERROR.WebSocket connection error getscreen.me/signal/agent..03:59:59.607.INFO.Signaling force websocket stop..04:01:46.389.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:01:56.270.INFO.Socket connected to getscreen.me:443..04:04:11.123.INFO.Signaling force websocket stop..04:04:11.183.ERROR.Socket unable to read..04:04:11.213.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..04:04:15.914.ERROR.WebSocket connection error getscreen.me/signal/agent..04:06:36.459.INFO.Signaling force websocket stop..04:07:24.101.INFO.Signaling start connection to 'getscreen.me/signal/agent'..04:07:51.816.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20260507.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4792
                                  Entropy (8bit):5.000642251923936
                                  Encrypted:false
                                  SSDEEP:96:FxwGFpW4AzYa2PN41Li0pV6g9f2iw3gEU7xT:jwG/W4UYvPN41Li0Veiw3gEU7xT
                                  MD5:A1A33D0E29DB961A566D47EE1BC0D769
                                  SHA1:3AC306B3F4EDD61BFA9F2F68B4F5BEF5DBFA8F5C
                                  SHA-256:F9F9C913ABE76714233105A08C526E0E87B5869B99A461EBBCEA1467F88625F3
                                  SHA-512:93558984C7E0AC97BB961FC11D80D8D6B3CDDBE61016B8F2787197A8FC775BE3D5BD94EA809C7601066DE0F5C538B5DA35FF9B16829B27BC834EDC00786461A0
                                  Malicious:false
                                  Preview:07:48:09.131.INFO.Signaling force websocket stop..07:48:09.331.INFO.Socket connected to getscreen.me:443..07:48:14.085.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:48:14.279.ERROR.WebSocket connection error getscreen.me/signal/agent..07:50:39.320.INFO.Signaling force websocket stop..07:50:53.759.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:51:02.725.INFO.Socket connected to getscreen.me:443..07:53:32.797.INFO.Signaling force websocket stop..07:53:32.867.ERROR.Socket unable to read..07:53:32.897.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:53:34.231.ERROR.WebSocket connection error getscreen.me/signal/agent..07:55:58.119.INFO.Signaling force websocket stop..07:56:30.910.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:56:31.126.INFO.Soc

                                  C:\ProgramData\Getscreen.me\logs\20260509.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4926
                                  Entropy (8bit):5.004077589203959
                                  Encrypted:false
                                  SSDEEP:96:qbzLpcFXZCQcyCvm715CWztTDIfB6P4j3+T:qbzLpcFXZC0QW15BzRL4j3+T
                                  MD5:893A8B2B616DFD65F6DC9C592BAB6776
                                  SHA1:31F4A01A74A4D708B2557A98F8D2FD928A7C85D7
                                  SHA-256:6C1D3ADA92893DB9C12957EE84B2F7E45CA13E07389777AF7AF6C1AA225C41CE
                                  SHA-512:B8B3CD53EDC55091569F388DD6AC5BEABB527426A57B8DDAF78A74B140C5EA250FDC1B2FEA2EA816DD9D5E3DAFB02350D89194D093EDE4C0927B9D26BA0B0E7C
                                  Malicious:false
                                  Preview:11:46:39.694.INFO.Signaling force websocket stop..11:48:24.577.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:48:26.812.INFO.Socket connected to getscreen.me:443..11:50:49.907.INFO.Signaling force websocket stop..11:50:50.087.ERROR.Socket unable to read..11:50:50.087.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:50:50.087.ERROR.WebSocket connection error getscreen.me/signal/agent..11:53:06.923.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:53:11.372.INFO.Socket connected to getscreen.me:443..11:55:19.615.INFO.Signaling force websocket stop..11:55:19.776.ERROR.Socket unable to read..11:55:20.198.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:55:20.198.ERROR.WebSocket connection error getscreen.me/signal/agent..11:57:45.224.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260511.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.741669327809411
                                  Encrypted:false
                                  SSDEEP:6:32XIX+WgIJUUILRYqs2XIXNLD4EQLLfidzvRWl8Rvvn:32KIlYmChWLitvvn
                                  MD5:2B8BDEE6FDE544F6FFB8ED5783FCBE85
                                  SHA1:DDEF4E8B445D5381318ED9F8AFECEB7C8E018C16
                                  SHA-256:AC6F4D735BD67A56141789149C49A63A54CFAFF2AB65551B4389CFE7C690B9F3
                                  SHA-512:05154F0B4F80A2C0B96ED86FCA7AB7F6FE7C72E6E7467A94C852917D1CA733D00972517124A8D0EA7D03E6D26AFE930C3C7D2B940A138A84AF1E2D85ABAABAF7
                                  Malicious:false
                                  Preview:15:49:13.294.INFO.Signaling force websocket stop..15:51:02.405.INFO.Signaling start connection to 'getscreen.me/signal/agent'..15:51:06.440.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260513.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.959701488341194
                                  Encrypted:false
                                  SSDEEP:12:hz2KY9cJ9cPQj8P40/9c45Ra9mChW2tvvn:hz2LcMDAajRaQGW2tvv
                                  MD5:F70436EB1073E2BBD28777A7F1398DFA
                                  SHA1:720600E4D6C83AC8874FA11AB33DC9EE281EE6DA
                                  SHA-256:1574DCD82F73362434A29706D92405A747521243C69A34D79EEB7D2EB18638A8
                                  SHA-512:48A0BC552B5B1C27E9A09C1ABBD9B8310D5D40971451D0631E93C3D7DCCE35C153912BFCC43BD3A90DB857E5B4C146DC588AB6D616DC345F76278138B86E310B
                                  Malicious:false
                                  Preview:19:06:06.956.INFO.Signaling force websocket stop..19:06:09.352.ERROR.Socket unable to read..19:06:09.352.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..19:06:09.352.ERROR.WebSocket connection error getscreen.me/signal/agent..19:08:25.563.INFO.Signaling start connection to 'getscreen.me/signal/agent'..19:08:29.159.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260515.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2315
                                  Entropy (8bit):4.984083175803781
                                  Encrypted:false
                                  SSDEEP:48:UaDAbWfo7DzbooyIhDNybu7GtDYbezwXDNbW:oyqsoDHyK9y0K
                                  MD5:84A756363CCAF5D85F8C9DCF88CA0DA6
                                  SHA1:4067DEDB98DACC72CA9C64DCA50856E230BA8C74
                                  SHA-256:86DAB1390581BDB0027D5BD56222158578C849C17AFFCB14A8531CC342D91BE2
                                  SHA-512:10D5360AE55BEAB975A4DBB1E35B6B3B3715FE4EC208ECE131F45F9E2F05E32810DA4F175800EEA38CDB4BE5F70EA94F839082EB57D90464C85F9BF5F6F3B075
                                  Malicious:false
                                  Preview:22:23:58.876.INFO.Signaling force websocket stop..22:24:01.540.ERROR.Socket unable to read..22:24:01.540.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:24:01.540.ERROR.WebSocket connection error getscreen.me/signal/agent..22:26:26.990.INFO.Signaling force websocket stop..22:26:28.370.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:27:32.613.INFO.Socket connected to getscreen.me:443..22:28:42.611.INFO.Signaling force websocket stop..22:28:42.732.ERROR.Socket unable to read..22:28:42.752.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..22:28:44.289.ERROR.WebSocket connection error getscreen.me/signal/agent..22:31:08.012.INFO.Signaling force websocket stop..22:31:27.441.INFO.Signaling start connection to 'getscreen.me/signal/agent'..22:31:32.624.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20260517.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1693
                                  Entropy (8bit):4.966406686659172
                                  Encrypted:false
                                  SSDEEP:48:se1/NcxD2iXtvAN4DRrSvINDEtWeDppNfP3:LIXtv7roF1v
                                  MD5:1ED42B2F09871FD9A34B1F08AA761408
                                  SHA1:A2C28AA0D8432D81616D4B733E3BCC30E3D72C90
                                  SHA-256:8BAFA5B4F82D0B7FA77AFBBF0164C584CAC095CB1715BDD9F6B80A7D8F3DE773
                                  SHA-512:33BD8B3F588C7EA11B838DAEFF3CA3F0866D79EDB0E3145F785D1127305FF3135E84EF9DBA254D7E3D47B97166B43A578655B62B344C3C19C74494640F1A00CB
                                  Malicious:false
                                  Preview:02:01:02.387.INFO.Signaling force websocket stop..02:01:07.181.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:01:27.264.INFO.Socket connected to getscreen.me:443..02:03:40.908.INFO.Signaling force websocket stop..02:03:41.148.ERROR.Socket unable to read..02:03:41.199.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:03:41.199.ERROR.WebSocket connection error getscreen.me/signal/agent..02:05:44.630.INFO.Signaling start connection to 'getscreen.me/signal/agent'..02:05:50.911.INFO.Socket connected to getscreen.me:443..02:08:09.411.INFO.Signaling force websocket stop..02:08:09.482.ERROR.Socket unable to read..02:08:10.023.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..02:08:10.033.ERROR.WebSocket connection error getscreen.me/signal/agent..02:10:27.772.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260520.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2259
                                  Entropy (8bit):4.974137605462173
                                  Encrypted:false
                                  SSDEEP:48:wmCDOVU3wKxdDFEnc4kD4E5h2O5XRDIOeZHDPCT:wmZq3n3uxxWhN5XKOyTCT
                                  MD5:CE29B5FE53081614CF2CB053A740AE5C
                                  SHA1:1937F53962C125AA78B12C45D144CE05A8AE461A
                                  SHA-256:9657D82764709EAC43DE0BEC1C86599E9425E368339885AE83338BB4CD8BBAC7
                                  SHA-512:D88D21378146B125B168FBB33677AFC726D78550FEF7B6EB8D7108DCFD5BEE255590AF66522EEDDF89397F1AA2181EA3E19C560A85190899BE2895EF1CE90DE9
                                  Malicious:false
                                  Preview:05:34:35.110.INFO.Signaling force websocket stop..05:34:50.849.ERROR.Socket unable to read..05:34:50.849.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:34:50.849.ERROR.WebSocket connection error getscreen.me/signal/agent..05:37:11.798.INFO.Signaling force websocket stop..05:38:39.054.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:38:46.444.INFO.Socket connected to getscreen.me:443..05:41:03.357.INFO.Signaling force websocket stop..05:41:04.008.ERROR.Socket unable to read..05:41:04.018.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..05:41:05.585.ERROR.WebSocket connection error getscreen.me/signal/agent..05:43:12.482.INFO.Signaling start connection to 'getscreen.me/signal/agent'..05:43:13.140.INFO.Socket connected to getscreen.me:443..05:45:37.111.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260522.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2096
                                  Entropy (8bit):4.989277274435411
                                  Encrypted:false
                                  SSDEEP:48:BDiKE3MwBD453vMeD1CDbLUeD3nQoVMDrqDVm3:BDiM/DCDbo4QdqO
                                  MD5:128B8C7E55C97836FAAD42CF69CC4D7A
                                  SHA1:EA3C94FC4E4D2C317C1CCE2CAB8468122356C9DF
                                  SHA-256:23D5D4107A96DA426590B72F1E46E31AF4FCC203A9E3B236CAAC455E394AF3D9
                                  SHA-512:86C0766C2AA57CA7EF7356D8CA05D76E133CF94631A21B36822F014D7EC5D3779EB6FAA4D1D227B42B7E733EBEEF51B2DD0A0F1F273C44F3171E67A4D5E2A34F
                                  Malicious:false
                                  Preview:09:10:31.355.INFO.Signaling force websocket stop..09:11:56.585.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:13:02.647.INFO.Socket connected to getscreen.me:443..09:14:10.415.INFO.Signaling force websocket stop..09:14:10.485.ERROR.Socket unable to read..09:14:10.525.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:14:10.526.ERROR.WebSocket connection error getscreen.me/signal/agent..09:16:08.086.INFO.Signaling start connection to 'getscreen.me/signal/agent'..09:16:08.753.INFO.Socket connected to getscreen.me:443..09:18:31.524.INFO.Signaling force websocket stop..09:18:31.584.ERROR.Socket unable to read..09:18:32.236.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..09:18:32.246.ERROR.WebSocket connection error getscreen.me/signal/agent..09:20:27.085.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260524.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1688
                                  Entropy (8bit):4.996767786709693
                                  Encrypted:false
                                  SSDEEP:24:h42xDAbiHtGJQtvNgzHwxDAWwiY3Gvtvj2Dq6DACtzG5mtv2JDAwT:+2xDuiHwJAlEHwxDpwivF7ADrK5KgDFT
                                  MD5:2D957A4F2B64E931A9988FAE093C6A91
                                  SHA1:2202F7AC613366D7A0B09C985B3CF168A1484280
                                  SHA-256:5EFBDD18FE26AA3294728A2E0340836F0E310BBA9F0F2DDED0F806D5E1B427DD
                                  SHA-512:B58DD33E673644B823D2CE26325C294C8AA2A0B15EDE4041CA544CBBD6FBABE98C8BE7AC8B337FCBA021371D19BD6871BB3355F5ED186275DBD8B06CD3F0807D
                                  Malicious:false
                                  Preview:12:45:21.329.INFO.Signaling force websocket stop..12:45:30.194.ERROR.Socket unable to read..12:45:30.194.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:45:30.194.ERROR.WebSocket connection error getscreen.me/signal/agent..12:47:16.765.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:48:38.564.INFO.Socket connected to getscreen.me:443..12:49:30.744.INFO.Signaling force websocket stop..12:49:31.095.ERROR.Socket unable to read..12:49:31.115.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..12:49:31.115.ERROR.WebSocket connection error getscreen.me/signal/agent..12:51:22.119.INFO.Signaling start connection to 'getscreen.me/signal/agent'..12:51:50.721.INFO.Socket connected to getscreen.me:443..12:53:47.086.INFO.Signaling force websocket stop..12:53:48.761.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20260526.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):5909
                                  Entropy (8bit):5.003224437318543
                                  Encrypted:false
                                  SSDEEP:96:7NIaAReeZkR9XCu5BxEjJkddahV25E9yqCRkaG4XwK05T:7+ReeZkR9XCu5BxEjJkddahs5E97CRkH
                                  MD5:7023CF38C874D9A50DB3943D5E182E5F
                                  SHA1:D843B5AD083D81CFB5B1ADDB1F8C675D8A9BA4C7
                                  SHA-256:8AB6FE3E3B99C32F1FBB856B5BB24D033681B2BF3FDC7D265AE97BC884355A91
                                  SHA-512:E1955D47D1613C0699F773F23423310A625D376D5F9880B5DA5B3EA8C6AE0243D5EF2AC1CC30E8A84C4429E03F7F3185FE6DC72692567E31BDAF23D6AB681F86
                                  Malicious:false
                                  Preview:16:12:00.275.INFO.Signaling force websocket stop..16:13:47.388.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:13:48.514.INFO.Socket connected to getscreen.me:443..16:16:11.399.INFO.Signaling force websocket stop..16:16:11.511.ERROR.Socket unable to read..16:16:11.511.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:16:11.511.ERROR.WebSocket connection error getscreen.me/signal/agent..16:17:49.261.INFO.Signaling start connection to 'getscreen.me/signal/agent'..16:17:54.618.INFO.Socket connected to getscreen.me:443..16:20:03.098.INFO.Signaling force websocket stop..16:20:03.340.ERROR.Socket unable to read..16:20:03.491.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..16:20:03.491.ERROR.WebSocket connection error getscreen.me/signal/agent..16:21:51.881.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260528.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1433
                                  Entropy (8bit):4.977067672591128
                                  Encrypted:false
                                  SSDEEP:24:ZdQG+LtvWVjDAgkAbVcG+ZtvHn2qEDAgW7bVqXG+7XtvAPoODAgb5T:Ht+hQjDpkAbVR+rPVEDpW7bVq2+JCoOT
                                  MD5:CC3D5CF23D93962A42098746BC53F118
                                  SHA1:39DEFABF0482FA1E328BC9EA998C2649D1DD5BBC
                                  SHA-256:17150C0A37DEBA0E24349FB97001F38CEFDD36AC8C33A3F4DF3634618116746E
                                  SHA-512:9CE41B40B56FBDE39989298FB86B58EA8BFB530B5A51A54B946A2081471E3B8424244A555F3509BABD24D051602C7A1313CB6B8A7EA02B7266EEC653ECA4C82E
                                  Malicious:false
                                  Preview:20:23:51.158.INFO.Signaling force websocket stop..20:24:08.107.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:24:22.892.INFO.Socket connected to getscreen.me:443..20:26:35.363.INFO.Signaling force websocket stop..20:26:35.724.ERROR.Socket unable to read..20:26:35.764.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:26:35.764.ERROR.WebSocket connection error getscreen.me/signal/agent..20:28:39.035.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:30:27.054.INFO.Socket connected to getscreen.me:443..20:31:04.316.INFO.Signaling force websocket stop..20:31:04.547.ERROR.Socket unable to read..20:31:05.469.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..20:31:05.469.ERROR.WebSocket connection error getscreen.me/signal/agent..20:33:26.055.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260530.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):663
                                  Entropy (8bit):4.956677421623666
                                  Encrypted:false
                                  SSDEEP:12:oziYpPTChzXTtvviJYdsdiQj8P40ez5ba42Cho2tvvn:nYTGbTtvI8DAfbaTGo2tvv
                                  MD5:555515D060A99532A00FEF356695B3A4
                                  SHA1:112216FEB04A95498F47263882E2EA305BC54C13
                                  SHA-256:1691344A46BFDB9F238457DC670FC35E98A128A4E4688CECBF8D461C8B1C6449
                                  SHA-512:C43EC53CDFFFB67791E4C6233E355F5A834066D9877215D06E84DDFA348583CEF3397A86966BC05736F97F9C56C882DEF97BE7667BCD1AD400F7B2B0EBDA65D2
                                  Malicious:false
                                  Preview:23:51:10.898.INFO.Signaling force websocket stop..23:52:41.403.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:52:41.623.INFO.Socket connected to getscreen.me:443..23:55:05.743.INFO.Signaling force websocket stop..23:55:05.894.ERROR.Socket unable to read..23:55:05.914.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..23:55:05.914.ERROR.WebSocket connection error getscreen.me/signal/agent..23:56:22.073.INFO.Signaling start connection to 'getscreen.me/signal/agent'..23:56:24.512.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260601.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2866
                                  Entropy (8bit):4.976062287946895
                                  Encrypted:false
                                  SSDEEP:48:OWDEC2guDPXrIzBDDSCfHItPD0ktbIIDVdD8gDpHH3:YCUXchSYkQktLdDFHX
                                  MD5:F1A0E3CF45EC4F5FF9AEBFB3E5C085D6
                                  SHA1:E6031441C37E6268717A781F0064A503BC275A2D
                                  SHA-256:D6B70CB6EC91E4F2378BAE5D07623AE29563F7F008F67D63B9973725A6822C3A
                                  SHA-512:FCB14EA3EE479E15CF9474E0F869DB4DC051F884DE51AED6C1FA12EADE5A4A81990280B5408FD5785E4AC04ACAAC364F8AB29A4B50C923AD48EE49EDDC56A3FE
                                  Malicious:false
                                  Preview:03:11:11.480.INFO.Signaling force websocket stop..03:11:15.320.ERROR.Socket unable to read..03:11:15.360.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:11:15.360.ERROR.WebSocket connection error getscreen.me/signal/agent..03:13:28.577.INFO.Signaling force websocket stop..03:14:12.274.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:14:18.994.INFO.Socket connected to getscreen.me:443..03:16:35.992.INFO.Signaling force websocket stop..03:16:36.313.ERROR.Socket unable to read..03:16:36.323.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:16:40.830.ERROR.WebSocket connection error getscreen.me/signal/agent..03:19:01.608.INFO.Signaling force websocket stop..03:19:17.411.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:19:22.340.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20260604.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.6637995646056805
                                  Encrypted:false
                                  SSDEEP:3:ejN3qs2XINF+WgIO0/Vyn:epX2XIX+WgIJUn
                                  MD5:DFD13A46C039D6B5BB4F482F5EE5CAE2
                                  SHA1:91C4F625E908B4D7E6A20F5472FC9AB4C3B0625D
                                  SHA-256:BBEA327AD11CBC3AC4951923698BA7A32C1E96954D0223E046A932FECBD7DC8E
                                  SHA-512:9736CED436E70C99F69E2CDF6AFA859FB75C027369F0D074E8987E6AF76B091B43A51E2D61993AE39F30BC2252D06C41A17BFAC0C57177DF0192A7B718DC1901
                                  Malicious:false
                                  Preview:06:52:04.444.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260606.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):918
                                  Entropy (8bit):4.973012591487692
                                  Encrypted:false
                                  SSDEEP:24:MgWBjDAK50pJGMmtva2q8BDADSh2G+2tvv:ABjD/ZFyL8BDkShv+a3
                                  MD5:9942598910AEDB517D6DBE3A29BC8552
                                  SHA1:F3906E7DB28D2E2AC8F86BEE462CBA38415AD189
                                  SHA-256:F03EB90122C5143DAEEF941A98310A1C61EF4002138D9CF6F9122BD7194F05DE
                                  SHA-512:247FAE046AABC98600E9BB4CCDF51B011F1E35AFD1567AE03864DEF0F0FD009C93B8708D2382F533E7C7191EAD3F3F944B54FAC1442C262335868B234BCA19B0
                                  Malicious:false
                                  Preview:10:09:16.093.ERROR.Socket unable to read..10:09:28.945.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:09:28.955.ERROR.WebSocket connection error getscreen.me/signal/agent..10:11:54.138.INFO.Signaling force websocket stop..10:12:24.731.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:12:27.889.INFO.Socket connected to getscreen.me:443..10:14:52.598.INFO.Signaling force websocket stop..10:14:55.135.ERROR.Socket unable to read..10:14:55.135.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:14:55.135.ERROR.WebSocket connection error getscreen.me/signal/agent..10:16:55.196.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:16:57.226.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260608.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2203
                                  Entropy (8bit):4.9942499788540635
                                  Encrypted:false
                                  SSDEEP:48:fLzADuvMyHfxDCA2gwfJD3PvafXA1jDrAJc6ffKRDCCT:fjMy8A2gQnsA1zAypT
                                  MD5:A58F27F5A3093D7E0FFC887ADD53F23F
                                  SHA1:3CD92CD0BEE7A6B449E311E0FB399ED821CE9774
                                  SHA-256:E4DAC2ACF19582E01265A61D1A9CFEDC74F418B3ECFEFD59D78D2AC8A08CF540
                                  SHA-512:2C2E39E6BB3B80FD27A39589C88FEBEBBF5D5FF807954F7261BFDC03CA6D3FE709FDFF59D470247FBAABD4C4C542B4AA9A5706D8CC017B4D35E1968A157C425C
                                  Malicious:false
                                  Preview:13:32:28.120.INFO.Signaling force websocket stop..13:32:35.458.ERROR.Socket unable to read..13:32:35.478.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:32:35.478.ERROR.WebSocket connection error getscreen.me/signal/agent..13:35:00.720.INFO.Signaling force websocket stop..13:35:39.327.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:35:47.184.INFO.Socket connected to getscreen.me:443..13:37:51.121.INFO.Signaling force websocket stop..13:37:51.554.ERROR.Socket unable to read..13:37:51.564.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:37:52.246.ERROR.WebSocket connection error getscreen.me/signal/agent..13:39:32.314.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:39:33.442.INFO.Socket connected to getscreen.me:443..13:41:57.875.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260610.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3753
                                  Entropy (8bit):5.009804052893939
                                  Encrypted:false
                                  SSDEEP:48:jv4o7DI1P3vKcDsOTG5vutDsORbJsd7JDg5fPMDCVb5hVbJDw+bUB26lDD/3vka3:LvY1XGFkRbJsuRnffqvB22//x
                                  MD5:A4D18886E3653391EB876FA3B2319E67
                                  SHA1:E1FC5D1CCFF79F5539934AC8258578EEC90976E7
                                  SHA-256:1E55669E8120D87255B7E93937AB1BE669673EC47AE143F29BD237F1B1B10C36
                                  SHA-512:4055FFCF8D8147C31B5D1ECC1D1F3583F31AD175F6ACF43CC5A7640ED356587DDE0606AED77F877926D433FD53E628AB96D03B8EBE5D6F8D3C68F32B091272E4
                                  Malicious:false
                                  Preview:17:06:11.851.INFO.Signaling force websocket stop..17:06:15.296.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:07:34.430.INFO.Socket connected to getscreen.me:443..17:09:49.787.INFO.Signaling force websocket stop..17:09:53.724.ERROR.Socket unable to read..17:09:53.724.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:09:53.724.ERROR.WebSocket connection error getscreen.me/signal/agent..17:12:18.947.INFO.Signaling force websocket stop..17:12:35.507.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:12:56.325.INFO.Socket connected to getscreen.me:443..17:14:59.068.INFO.Signaling force websocket stop..17:14:59.679.ERROR.Socket unable to read..17:14:59.679.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:14:59.679.ERROR.WebSocket connection err

                                  C:\ProgramData\Getscreen.me\logs\20260612.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.901669013823217
                                  Encrypted:false
                                  SSDEEP:6:GDWs2XIX+WgIJUEiqHMCYxHud2M0CCQP5K0C6xDDNBQEQ4:LnOQj8P40Dn5T
                                  MD5:8DF3B4EFF591134AD183E79B1FFEE33D
                                  SHA1:18D64136A5C9B4B285E7DA7D10336EA688DD86C4
                                  SHA-256:D8C49252BC9EAFDA7742A30FA56ED72BF89890CA231083B0441E91D3E418948A
                                  SHA-512:386982BE438DD08AFFEB183AB5B8AED3C4EB97E022B2B366AF0E5331762945D6E0E034E1E8DEF0C48D3630ED716F0CBFFCD44CD45AE581C8593D7F6383A5000C
                                  Malicious:false
                                  Preview:21:00:04.725.INFO.Signaling force websocket stop..21:00:08.625.ERROR.Socket unable to read..21:00:08.655.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:00:08.655.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260614.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1086
                                  Entropy (8bit):4.976475009407864
                                  Encrypted:false
                                  SSDEEP:12:nxSzChpjtvvIVy5Qj8P40CE5jgXWimiCh7Ttvv+2bQj8P40c5T:nxSzGpjtvAVODAFwjgXZTG3tvVbDAhT
                                  MD5:2BCD1E54F97C1ADA704D90957C1CF8C8
                                  SHA1:7FF3A45EEA92EF211577D93C2148ABB7D494D75D
                                  SHA-256:74978803CF5CC8A37C31B515459F3A8B54E4EB30284382774849AC3A407EE2AC
                                  SHA-512:D58649945669F92F6EAC648200F98EBFEFE7C722113A923AF41569815233ED1A761EF2BD5A87B59018E9BA3C45C4F241995E58CAB39AE8ACAC2D17757FD95FF6
                                  Malicious:false
                                  Preview:00:14:40.338.INFO.Signaling force websocket stop..00:17:09.257.INFO.Signaling force websocket stop..00:17:12.223.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:17:12.443.INFO.Socket connected to getscreen.me:443..00:19:36.993.INFO.Signaling force websocket stop..00:19:42.762.ERROR.Socket unable to read..00:19:42.772.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:19:42.782.ERROR.WebSocket connection error getscreen.me/signal/agent..00:21:56.943.INFO.Signaling force websocket stop..00:22:54.703.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:22:54.942.INFO.Socket connected to getscreen.me:443..00:25:18.850.INFO.Signaling force websocket stop..00:25:19.221.ERROR.Socket unable to read..00:25:19.221.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid librar

                                  C:\ProgramData\Getscreen.me\logs\20260616.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.752897239845947
                                  Encrypted:false
                                  SSDEEP:6:OMpXXIX+WgIJU8IZ2XIXNLD4EQ4XUVdzvRWl8Rvvn:OMpXZIChytvvn
                                  MD5:F96E67E87A6AB1238E9B6C1794160B34
                                  SHA1:29262A861B6548F768720006D4E3126587CB3F19
                                  SHA-256:D0D7C2C95A5D76F3B090B46C40046B4556265511331A073B7C7975FF9BE45AB5
                                  SHA-512:3DBDA152B5013A179B7A444980C1B99729992BA77993BBE2A8DD6AF637CFA1B5C9B931C9707EACB780282512DE93788622006792D9B0E87FBF8A3792A5C0D0EB
                                  Malicious:false
                                  Preview:03:41:49.259.INFO.Signaling force websocket stop..03:41:53.415.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:42:00.572.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260619.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4982
                                  Entropy (8bit):5.001077968253576
                                  Encrypted:false
                                  SSDEEP:96:FibNdn87k0hh8lDXvyVQjukRWytSIxfkzFjgqe1ZDngePst:FiBdn8g0hheDfyeukwytSIxfspgquZDw
                                  MD5:E73B59CF5A436AA683228A61AAEFD03F
                                  SHA1:5E373827CB8C703B6637BC1DD82E157B1047B6FD
                                  SHA-256:02D0CEFEBA85AF4E64B657E6103E76F8C3E93F5D75563091FF3426B7C843422E
                                  SHA-512:BB8D5EC042CFB004F8BFD29F46DAE3844BB4A05ED9136B60A5799B6B1349AB9D0531E25AED254FAFB3E900705C6FDE352F66DF0BAF77E362ED98B9B7CAFC8ED6
                                  Malicious:false
                                  Preview:06:56:34.882.INFO.Signaling force websocket stop..06:56:38.923.ERROR.Socket unable to read..06:56:38.973.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..06:56:38.973.ERROR.WebSocket connection error getscreen.me/signal/agent..06:59:04.269.INFO.Signaling force websocket stop..06:59:17.344.INFO.Signaling start connection to 'getscreen.me/signal/agent'..06:59:21.359.INFO.Socket connected to getscreen.me:443..07:01:30.929.INFO.Signaling force websocket stop..07:01:30.929.ERROR.Socket unable to read..07:01:30.929.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:01:31.845.ERROR.WebSocket connection error getscreen.me/signal/agent..07:03:56.149.INFO.Signaling force websocket stop..07:05:02.419.INFO.Signaling start connection to 'getscreen.me/signal/agent'..07:05:07.582.INFO.Socket c

                                  C:\ProgramData\Getscreen.me\logs\20260621.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):826
                                  Entropy (8bit):4.97210603871484
                                  Encrypted:false
                                  SSDEEP:12:ZVb2KmFcQj8P40Z95es2Kw32ChkQtvv4iKXoORQj8P406WU5T:ZB2qDA0eXAGVtvZIoORDAlT
                                  MD5:28AD6C9C98E600106EF716F458DCBA84
                                  SHA1:181A812C62B4354C839DA3084B954F97AEE16CC5
                                  SHA-256:0AA050AABCBFF2E2E9FA6E362D618D66A8A8367D0AEED53C76F838CA5EB0DFE6
                                  SHA-512:CF750421EE266B45DB191ADACA82D20D65AC880140A12550BC37F0A9AD45A838159474EDC2BCDA9AC4DBC7AE0D5ADE33CE78843B5B11E71686E400D559B021DA
                                  Malicious:false
                                  Preview:11:04:05.186.INFO.Signaling force websocket stop..11:04:17.952.ERROR.Socket unable to read..11:04:17.962.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:04:17.962.ERROR.WebSocket connection error getscreen.me/signal/agent..11:06:43.124.INFO.Signaling force websocket stop..11:07:29.314.INFO.Signaling start connection to 'getscreen.me/signal/agent'..11:07:29.341.INFO.Socket connected to getscreen.me:443..11:10:18.030.INFO.Signaling force websocket stop..11:10:25.343.ERROR.Socket unable to read..11:10:25.373.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..11:10:30.093.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260623.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):56
                                  Entropy (8bit):4.721748002067049
                                  Encrypted:false
                                  SSDEEP:3:IfAff4qXXINF+WgIO0/Vyn:IY3XIX+WgIJUn
                                  MD5:1D35387CC7A5C78B8BA133ACE04452D3
                                  SHA1:EA6F486142F44402DDE0534E5DD7870E2D08866B
                                  SHA-256:A2E69E664B8B913BF9F600C71267EBB797AED5F56BDA81C147F492F288159A83
                                  SHA-512:0954611DEE19F57F789E3DD305E8A0C22DD06E0157163253A91E3D5E5BF07F590BC94C6DA2A2BCABA875975BA92E6BF89D42430C0A67849EBB04E9CE5EAFD3C1
                                  Malicious:false
                                  Preview:14:25:11.878.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260625.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.774178810386613
                                  Encrypted:false
                                  SSDEEP:6:FbuIs2XIXNLD4EQIqs2dzvRWl8RvvLR5jX2XIX+WgIJUn:oIXCh3qXtvvLR5i5
                                  MD5:94D1689330D39D7E7A989F10CE4567FB
                                  SHA1:AA50DBBE0A0AB913C2B48FDED7139A89CE01990E
                                  SHA-256:890D1CBDCA45A0DA79D622D86016E1E0C2DF209C2E7C8B09CB05931B3482102B
                                  SHA-512:F02EAFBC38DAA37C233AADB6A3C4B29491ABE325EB1333E900D4E9FC7DE363C0B46154ABB52225255EC32E0DA592217A0F8C15363BB028A217557CD7EEB11CCB
                                  Malicious:false
                                  Preview:17:40:42.667.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:41:13.967.INFO.Socket connected to getscreen.me:443..17:43:27.185.INFO.Signaling force websocket stop..

                                  C:\ProgramData\Getscreen.me\logs\20260627.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1285
                                  Entropy (8bit):4.968517566942102
                                  Encrypted:false
                                  SSDEEP:24:JsDAUbRmPMG+g2tvI7BhDASyb+LiG2tvYtOFDAfT:JsDNbSB+xsDUb6DabDGT
                                  MD5:09417DD5C1979ECC2695CB3E3270CA4C
                                  SHA1:6030BAC1F4C8EAEEF37FBECB92420B666FE4C16B
                                  SHA-256:40AF5DA91DF3F41342D62744F1DD0DA407B0A9CF8DCBE727265E73F03497CC35
                                  SHA-512:00C7D2E3E79582CA1740D8C4B625B85E550ACA17A4103EBCBA0C9080F92DD7E0441D890131E617F6E66452EFB12BEBFE399470322C88EE090E43B74A85779003
                                  Malicious:false
                                  Preview:21:00:21.962.ERROR.Socket unable to read..21:00:29.646.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:00:29.656.ERROR.WebSocket connection error getscreen.me/signal/agent..21:02:54.840.INFO.Signaling force websocket stop..21:03:36.544.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:03:47.574.INFO.Socket connected to getscreen.me:443..21:06:02.005.INFO.Signaling force websocket stop..21:06:04.740.ERROR.Socket unable to read..21:06:04.740.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..21:06:04.740.ERROR.WebSocket connection error getscreen.me/signal/agent..21:08:30.033.INFO.Signaling force websocket stop..21:09:16.195.INFO.Signaling start connection to 'getscreen.me/signal/agent'..21:09:24.214.INFO.Socket connected to getscreen.me:443..21:12:09.269.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260629.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1122
                                  Entropy (8bit):4.923874422282025
                                  Encrypted:false
                                  SSDEEP:24:/BGX2tv6WSjDAlAeG+7tvSvbDABwvGHtvv:UXaxSjDcA3gcbDQwuN3
                                  MD5:D35FD264A790FCDE6666F7B97FCCA46B
                                  SHA1:692052C64F50E9E18083B6F6B564663DAA5968C2
                                  SHA-256:80914AE466AFC50B09DA1D22889173E5F670E5E748785434F3D10D9B8D67E1C7
                                  SHA-512:683CBC644B987D38F5E84F5369AE1C4B5219B113F11C96E860C237280A46F5AE1AF448B9F3A9382C2D9D50B8F2FD858D309564D15BCDDCCEBFC068B6614C6CD2
                                  Malicious:false
                                  Preview:00:28:00.232.INFO.Signaling force websocket stop..00:29:43.287.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:29:51.776.INFO.Socket connected to getscreen.me:443..00:32:07.370.INFO.Signaling force websocket stop..00:32:07.641.ERROR.Socket unable to read..00:32:07.641.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:32:07.641.ERROR.WebSocket connection error getscreen.me/signal/agent..00:32:51.010.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:33:52.837.INFO.Socket connected to getscreen.me:443..00:35:02.738.INFO.Signaling force websocket stop..00:35:02.758.ERROR.Socket unable to read..00:35:03.030.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:35:03.030.ERROR.WebSocket connection error getscreen.me/signal/agent..00:36:36.138.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\logs\20260701.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):459
                                  Entropy (8bit):4.966636711307522
                                  Encrypted:false
                                  SSDEEP:6:O7n2XIX+WgIJU8MyMqfOsg3Uud2M0CCQP5K0Cgsg3QDNBQEQYYlUERcWXXIXNLDX:O7n2yOsg3BQj8P40Bsg365bEvChztvvn
                                  MD5:42F883A31E9C99F68C83E68F54BD1D17
                                  SHA1:16501623E5872A7F52C9EEA55A1C80FEB3E50099
                                  SHA-256:A4937B63EA52C86E939ECE5AF84135D717FEE5B37818EF7456216DA56533A3A5
                                  SHA-512:520F8214B655D5E9A8BB9B088413A46B78BF52E0AE073E208093429C0AAA73807245C8B1FE4512376F44FC6A7156CFA5B6E21528A2FEE87039263C087513FBA4
                                  Malicious:false
                                  Preview:03:52:52.194.INFO.Signaling force websocket stop..03:52:56.317.ERROR.Socket unable to read..03:52:56.337.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:52:56.337.ERROR.WebSocket connection error getscreen.me/signal/agent..03:55:10.741.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:55:20.388.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260704.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):450
                                  Entropy (8bit):4.9813244518124575
                                  Encrypted:false
                                  SSDEEP:6:SUm72XIX+WgIJU4VnDHMufdnKHud2M0CCQP5K0CLnKDDNBQEQYsPV2XIX+WgIJUL:SZygxdKOQj8P40GKn5u2I2ChY
                                  MD5:B66A03D485F036F62F48D708ECCA241B
                                  SHA1:CC946B1A7E0FE654227350CF1837D00A1240F311
                                  SHA-256:93BBFF667A70F236CEF5C6BF5950CBD827922A7BB5848E305F8A97639E727BF9
                                  SHA-512:3A11115A705D739E1CDD460F680B0DF0A2DC436032D18F5EDBC28FBF49EC5D9C7F8E8C1701DF6BDDC87887FE7BA26BB626F2896EB5CB4C4701D55CF923453800
                                  Malicious:false
                                  Preview:07:10:32.835.INFO.Signaling force websocket stop..07:10:36.605.ERROR.Socket unable to read..07:10:36.655.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..07:10:36.655.ERROR.WebSocket connection error getscreen.me/signal/agent..07:13:01.836.INFO.Signaling force websocket stop..07:14:15.126.INFO.Signaling start connection to 'getscreen.me/signal/agent'..

                                  C:\ProgramData\Getscreen.me\logs\20260706.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):840
                                  Entropy (8bit):5.00226841053094
                                  Encrypted:false
                                  SSDEEP:24:Mdg9tvpfODAOf5NcrkGRtvKOoxOwDAdbtT:lhWDdhNIZzCNxOwDmpT
                                  MD5:80B1E127C305B396E002FE46343F1469
                                  SHA1:9CDF81053FAD2CB36A151EF2A3BA4468B27D3E4C
                                  SHA-256:B1A922469090888EA71F88BBED7C36324A89613BA62A1A45E13619995736C59E
                                  SHA-512:2517E5064EDCAEE3B55BB885F2BB92B1E4B234741E15E9CF382AEFEAF09CF9502B6BA781745553C86524CFF04A1C6A642E995EF712F1E67A44EE2F19C42B9BB8
                                  Malicious:false
                                  Preview:10:28:42.791.INFO.Signaling force websocket stop..10:28:43.745.INFO.Socket connected to getscreen.me:443..10:30:03.983.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:30:03.983.ERROR.WebSocket connection error getscreen.me/signal/agent..10:32:29.272.INFO.Signaling force websocket stop..10:32:58.672.INFO.Signaling start connection to 'getscreen.me/signal/agent'..10:33:07.404.INFO.Socket connected to getscreen.me:443..10:35:24.594.INFO.Signaling force websocket stop..10:35:24.765.ERROR.Socket unable to read..10:35:24.775.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..10:35:27.859.ERROR.WebSocket connection error getscreen.me/signal/agent..

                                  C:\ProgramData\Getscreen.me\logs\20260708.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):719
                                  Entropy (8bit):4.97560240115966
                                  Encrypted:false
                                  SSDEEP:12:FNn2KtChzJ2tvvP4LKIs6Qj8P40zb5SKDjmChzmLQTtvvn:T2kGzJ2tvX4LRs6DAUtSPGzmLstvv
                                  MD5:3D297D25EA60EA55D3A122CA86165409
                                  SHA1:DEB0B94D486996C121E21DCF9858CD81901328AD
                                  SHA-256:E39B68243650C2C00C2926C0CD6B6D5759D7765C736964D4219D3E253CF62E45
                                  SHA-512:BB00D65BC5F472A3F4B3046EAA62BF8F9C6489CB6E813A0578425BE5C870CB26C93E33ED58C8D531061D4E9483B4BCEA3C0CEF74280A44F09CB694F997F01112
                                  Malicious:false
                                  Preview:13:50:48.416.INFO.Signaling force websocket stop..13:51:14.737.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:51:18.996.INFO.Socket connected to getscreen.me:443..13:54:20.021.INFO.Signaling force websocket stop..13:54:20.062.ERROR.Socket unable to read..13:54:20.062.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..13:54:20.062.ERROR.WebSocket connection error getscreen.me/signal/agent..13:56:44.928.INFO.Signaling force websocket stop..13:56:44.965.INFO.Signaling start connection to 'getscreen.me/signal/agent'..13:56:52.323.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260710.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2259
                                  Entropy (8bit):5.004260700162194
                                  Encrypted:false
                                  SSDEEP:48:kDsa2lI1YdY6DsTYt9izDkrtiagDKjoZnd2DEe:o2T9jpvUbXe
                                  MD5:6AE2A2F6C89B3C9366AEAB35DF8FB095
                                  SHA1:D5069F68BF204E6718AD09FD1BAE7BBDB25AF7E3
                                  SHA-256:4B45606CAC5B5BFCAC8B8C171CE2ABCF2C5AA39C3AEB9ED630AAD4170734DF5C
                                  SHA-512:73AE3E3D19C331C484B6A3F5472E0AF97B06D751BC3B746B4735D9C41B15A8F86925F06A2716816DBF6A92C413E72C15FBE7D77A079FB0D1C0CAD57A3FF36CFD
                                  Malicious:false
                                  Preview:17:12:03.104.INFO.Signaling force websocket stop..17:12:07.165.ERROR.Socket unable to read..17:12:07.195.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:12:07.195.ERROR.WebSocket connection error getscreen.me/signal/agent..17:13:54.295.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:14:01.479.INFO.Socket connected to getscreen.me:443..17:16:18.241.INFO.Signaling force websocket stop..17:16:18.311.ERROR.Socket unable to read..17:16:18.311.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..17:16:18.311.ERROR.WebSocket connection error getscreen.me/signal/agent..17:18:15.760.INFO.Signaling start connection to 'getscreen.me/signal/agent'..17:19:18.679.INFO.Socket connected to getscreen.me:443..17:20:29.709.INFO.Signaling force websocket stop..17:20:29.829.ERROR.Socket

                                  C:\ProgramData\Getscreen.me\logs\20260712.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):204
                                  Entropy (8bit):4.750983712759852
                                  Encrypted:false
                                  SSDEEP:6:mfWo2XIX+WgIJUL35Hs2XIXNLD4EQjyrn2dzvRWl8Rvvn:mfWo2V353Ch+62tvvn
                                  MD5:5A7EDD93B2A45D5531EAB9170F3FDA72
                                  SHA1:E3BBEEFB392BAAB2A1E7EB983FF7B89718A8E502
                                  SHA-256:6B9D8592E56E8A14EF8AD76D1B896DD50BEF8475A7241CA496810EDE4F11D687
                                  SHA-512:6CB5255513E5730F08E78A3FA185B078DB3A79F7EE786DFF3325A56CA6EE3964A4298C196D6C5F7138FB303E7EDBB5E0D3496AA6290D3889C48E9C0800B28DB9
                                  Malicious:false
                                  Preview:20:47:37.204.INFO.Signaling force websocket stop..20:47:39.705.INFO.Signaling start connection to 'getscreen.me/signal/agent'..20:47:48.736.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260714.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):974
                                  Entropy (8bit):4.931975611269689
                                  Encrypted:false
                                  SSDEEP:12:JKjm/0Qj8P40N5N1TKChV32tvvC2qQj8P40kb5AChbQtvvn:JKiMDAqHOGEtv9qDAttAGbQtvv
                                  MD5:EFD005CBB60A5A79F5788C222034AEB7
                                  SHA1:BE3F90D4AC84F44F14CFF95BF68F0C816858228F
                                  SHA-256:1EDC5748FBBCA2BB5C1A66E53611A647E45413D51CE5EB7DB85583AFFFC8AA7F
                                  SHA-512:E501F3D6A36BB5D7B356D2B5B08B9C643E9214427870F704306F7D1B32559964F5A6EE59BA3A53C1149EAE5AF98725E102F31A3C4ACAF75B5263899BF5C01660
                                  Malicious:false
                                  Preview:00:02:54.888.INFO.Signaling force websocket stop..00:02:58.289.ERROR.Socket unable to read..00:02:58.299.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:02:58.299.ERROR.WebSocket connection error getscreen.me/signal/agent..00:05:23.618.INFO.Signaling force websocket stop..00:05:46.010.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:05:50.034.INFO.Socket connected to getscreen.me:443..00:08:10.734.INFO.Signaling force websocket stop..00:08:10.995.ERROR.Socket unable to read..00:08:11.025.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..00:08:12.438.ERROR.WebSocket connection error getscreen.me/signal/agent..00:09:47.392.INFO.Signaling start connection to 'getscreen.me/signal/agent'..00:09:47.449.INFO.Socket connected to getscreen.me:443..

                                  C:\ProgramData\Getscreen.me\logs\20260716.log

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1206
                                  Entropy (8bit):5.0081312400559375
                                  Encrypted:false
                                  SSDEEP:24:ODEtwtjDAB982GTRtvwvr2vyDAGFGIqGOtvVxwEDA2:OIAjDO8vnIj8yD9F1rigEDL
                                  MD5:D61D2B871ADCE8E5C37820D965ABC65F
                                  SHA1:B95CC10FA1662F9F1F3212B12F488E95649589CF
                                  SHA-256:DA37827CF0190274D5F920B0F78B38653C6174ADD84F8A47104E462338BAC878
                                  SHA-512:990A1B91ED8DB20E212977B727FF1658F0E5EAC9677A78D33086CEB6685375B87DFFA95DC66ACFC911C22A51F49C4BFCCE939A0491209E19710E079B691239F5
                                  Malicious:false
                                  Preview:03:26:14.772.INFO.Signaling force websocket stop..03:26:18.173.ERROR.Socket unable to read..03:26:18.173.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:26:18.174.ERROR.WebSocket connection error getscreen.me/signal/agent..03:27:29.596.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:27:29.834.INFO.Socket connected to getscreen.me:443..03:29:55.216.INFO.Signaling force websocket stop..03:29:55.596.ERROR.Socket unable to read..03:29:55.647.ERROR.SSL handshake error: error:00000000:invalid library (0):OPENSSL_internal:invalid library (0)..03:29:55.647.ERROR.WebSocket connection error getscreen.me/signal/agent..03:32:09.494.INFO.Signaling force websocket stop..03:32:59.209.INFO.Signaling start connection to 'getscreen.me/signal/agent'..03:33:03.904.INFO.Socket connected to getscreen.me:443..03:35:24.017.INFO.Signalin

                                  C:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):16777512
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3::
                                  MD5:8CCA8765BA082ECC53E001B1D237A8EE
                                  SHA1:DE616FFC2282B6E4D6D2EC1524DCBE2CD8F270F7
                                  SHA-256:46D9D79B8BE089ABF16344F1E491613D6710B051EC184A69AC183C349BD71746
                                  SHA-512:9D884A535930529684E88DDB3AEA26964A5CA984CC07DE6EFE2BFDA6CA5F5D437C521E61ACED07E9379A8337BB1892F13CA67592D8E1E6673CCDBBD89E17DE40
                                  Malicious:false
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                  Category:dropped
                                  Size (bytes):3654448
                                  Entropy (8bit):7.931174322956857
                                  Encrypted:false
                                  SSDEEP:98304:I2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5Np:I2ez4o0OmyVnvKLd
                                  MD5:5ACB80C387B2A64A4D8BDC6E8489F7E9
                                  SHA1:B9E83C5233E7A0855F042B51E0C7AF3F395AB0F4
                                  SHA-256:4691D20ED62DB34297C5382277560DD830AFA23A3506468DD3F97CA1E5B635E5
                                  SHA-512:5BD0C3860C79840FABE8B3CA8008E8667F0D22D1DAD03F03CEEE44D9A1366CC99BCB2C9CAB8770E0A5D930F2D19C593ECD5F29E7A96663901C12E9402F8D1F22
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  • Antivirus: Virustotal, Detection: 1%, Browse
                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD.D)(AD.EE5(AD9WEE.(AD-(AD./ADfPFE,(AD.BE3(AD.DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(AD>.AE,(AD>..D,(AD-(.D,(AD>.CE,(ADRich-(AD........................PE..L..../.f...............(.P7..P....=..)u...=..0u...@...........................u.......8...@..............................U..Pju......0u.P:............7.0/...qu. ............................+u.....<,u.............................................UPX0......=.............................UPX1.....P7...=..N7.................@....rsrc....P...0u..B...R7.............@..............................................................................................................................................................................................................................................................................................................4.22.UPX!....

                                  C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe:Zone.Identifier

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):26
                                  Entropy (8bit):3.95006375643621
                                  Encrypted:false
                                  SSDEEP:3:ggPYV:rPYV
                                  MD5:187F488E27DB4AF347237FE461A079AD
                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                  Malicious:true
                                  Preview:[ZoneTransfer]....ZoneId=0

                                  C:\Users\user\AppData\Local\Getscreen.me\folder\settings.dat

                                  Download File
                                  Process:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):64
                                  Entropy (8bit):5.84375
                                  Encrypted:false
                                  SSDEEP:3:Bv2CCvme6VETIOMpFl8g:zC+e6V6ROFz
                                  MD5:D746FDC4AEF3FF8B787ACE1EC13A2F01
                                  SHA1:5D4D3AF617F0A82119CA3A748A622A5BF55C63BF
                                  SHA-256:72DE650EE024BD79D211C95C76B5469A38284E8730682CE570ADD62FFB1381FC
                                  SHA-512:2715D98B7AAAFF13E5545B18BAE477B6A671C1091ED1660566C5B4BE238E73D83DE849E49EA47C7E844F099A37774063B49BF4DB10187CFAA63278F1C358FF51
                                  Malicious:false
                                  Preview:...J.+.q....:.O...5..g.T....h......,.6.<.....2.8UO..u.C/.A{;

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                  Entropy (8bit):7.931174322956857
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.66%
                                  • UPX compressed Win32 Executable (30571/9) 0.30%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:getscreen-941605629-x86.exe
                                  File size:3'654'448 bytes
                                  MD5:5acb80c387b2a64a4d8bdc6e8489f7e9
                                  SHA1:b9e83c5233e7a0855f042b51e0c7af3f395ab0f4
                                  SHA256:4691d20ed62db34297c5382277560dd830afa23a3506468dd3f97ca1e5b635e5
                                  SHA512:5bd0c3860c79840fabe8b3ca8008e8667f0d22d1dad03f03ceee44d9a1366cc99bcb2c9cab8770e0a5d930f2d19c593ecd5f29e7a96663901c12e9402f8d1f22
                                  SSDEEP:98304:I2WbzRq8h0oEPel9/DLRAHyGBydPnYMJojL5Np:I2ez4o0OmyVnvKLd
                                  TLSH:C10633E1ED6939A1D33D5CB8111B56BD73FAA03658FE23C78A1D9B219E347028F62113
                                  File Content Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......iI/.-(AD-(AD-(ADfPBE.(AD...D)(AD..EE5(AD9WEE.(AD-(AD./ADfPFE,(AD..BE3(AD..DE](ADfPEE.(ADfPDE.(ADfPGE/(ADfP@En(AD-(@D.*AD>.HE.(A

                                  File Icon

                                  Icon Hash:418c6963696c9643

                                  Static PE Info

                                  General

                                  Entrypoint:0x1b529e0
                                  Entrypoint Section:UPX1
                                  Digitally signed:true
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x66912FD6 [Fri Jul 12 13:29:58 2024 UTC]
                                  TLS Callbacks:0x1b52bd3
                                  CLR (.Net) Version:
                                  OS Version Major:6
                                  OS Version Minor:0
                                  File Version Major:6
                                  File Version Minor:0
                                  Subsystem Version Major:6
                                  Subsystem Version Minor:0
                                  Import Hash:26c6aff4250b45d1c4ee6d86013ea70c

                                  Authenticode Signature

                                  Signature Valid:true
                                  Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                  Signature Validation Error:The operation completed successfully
                                  Error Number:0
                                  Not Before, Not After
                                  • 28/05/2024 15:50:28 28/06/2026 16:36:10
                                  Subject Chain
                                  • CN=POINT B LTD, O=POINT B LTD, L=Limassol, S=Limassol, C=CY, OID.1.3.6.1.4.1.311.60.2.1.3=CY, SERIALNUMBER=HE 430957, OID.2.5.4.15=Private Organization
                                  Version:3
                                  Thumbprint MD5:9B083870477F4699693EEECABF351BF8
                                  Thumbprint SHA-1:B3C999E29AED18DEA59733F3CAA94E788B1AC3A1
                                  Thumbprint SHA-256:3E73B7C28C18DC6A03B9816F200365F1DF1FF80A7BD0D55DB920F1B24BBD74E7
                                  Serial:7AE0E9C1CFE2DCE0E21C4327

                                  Entrypoint Preview

                                  Instruction
                                  pushad
                                  mov esi, 017DE000h
                                  lea edi, dword ptr [esi-013DD000h]
                                  push edi
                                  or ebp, FFFFFFFFh
                                  jmp 00007FE440B297E2h
                                  nop
                                  nop
                                  nop
                                  nop
                                  nop
                                  nop
                                  mov al, byte ptr [esi]
                                  inc esi
                                  mov byte ptr [edi], al
                                  inc edi
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  jc 00007FE440B297BFh
                                  mov eax, 00000001h
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  adc eax, eax
                                  add ebx, ebx
                                  jnc 00007FE440B297DDh
                                  jne 00007FE440B297FAh
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  jc 00007FE440B297F1h
                                  dec eax
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  adc eax, eax
                                  jmp 00007FE440B297A6h
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  adc ecx, ecx
                                  jmp 00007FE440B29824h
                                  xor ecx, ecx
                                  sub eax, 03h
                                  jc 00007FE440B297E3h
                                  shl eax, 08h
                                  mov al, byte ptr [esi]
                                  inc esi
                                  xor eax, FFFFFFFFh
                                  je 00007FE440B29847h
                                  sar eax, 1
                                  mov ebp, eax
                                  jmp 00007FE440B297DDh
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  jc 00007FE440B2979Eh
                                  inc ecx
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  jc 00007FE440B29790h
                                  add ebx, ebx
                                  jne 00007FE440B297D9h
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  adc ecx, ecx
                                  add ebx, ebx
                                  jnc 00007FE440B297C1h
                                  jne 00007FE440B297DBh
                                  mov ebx, dword ptr [esi]
                                  sub esi, FFFFFFFCh
                                  adc ebx, ebx
                                  jnc 00007FE440B297B6h
                                  add ecx, 02h
                                  cmp ebp, FFFFFB00h
                                  adc ecx, 02h
                                  lea edx, dword ptr [eax+eax]

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x820d900x5500UPX0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1756a500x6c0.rsrc
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x17530000x3a50.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x3794000x2f30UPX0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x17571100x20.rsrc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x1752bf40x18UPX1
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1752c3c0xc0UPX1
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  UPX00x10000x13dd0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  UPX10x13de0000x3750000x374e00a216f7d1a8e4e14b94fdfbca52f7b652unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x17530000x50000x42005871e1397e577651929aa76b50980e16False0.4675662878787879data5.104875966236682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  AFX_DIALOG_LAYOUT0x168ca980x2ASCII text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168caa00x2Non-ISO extended-ASCII text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cb080x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x16d4db00x2ASCII text, with no line terminators5.0
                                  AFX_DIALOG_LAYOUT0x168caa80x2ISO-8859 text, with CR line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cb000x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cb100x2aDOS executable (COM, 0x8C-variant)RussianRussia1.2142857142857142
                                  AFX_DIALOG_LAYOUT0x168cb400x22dataRussianRussia1.2647058823529411
                                  AFX_DIALOG_LAYOUT0x168cb680x22dataRussianRussia1.2647058823529411
                                  AFX_DIALOG_LAYOUT0x168cb900x22dataRussianRussia1.2647058823529411
                                  AFX_DIALOG_LAYOUT0x168cbb80x22dataRussianRussia1.2647058823529411
                                  AFX_DIALOG_LAYOUT0x168cbe00x2adataRussianRussia1.2142857142857142
                                  AFX_DIALOG_LAYOUT0x168cc100x2ASCII text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc280x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc200x2dataRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc180x2ASCII textRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc300x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc380x2ASCII text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc400x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x16d4ff00x2ISO-8859 text, with no line terminatorsEnglishUnited States5.0
                                  AFX_DIALOG_LAYOUT0x168cc480x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc500x2dataRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc580x2dataRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc600x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc680x2dataRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc700x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cab00x42dataRussianRussia1.1666666666666667
                                  AFX_DIALOG_LAYOUT0x168caf80x2ISO-8859 text, with no line terminatorsRussianRussia5.0
                                  AFX_DIALOG_LAYOUT0x168cc780x2ISO-8859 text, with no line terminators, with overstrikingRussianRussia5.0
                                  INI0x16d3a180xadataRussianRussia1.8
                                  LANG0x16ace600x1b82dataRussianRussia0.8660891792104516
                                  LANG0x16ae9e80x26fbdataRussianRussia0.950796673013328
                                  LANG0x16b10e80x1e2bdataRussianRussia0.9835556131037162
                                  LANG0x16b2f180x1e5ddataRussianRussia0.9994853981731635
                                  LANG0x16b4d780x1ca1dataRussianRussia0.9953608950743621
                                  LANG0x16b6a200x21fddataRussianRussia0.983794966095851
                                  LANG0x16b8c200x1de4dataRussianRussia0.9225039205436487
                                  LANG0x16baa080x1a50dataRussianRussia0.962143705463183
                                  LANG0x16bc4580x1d25dataRussianRussia0.9987937273823885
                                  LANG0x16be1800x1e03dataRussianRussia0.9980476376415462
                                  LANG0x16e7c380x1ddcdataEnglishUnited States0.9955520669806384
                                  OPUS0x16bff880xa5e5dataRussianRussia0.9886505451034873
                                  OPUS0x16ca5700x94a4dataRussianRussia0.978082623777988
                                  RT_ICON0x168cc800x139dataRussianRussia1.035143769968051
                                  RT_ICON0x168cdc00x1efdataRussianRussia1.0222222222222221
                                  RT_ICON0x168cfb00x225dataRussianRussia1.0200364298724955
                                  RT_ICON0x168d1d80x26bOpenPGP Public KeyRussianRussia1.0177705977382876
                                  RT_ICON0x168d4480x326dataRussianRussia1.0136476426799008
                                  RT_ICON0x168d7700x402dataRussianRussia1.010721247563353
                                  RT_ICON0x17550f00x13bPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedRussianRussia1.034920634920635
                                  RT_ICON0x17552300x1c5PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedRussianRussia1.0242825607064017
                                  RT_ICON0x17553fc0x1eePNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedRussianRussia1.0222672064777327
                                  RT_ICON0x17555f00x253PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedRussianRussia1.0184873949579831
                                  RT_ICON0x17558480x2e7PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedRussianRussia1.0148048452220726
                                  RT_ICON0x1755b340x3adPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedRussianRussia1.0116896918172158
                                  RT_ICON0x168ea200xacdataRussianRussia1.063953488372093
                                  RT_ICON0x168eae80x159dataRussianRussia1.0318840579710145
                                  RT_ICON0x168ec480x1e6dataRussianRussia1.022633744855967
                                  RT_ICON0x168ee300x1f6dataRussianRussia1.0219123505976095
                                  RT_ICON0x168f0280x26ddataRussianRussia1.0177133655394526
                                  RT_ICON0x168f2980x31bdataRussianRussia1.0138364779874214
                                  RT_ICON0x168f5b80x3e7dataRussianRussia1.011011011011011
                                  RT_ICON0x168fa000xddDOS executable (COM)RussianRussia1.0497737556561086
                                  RT_ICON0x168faf80x10fdataRussianRussia1.040590405904059
                                  RT_ICON0x168fc200x25a8dataRussianRussia0.999896265560166
                                  RT_ICON0x16921e00x12ddataRussianRussia1.0365448504983388
                                  RT_ICON0x16923280x106dataRussianRussia1.0419847328244274
                                  RT_ICON0x16924480x109dataRussianRussia1.0415094339622641
                                  RT_ICON0x16925700x171dataRussianRussia1.029810298102981
                                  RT_ICON0x16927000x109ddataRussianRussia1.0025864095932282
                                  RT_ICON0x16937b80xdd9dataRussianRussia1.0031029619181946
                                  RT_ICON0x16945b00xc0edataRussianRussia1.0035644847699288
                                  RT_ICON0x16951d80xb91dataRussianRussia1.0037149611617697
                                  RT_ICON0x1695d880xdd9dataRussianRussia1.0031029619181946
                                  RT_ICON0x1696b800x11cdataRussianRussia1.0387323943661972
                                  RT_ICON0x1696cb80x116dataRussianRussia1.039568345323741
                                  RT_ICON0x1696de80x1c4dataRussianRussia1.0243362831858407
                                  RT_ICON0x1696fc80x1a1dataRussianRussia1.026378896882494
                                  RT_ICON0x16971880x182dataRussianRussia1.028497409326425
                                  RT_ICON0x16973280x222dataRussianRussia1.02014652014652
                                  RT_ICON0x16975680x11fOpenPGP Secret KeyRussianRussia1.038327526132404
                                  RT_ICON0x16976a00x103dataRussianRussia1.0424710424710424
                                  RT_ICON0x16977c00x1588dataRussianRussia1.0019956458635704
                                  RT_ICON0x1698d600x580dataRussianRussia1.0078125
                                  RT_ICON0x16992f80x988dataRussianRussia1.0045081967213114
                                  RT_ICON0x1699c980x25a8dataRussianRussia0.9986514522821577
                                  RT_ICON0x169c2580x10828dataRussianRussia0.9908316573997398
                                  RT_ICON0x16d3a280x163data1.0309859154929577
                                  RT_ICON0x16d3b900x20ddata1.020952380952381
                                  RT_ICON0x16d3da00x21bdata1.0148423005565863
                                  RT_ICON0x16d3fc00x282data1.017133956386293
                                  RT_ICON0x16d42480x33cdata1.0132850241545894
                                  RT_ICON0x16d45880x413data1.0105465004793863
                                  RT_ICON0x16d4a000x152data0.9792899408284024
                                  RT_ICON0x16d4ff80x10a8dataEnglishUnited States0.9798311444652908
                                  RT_ICON0x16d60b80x988dataEnglishUnited States1.0045081967213114
                                  RT_ICON0x16d6a580x988dataEnglishUnited States0.9721311475409836
                                  RT_ICON0x16d73f80x10828dataEnglishUnited States0.9158286998698687
                                  RT_MENU0x16d4b700xf8data1.0161290322580645
                                  RT_MENU0x16acd200xd2dataRussianRussia1.0523809523809524
                                  RT_MENU0x16acdf80x66dataRussianRussia1.088235294117647
                                  RT_MENU0x16d4c680x46data1.1571428571428573
                                  RT_DIALOG0x168a0f00x490dataRussianRussia1.009417808219178
                                  RT_DIALOG0x168a5800x78dataRussianRussia1.0916666666666666
                                  RT_DIALOG0x16d4cb00x100data0.9765625
                                  RT_DIALOG0x168a5f80x1f8dataRussianRussia1.0218253968253967
                                  RT_DIALOG0x168acb00x190dataRussianRussia1.0275
                                  RT_DIALOG0x168ae400x154dataRussianRussia1.0323529411764707
                                  RT_DIALOG0x168af980xf4dataRussianRussia1.0450819672131149
                                  RT_DIALOG0x168b0900x12cdataRussianRussia1.0366666666666666
                                  RT_DIALOG0x168b1c00x110dataRussianRussia1.0404411764705883
                                  RT_DIALOG0x168b2d00x128dataRussianRussia1.037162162162162
                                  RT_DIALOG0x168b3f80x154dataRussianRussia1.0323529411764707
                                  RT_DIALOG0x168b5500x7edataRussianRussia1.0873015873015872
                                  RT_DIALOG0x168b8080x148dataRussianRussia1.0335365853658536
                                  RT_DIALOG0x168b7380xd0dataRussianRussia1.0528846153846154
                                  RT_DIALOG0x168b5d00x164dataRussianRussia1.0308988764044944
                                  RT_DIALOG0x168b9500x14cdataRussianRussia1.033132530120482
                                  RT_DIALOG0x168baa00x1f0dataRussianRussia1.0221774193548387
                                  RT_DIALOG0x168bc900x284dataRussianRussia1.0170807453416149
                                  RT_DIALOG0x16d4db80x232dataEnglishUnited States1.019572953736655
                                  RT_DIALOG0x168bf180x182dataRussianRussia1.0129533678756477
                                  RT_DIALOG0x168c0a00x68dataRussianRussia1.1057692307692308
                                  RT_DIALOG0x168c1080x1f8DOS executable (COM, 0x8C-variant)RussianRussia1.0218253968253967
                                  RT_DIALOG0x168c3000x218dataRussianRussia1.0205223880597014
                                  RT_DIALOG0x168c5180x2badataRussianRussia1.015759312320917
                                  RT_DIALOG0x168c7d80x242dataRussianRussia1.019031141868512
                                  RT_DIALOG0x168a7f00x21cdataRussianRussia1.0203703703703704
                                  RT_DIALOG0x168aa100x29adataRussianRussia1.0165165165165164
                                  RT_DIALOG0x168ca200x72OpenPGP Secret KeyRussianRussia1.0964912280701755
                                  RT_STRING0x16e9a180x38dataRussianRussia1.1964285714285714
                                  RT_GROUP_ICON0x1755ee80x5adataRussianRussia0.8
                                  RT_GROUP_ICON0x168db780x5adataRussianRussia1.1222222222222222
                                  RT_GROUP_ICON0x16d49a00x5adata1.1222222222222222
                                  RT_GROUP_ICON0x16977a80x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x168ead00x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x168f9a00x5adataRussianRussia1.1222222222222222
                                  RT_GROUP_ICON0x1698d480x14Non-ISO extended-ASCII text, with CR line terminatorsRussianRussia1.45
                                  RT_GROUP_ICON0x168fae00x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x168fc080x14dataRussianRussia1.2
                                  RT_GROUP_ICON0x16921c80x14Non-ISO extended-ASCII text, with LF, NEL line terminatorsRussianRussia1.4
                                  RT_GROUP_ICON0x16d4b580x14Non-ISO extended-ASCII text, with no line terminators1.4
                                  RT_GROUP_ICON0x16923100x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x16924300x14locale data tableRussianRussia1.4
                                  RT_GROUP_ICON0x16925580x14International EBCDIC text, with NEL line terminatorsRussianRussia1.45
                                  RT_GROUP_ICON0x16926e80x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x16937a00x14Non-ISO extended-ASCII text, with no line terminators, with overstrikingRussianRussia1.45
                                  RT_GROUP_ICON0x16945980x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16951c00x14Non-ISO extended-ASCII text, with no line terminatorsRussianRussia1.4
                                  RT_GROUP_ICON0x1695d700x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x1696b680x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x1696ca00x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x1696dd00x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x1696fb00x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16971700x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16973100x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16975500x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16976880x14dataRussianRussia1.4
                                  RT_GROUP_ICON0x16992e00x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x1699c800x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16d60a00x14dataEnglishUnited States1.45
                                  RT_GROUP_ICON0x169c2400x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16aca800x14dataRussianRussia1.45
                                  RT_GROUP_ICON0x16d6a400x14dataEnglishUnited States1.4
                                  RT_GROUP_ICON0x16d73e00x14dataEnglishUnited States1.45
                                  RT_GROUP_ICON0x16e7c200x14dataEnglishUnited States1.45
                                  RT_VERSION0x1755f480x284dataRussianRussia0.468944099378882
                                  RT_MANIFEST0x17561d00x87fXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2115), with CRLF line terminatorsEnglishUnited States0.31264367816091954

                                  Imports

                                  DLLImport
                                  ADVAPI32.dllFreeSid
                                  COMCTL32.dll_TrackMouseEvent
                                  d3d11.dllD3D11CreateDevice
                                  dbghelp.dllStackWalk
                                  dxgi.dllCreateDXGIFactory1
                                  GDI32.dllLineTo
                                  gdiplus.dllGdipFree
                                  IPHLPAPI.DLLGetIfEntry2
                                  KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                  MPR.dllWNetGetConnectionW
                                  msdmo.dllMoInitMediaType
                                  NETAPI32.dllNetUserGetInfo
                                  ntdll.dllRtlGetVersion
                                  NTDSAPI.dllDsMakeSpnW
                                  ole32.dllOleCreate
                                  OLEAUT32.dllSysFreeString
                                  POWRPROF.dllPowerGetActiveScheme
                                  RPCRT4.dllUuidEqual
                                  SAS.dllSendSAS
                                  Secur32.dllFreeCredentialsHandle
                                  SHELL32.dll
                                  SHLWAPI.dllPathFileExistsA
                                  USER32.dllGetDC
                                  USERENV.dllCreateEnvironmentBlock
                                  UxTheme.dllIsThemeActive
                                  VERSION.dllVerQueryValueW
                                  WINHTTP.dllWinHttpOpen
                                  WINMM.dllwaveInOpen
                                  WINSPOOL.DRVGetPrinterW
                                  WS2_32.dllWSASetLastError
                                  WTSAPI32.dllWTSFreeMemory

                                  Possible Origin

                                  Language of compilation systemCountry where language is spokenMap
                                  RussianRussia
                                  EnglishUnited States

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 3, 2024 09:54:58.175260067 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.175285101 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.175360918 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.175960064 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.175972939 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.797261000 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.806835890 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.806849957 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.808022976 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.808104038 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.810568094 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.810633898 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.810688019 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:58.810698032 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:58.851629019 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:59.114105940 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:59.114175081 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:59.114373922 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:59.284704924 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:59.284734964 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:54:59.284859896 CEST49706443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:54:59.284866095 CEST443497065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:10.294807911 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:10.294858932 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:10.294948101 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:10.295228004 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:10.295243979 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.844806910 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.845307112 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:11.845339060 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.846338034 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.846410036 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:11.847429037 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:11.847492933 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.847547054 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:11.847556114 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:11.898530960 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:12.163048029 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:12.163115025 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:12.163275957 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:12.165867090 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:12.165875912 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:12.165925026 CEST49707443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:12.165929079 CEST443497075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.211966991 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.212007999 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.212096930 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.212416887 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.212431908 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.826924086 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.827498913 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.827507019 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.828383923 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.828449965 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.829415083 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.829458952 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.829612970 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:30.829617977 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:30.882937908 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:31.148902893 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:31.148976088 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:31.149077892 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:31.151663065 CEST49715443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:31.151681900 CEST443497155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.168970108 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.169008017 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.169130087 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.169413090 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.169425964 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.802242994 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.802735090 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.802757025 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.803766966 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.803924084 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.804786921 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.804840088 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.804893970 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:37.804899931 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:37.851843119 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:38.130398035 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:38.130505085 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:38.130563021 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:38.133385897 CEST49716443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:38.133400917 CEST443497165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.004837990 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.004873037 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.004941940 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.005167007 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.005178928 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.631580114 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.632010937 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.632033110 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.633054972 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.633223057 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.634098053 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.634171963 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.634229898 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.634236097 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.680011034 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.943108082 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.943180084 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:55:48.943234921 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.945234060 CEST49717443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:55:48.945252895 CEST443497175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.184231043 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.184279919 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.184376001 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.184675932 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.184689045 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.792224884 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.792630911 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.792646885 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.793643951 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.793698072 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.794595003 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.794656038 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.794706106 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:02.794711113 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:02.836172104 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:03.105818987 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:03.105906963 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:03.105962992 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:03.108634949 CEST49719443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:03.108663082 CEST443497195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:04.684556961 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:04.684598923 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:04.684693098 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:04.685300112 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:04.685313940 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.305629969 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.306078911 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.306099892 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.307126999 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.307190895 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.308108091 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.308166981 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.308223963 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.308229923 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.351911068 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.622766018 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.622852087 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:05.622908115 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.624816895 CEST49720443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:05.624838114 CEST443497205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.340131044 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.340178013 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.340348959 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.340517044 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.340531111 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.958120108 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.959666014 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.959702969 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.960752964 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.960825920 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.962099075 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.962158918 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:09.962208033 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:09.962214947 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:10.008084059 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:10.443794012 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:10.443890095 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:10.446434975 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:10.446482897 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:10.446580887 CEST49721443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:10.446589947 CEST443497215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.043369055 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.043411970 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.043524981 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.043773890 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.043780088 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.681763887 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.682184935 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.682199955 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.683245897 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.683315992 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.684230089 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.684298992 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.684354067 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:14.684361935 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:14.727108002 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:15.004316092 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:15.004422903 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:15.004544020 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:15.006607056 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:15.006628036 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:15.006673098 CEST49722443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:15.006680012 CEST443497225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:18.949738026 CEST49723443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.949776888 CEST443497235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:18.949840069 CEST49723443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.950112104 CEST49723443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.950128078 CEST443497235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:18.956048965 CEST49723443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.980364084 CEST49724443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.980386972 CEST443497245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:18.980452061 CEST49724443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.980693102 CEST49724443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.980706930 CEST443497245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:18.986603022 CEST49724443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:18.996498108 CEST443497235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.011629105 CEST49725443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.011650085 CEST443497255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.011723995 CEST49725443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.011960983 CEST49725443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.011970997 CEST443497255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.017957926 CEST49725443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.032495975 CEST443497245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.042438984 CEST49726443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.042453051 CEST443497265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.042516947 CEST49726443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.042813063 CEST49726443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.042825937 CEST443497265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.049158096 CEST49726443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.064496994 CEST443497255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.073822021 CEST49727443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.073839903 CEST443497275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.073894978 CEST49727443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.074126959 CEST49727443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.074139118 CEST443497275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.080619097 CEST49727443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.096503973 CEST443497265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.106100082 CEST49728443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.106129885 CEST443497285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.106197119 CEST49728443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.106466055 CEST49728443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.106478930 CEST443497285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.113358021 CEST49728443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.128500938 CEST443497275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.145442963 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.145473957 CEST443497295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.145534039 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.145782948 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.145801067 CEST443497295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.152544022 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.156503916 CEST443497285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.183361053 CEST49730443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.183393002 CEST443497305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.183499098 CEST49730443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.183769941 CEST49730443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.183779955 CEST443497305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.190926075 CEST49730443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.200501919 CEST443497295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.214592934 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.214621067 CEST443497315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.214684963 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.214930058 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.214941978 CEST443497315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.222327948 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.232491970 CEST443497305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.246670961 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.246680975 CEST443497325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.246746063 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.246999025 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.247009993 CEST443497325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.252624035 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.268515110 CEST443497315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.277291059 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.277313948 CEST443497335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.277388096 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.277622938 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.277633905 CEST443497335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.281363010 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.300508022 CEST443497325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.310425043 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.310440063 CEST443497345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.310509920 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.310726881 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.310738087 CEST443497345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.318043947 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.328504086 CEST443497335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.339478016 CEST49735443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.339488029 CEST443497355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.339572906 CEST49735443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.339793921 CEST49735443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.339802027 CEST443497355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.344757080 CEST49735443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.364497900 CEST443497345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.370840073 CEST49736443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.370846987 CEST443497365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.370928049 CEST49736443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.371201038 CEST49736443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.371211052 CEST443497365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.377059937 CEST49736443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.392503023 CEST443497355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.405441046 CEST49737443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.405452967 CEST443497375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.405513048 CEST49737443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.405742884 CEST49737443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.405752897 CEST443497375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.420504093 CEST443497365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.426460028 CEST49737443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.452971935 CEST49738443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.452982903 CEST443497385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.453043938 CEST49738443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.453296900 CEST49738443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.453308105 CEST443497385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.468501091 CEST443497375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.471714020 CEST49738443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.499301910 CEST49739443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.499313116 CEST443497395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.499377012 CEST49739443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.499774933 CEST49739443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.499783993 CEST443497395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.503509045 CEST49739443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.516501904 CEST443497385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.548502922 CEST443497395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.561809063 CEST49740443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.561827898 CEST443497405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.561891079 CEST49740443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.562289953 CEST49740443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.562302113 CEST443497405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.582989931 CEST49740443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.588618040 CEST443497245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.588675022 CEST49724443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.595992088 CEST443497235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.596049070 CEST49723443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.608071089 CEST49741443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.608082056 CEST443497415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.608139038 CEST49741443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.608388901 CEST49741443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.608400106 CEST443497415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.611970901 CEST49741443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.623991013 CEST443497255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.624044895 CEST49725443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.624511003 CEST443497405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.637849092 CEST49742443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.637856960 CEST443497425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.637926102 CEST49742443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.638184071 CEST49742443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.638192892 CEST443497425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.643367052 CEST49742443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.656502008 CEST443497415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.669167995 CEST49743443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.669188976 CEST443497435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.669255018 CEST49743443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.669549942 CEST49743443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.669558048 CEST443497435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.676400900 CEST49743443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.688508034 CEST443497425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.699907064 CEST49744443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.699929953 CEST443497445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.700012922 CEST49744443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.700277090 CEST49744443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.700289011 CEST443497445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.705923080 CEST49744443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.720500946 CEST443497435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.730257034 CEST49745443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.730283022 CEST443497455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.730479956 CEST49745443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.730768919 CEST49745443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.730781078 CEST443497455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.734992981 CEST49745443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.748503923 CEST443497445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.761728048 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.761754036 CEST443497465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.761847019 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.762090921 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.762099981 CEST443497465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.767170906 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.780504942 CEST443497455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.794152021 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.794163942 CEST443497475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.794241905 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.794536114 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.794548035 CEST443497475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.801544905 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.812500954 CEST443497465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.832128048 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.832143068 CEST443497485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.832226992 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.832546949 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.832559109 CEST443497485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.836046934 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.844496965 CEST443497475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.871123075 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.871130943 CEST443497495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.871243000 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.871501923 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.871510029 CEST443497495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.872098923 CEST443497285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.872167110 CEST49728443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.876889944 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.878818035 CEST443497315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.878843069 CEST443497325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.878912926 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.878914118 CEST443497315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.878927946 CEST443497325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.878947973 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.878972054 CEST49731443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.879590988 CEST443497275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.879632950 CEST49732443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.879654884 CEST49727443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.880503893 CEST443497485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.884545088 CEST443497265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.884618998 CEST49726443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.900254965 CEST443497335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.900372028 CEST443497335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.900588989 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.900588989 CEST49733443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.902462959 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.902472019 CEST443497505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.902559042 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.902791977 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.902800083 CEST443497505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.904913902 CEST443497295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.905008078 CEST443497295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.905057907 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.905057907 CEST49729443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.906361103 CEST443497305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.906418085 CEST49730443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.906866074 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.924501896 CEST443497495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.933348894 CEST49751443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.933382034 CEST443497515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.933453083 CEST49751443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.933681011 CEST49751443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.933695078 CEST443497515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.937222958 CEST443497345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.937320948 CEST443497345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.937381029 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.938514948 CEST49751443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.938518047 CEST49734443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.949177980 CEST443497355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.949255943 CEST49735443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.952502966 CEST443497505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.964359999 CEST49752443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.964387894 CEST443497525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.964515924 CEST49752443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.964749098 CEST49752443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.964762926 CEST443497525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.969628096 CEST49752443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.977060080 CEST443497365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.977109909 CEST49736443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.984497070 CEST443497515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.996447086 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.996454954 CEST443497535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:19.996506929 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.996859074 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:19.996869087 CEST443497535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.006670952 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.016498089 CEST443497525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.029316902 CEST49754443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.029325008 CEST443497545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.029383898 CEST49754443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.029623985 CEST49754443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.029633045 CEST443497545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.037674904 CEST49754443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.042092085 CEST443497375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.042146921 CEST49737443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.052490950 CEST443497535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.059272051 CEST49755443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.059282064 CEST443497555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.059355021 CEST49755443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.059602976 CEST49755443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.059611082 CEST443497555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.063631058 CEST49755443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.072032928 CEST443497385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.072091103 CEST49738443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.084496975 CEST443497545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.090210915 CEST49756443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.090219975 CEST443497565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.090301991 CEST49756443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.090586901 CEST49756443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.090596914 CEST443497565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.101783037 CEST49756443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.108498096 CEST443497555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.130117893 CEST443497395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.130177021 CEST49739443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.140105009 CEST49757443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.140115023 CEST443497575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.140430927 CEST49757443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.140760899 CEST49757443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.140770912 CEST443497575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.148504019 CEST443497565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.153247118 CEST49757443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.186767101 CEST443497405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.186836958 CEST49740443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.193290949 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.193298101 CEST443497585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.193365097 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.193731070 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.193738937 CEST443497585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.200501919 CEST443497575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.213203907 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.249428034 CEST443497425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.249496937 CEST49742443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.249515057 CEST443497415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.249603033 CEST49741443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.251470089 CEST49759443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.251481056 CEST443497595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.251612902 CEST49759443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.252046108 CEST49759443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.252055883 CEST443497595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.260503054 CEST443497585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.268930912 CEST49759443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.277240992 CEST443497435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.277299881 CEST49743443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.295420885 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.295461893 CEST443497605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.295563936 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.295835018 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.295849085 CEST443497605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.299484968 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.316504955 CEST443497595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.326383114 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.326416969 CEST443497615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.326484919 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.326814890 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.326828003 CEST443497615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.336004972 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.344502926 CEST443497605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.346090078 CEST443497445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.346149921 CEST49744443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.362638950 CEST443497455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.362699032 CEST49745443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.380503893 CEST443497615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.395503044 CEST443497465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.395597935 CEST443497465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.395601034 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.395641088 CEST49746443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.421705961 CEST443497475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.421806097 CEST443497475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.421911955 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.421926022 CEST49747443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.449445009 CEST49762443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.449477911 CEST443497625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.449564934 CEST49762443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.449860096 CEST49762443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.449873924 CEST443497625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.453285933 CEST49762443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.467190981 CEST443497485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.467287064 CEST443497485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.467322111 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.467360020 CEST49748443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.479366064 CEST443497495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.479461908 CEST443497495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.479526997 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.481322050 CEST49749443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.481328011 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.481379986 CEST443497635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.485280037 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.485531092 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.485549927 CEST443497635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.487174034 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.496500969 CEST443497625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.510279894 CEST443497505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.510389090 CEST443497505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.510500908 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.510500908 CEST49750443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.519455910 CEST49764443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.519507885 CEST443497645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.519594908 CEST49764443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.519844055 CEST49764443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.519860029 CEST443497645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.521687031 CEST49764443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.532497883 CEST443497635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.542716026 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.542764902 CEST443497655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.542850971 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.543217897 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.543241024 CEST443497655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.544442892 CEST443497515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.544508934 CEST49751443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.548394918 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.568509102 CEST443497645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.574060917 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.574094057 CEST443497665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.574183941 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.574412107 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.574423075 CEST443497665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.579525948 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.584657907 CEST443497525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.584729910 CEST49752443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.592503071 CEST443497655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.603215933 CEST443497535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.603296995 CEST443497535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.603378057 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.603391886 CEST49753443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.605355024 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.605379105 CEST443497675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.605451107 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.605696917 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.605710030 CEST443497675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.610599041 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.620510101 CEST443497665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.635993958 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.636003971 CEST443497685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.636081934 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.636312008 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.636321068 CEST443497685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.637387991 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.656502008 CEST443497675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.661669016 CEST443497545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.661736012 CEST49754443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.668832064 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.668874025 CEST443497695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.668935061 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.669249058 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.669262886 CEST443497695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.670186996 CEST443497555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.670239925 CEST49755443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.673947096 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.680504084 CEST443497685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.700242996 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.700273991 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.700328112 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.700578928 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.700592041 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.706269979 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.717163086 CEST443497565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.717216015 CEST49756443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.720503092 CEST443497695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.730508089 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.730540991 CEST443497715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.730596066 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.730809927 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.730823040 CEST443497715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.737499952 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.752504110 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.761502981 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.761533022 CEST443497725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.761601925 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.761845112 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.761858940 CEST443497725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.767071009 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.771589041 CEST443497575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.771651983 CEST49757443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.780505896 CEST443497715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.792885065 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.792901039 CEST443497735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.793014050 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.793433905 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.793451071 CEST443497735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.805919886 CEST443497585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.806026936 CEST443497585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.806078911 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.806091070 CEST49758443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.807534933 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.812494040 CEST443497725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.842272043 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.842289925 CEST443497745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.842353106 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.842680931 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.842691898 CEST443497745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.852504969 CEST443497735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.853239059 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.861656904 CEST443497595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.861738920 CEST49759443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.896502018 CEST443497745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.898482084 CEST443497605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.898595095 CEST443497605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.899384975 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.899385929 CEST49760443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.933818102 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.933855057 CEST443497755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.934119940 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.934420109 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.934437990 CEST443497755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.940510988 CEST443497615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.940619946 CEST443497615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.940731049 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.940731049 CEST49761443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.949712038 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.986080885 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.986118078 CEST443497765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.986285925 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.986794949 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:20.986810923 CEST443497765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:20.992513895 CEST443497755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.000623941 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.027512074 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.027549028 CEST443497775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.027704000 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.028187037 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.028199911 CEST443497775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.037971973 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.048511982 CEST443497765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.059084892 CEST49778443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.059118032 CEST443497785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.059272051 CEST49778443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.059715986 CEST49778443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.059735060 CEST443497785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.072956085 CEST49778443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.080503941 CEST443497775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.090789080 CEST443497625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.090872049 CEST49762443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.096250057 CEST443497635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.096364021 CEST443497635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.096396923 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.096424103 CEST49763443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.107254982 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.107291937 CEST443497795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.107477903 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.107955933 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.107969999 CEST443497795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.119354010 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.120496035 CEST443497785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.129529953 CEST443497645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.129590988 CEST49764443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.164505959 CEST443497795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.175781965 CEST443497655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.175893068 CEST443497655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.175992012 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.175992012 CEST49765443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.200045109 CEST443497665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.200158119 CEST443497665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.204524040 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.204524040 CEST49766443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.219492912 CEST443497675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.219600916 CEST443497675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.220319986 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.220319986 CEST49767443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.236648083 CEST49780443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.236690998 CEST443497805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.236994982 CEST49780443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.237061024 CEST49780443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.237068892 CEST443497805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.251363039 CEST443497685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.251468897 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.251477957 CEST443497685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.251559019 CEST49768443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.273607016 CEST443497695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.273713112 CEST443497695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.273803949 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.273803949 CEST49769443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.331631899 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.331723928 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.336503983 CEST443497705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.336602926 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.336602926 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.336637020 CEST49770443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.349160910 CEST443497715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.349260092 CEST443497715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.349287033 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.350450993 CEST49771443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.364790916 CEST49780443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.373991013 CEST443497725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.374083042 CEST443497725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.376295090 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.376295090 CEST49772443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.408126116 CEST443497735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.408209085 CEST443497735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.408499002 CEST443497805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.408579111 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.408579111 CEST49773443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.455218077 CEST443497745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.455315113 CEST443497745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.457288027 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.457288027 CEST49774443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.531902075 CEST49781443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.531939983 CEST443497815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.532270908 CEST49781443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.532696009 CEST49781443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.532711983 CEST443497815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.543844938 CEST443497755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.543957949 CEST443497755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.544308901 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.544308901 CEST49775443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.623547077 CEST443497765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.623653889 CEST443497765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.623752117 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.623752117 CEST49776443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.640047073 CEST443497775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.640151024 CEST443497775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.643218994 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.643249989 CEST49777443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.654396057 CEST49781443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.682246923 CEST443497785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.682332039 CEST49778443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.684019089 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.684048891 CEST443497825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.684132099 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.684565067 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.684581041 CEST443497825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.692473888 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.696497917 CEST443497815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.714802027 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.714823961 CEST443497835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.715008974 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.715361118 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.715373993 CEST443497835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.723269939 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.736490965 CEST443497825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.747716904 CEST443497795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.747817993 CEST443497795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.747888088 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.747888088 CEST49779443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.768506050 CEST443497835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.843638897 CEST49784443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.843669891 CEST443497845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.843828917 CEST49784443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.844417095 CEST49784443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.844430923 CEST443497845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.851605892 CEST443497805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.851684093 CEST49780443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.859189034 CEST49784443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.893234015 CEST49785443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.893274069 CEST443497855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.893393993 CEST49785443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.893656969 CEST49785443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.893671989 CEST443497855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.900509119 CEST443497845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.907630920 CEST49785443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.934947968 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.934987068 CEST443497865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.935039043 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.935307026 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.935319901 CEST443497865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.947192907 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.948507071 CEST443497855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.982402086 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.982450008 CEST443497875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.982506990 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.983128071 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:21.983141899 CEST443497875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.992491961 CEST443497865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:21.996253014 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.027736902 CEST49788443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.027776003 CEST443497885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.027841091 CEST49788443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.028115034 CEST49788443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.028129101 CEST443497885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.040509939 CEST443497875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.043073893 CEST49788443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.075431108 CEST49789443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.075470924 CEST443497895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.075530052 CEST49789443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.075855017 CEST49789443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.075869083 CEST443497895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.083069086 CEST49789443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.088493109 CEST443497885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.107642889 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.107667923 CEST443497905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.107733011 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.108175039 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.108186960 CEST443497905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.116674900 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.124506950 CEST443497895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.134938955 CEST443497815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.135021925 CEST49781443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.157239914 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.157278061 CEST443497915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.157371998 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.157649040 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.157665968 CEST443497915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.164510965 CEST443497905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.167398930 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.202661037 CEST49792443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.202694893 CEST443497925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.202763081 CEST49792443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.203088045 CEST49792443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.203099966 CEST443497925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.212500095 CEST443497915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.214824915 CEST49792443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.247164011 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.247200012 CEST443497935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.247312069 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.247514009 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.247526884 CEST443497935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.253643990 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.260504007 CEST443497925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.277148962 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.277158976 CEST443497945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.277254105 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.277520895 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.277530909 CEST443497945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.283862114 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.296504021 CEST443497935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.308208942 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.308235884 CEST443497955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.308367968 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.308614016 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.308623075 CEST443497955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.313282967 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.324501038 CEST443497945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.339967966 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.339979887 CEST443497965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.340058088 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.340312004 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.340320110 CEST443497965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.344297886 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.360501051 CEST443497955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.370990992 CEST49797443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.371009111 CEST443497975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.371083021 CEST49797443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.371329069 CEST49797443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.371340036 CEST443497975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.376503944 CEST49797443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.388508081 CEST443497965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.401979923 CEST49798443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.401994944 CEST443497985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.402072906 CEST49798443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.402318954 CEST49798443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.402328968 CEST443497985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.407923937 CEST49798443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.424487114 CEST443497975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.433325052 CEST49799443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.433339119 CEST443497995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.433429003 CEST49799443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.433681011 CEST49799443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.433691978 CEST443497995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.438340902 CEST49799443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.452501059 CEST443497985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.454190969 CEST443497825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.454288960 CEST443497825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.454355001 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.454385996 CEST49782443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.454453945 CEST443497835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.454567909 CEST443497835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.454616070 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.454643965 CEST49783443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.464989901 CEST49800443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.464998007 CEST443498005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.465091944 CEST49800443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.465342999 CEST49800443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.465352058 CEST443498005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.471234083 CEST443497845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.471259117 CEST49800443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.471318007 CEST49784443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.484498024 CEST443497995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.496464968 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.496485949 CEST443498015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.496556044 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.496795893 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.496803045 CEST443498015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.501931906 CEST443497855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.502012968 CEST49785443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.503309011 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.512505054 CEST443498005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.529514074 CEST49802443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.529531956 CEST443498025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.529613972 CEST49802443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.529999018 CEST49802443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.530009985 CEST443498025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.538495064 CEST49802443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.539843082 CEST443497865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.539959908 CEST443497865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.540024042 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.540024042 CEST49786443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.544504881 CEST443498015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.565088034 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.565095901 CEST443498035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.565181017 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.565483093 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.565509081 CEST443498035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.583559990 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.584502935 CEST443498025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.607270956 CEST49804443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.607286930 CEST443498045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.607347012 CEST49804443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.607628107 CEST49804443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.607639074 CEST443498045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.616131067 CEST49804443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.620624065 CEST443497875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.620734930 CEST443497875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.620816946 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.620846987 CEST49787443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.628503084 CEST443498035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.637665033 CEST49805443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.637677908 CEST443498055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.637761116 CEST49805443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.638107061 CEST49805443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.638114929 CEST443498055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.643090963 CEST443497885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.643172026 CEST49788443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.647666931 CEST49805443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.656505108 CEST443498045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.669348955 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.669365883 CEST443498065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.669473886 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.669734001 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.669742107 CEST443498065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.676568031 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.692497969 CEST443498055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.693275928 CEST443497895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.693342924 CEST49789443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.699354887 CEST49807443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.699393034 CEST443498075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.699521065 CEST49807443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.699795961 CEST49807443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.699809074 CEST443498075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.705472946 CEST49807443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.712058067 CEST443497905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.712167025 CEST443497905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.712248087 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.712248087 CEST49790443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.724508047 CEST443498065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.732064009 CEST49808443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.732095003 CEST443498085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.732156038 CEST49808443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.732453108 CEST49808443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.732464075 CEST443498085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.738687038 CEST49808443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.752501965 CEST443498075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.763205051 CEST49809443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.763236046 CEST443498095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.763293028 CEST49809443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.763703108 CEST49809443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.763717890 CEST443498095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.770114899 CEST49809443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.780853987 CEST443497915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.780952930 CEST443497915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.780955076 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.781003952 CEST49791443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.784492016 CEST443498085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.793389082 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.793400049 CEST443498105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.793493032 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.793793917 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.793802023 CEST443498105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.796695948 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.812504053 CEST443498095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.820290089 CEST443497925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.820353985 CEST49792443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.823602915 CEST49811443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.823627949 CEST443498115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.823772907 CEST49811443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.824007988 CEST49811443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.824019909 CEST443498115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.830405951 CEST49811443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.844506979 CEST443498105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.856551886 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.856564045 CEST443498125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.856661081 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.857057095 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.857069016 CEST443498125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.865622044 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.876502991 CEST443498115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.888963938 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.888991117 CEST443498135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.889069080 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.889425039 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.889436007 CEST443498135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.896342993 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.912502050 CEST443498125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.918229103 CEST49814443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.918248892 CEST443498145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.918447018 CEST49814443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.919162035 CEST49814443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.919173002 CEST443498145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.927145958 CEST49814443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.940500975 CEST443498135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.964905977 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.964932919 CEST443498155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.968504906 CEST443498145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.968658924 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.968894005 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.968905926 CEST443498155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.972253084 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.996254921 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.996273994 CEST443498165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:22.996355057 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.999273062 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:22.999284029 CEST443498165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.005253077 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.012500048 CEST443498155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.027049065 CEST49817443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.027071953 CEST443498175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.029309988 CEST49817443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.029617071 CEST49817443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.029625893 CEST443498175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.031938076 CEST49817443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.048499107 CEST443498165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.058285952 CEST49818443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.058296919 CEST443498185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.058382034 CEST49818443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.058710098 CEST49818443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.058717966 CEST443498185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.060875893 CEST443497965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.060988903 CEST443497965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.061050892 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.061141014 CEST443497935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.061166048 CEST49796443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.061420918 CEST443497935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.061506987 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.061506987 CEST49793443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.061651945 CEST443497955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.061758041 CEST443497955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.061778069 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.062396049 CEST443497975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.062467098 CEST49797443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.062467098 CEST49795443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.063524961 CEST49818443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.065224886 CEST443497985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.065299034 CEST49798443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.067816973 CEST443498005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.067904949 CEST49800443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.072818995 CEST443497995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.072906971 CEST49799443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.076500893 CEST443498175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.089968920 CEST49819443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.089982986 CEST443498195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.089987040 CEST443497945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.090100050 CEST443497945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.090199947 CEST49819443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.090199947 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.090199947 CEST49794443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.091816902 CEST49819443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.091828108 CEST443498195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.097251892 CEST49819443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.108486891 CEST443498185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.120759010 CEST49820443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.120770931 CEST443498205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.121181965 CEST49820443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.121372938 CEST49820443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.121382952 CEST443498205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.123281956 CEST49820443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.129277945 CEST443498015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.129410028 CEST443498015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.129436016 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.129677057 CEST49801443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.137713909 CEST443498025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.137789965 CEST49802443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.144498110 CEST443498195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.152434111 CEST49821443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.152442932 CEST443498215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.152514935 CEST49821443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.152889013 CEST49821443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.152899027 CEST443498215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.159984112 CEST49821443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.168500900 CEST443498205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.185247898 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.185255051 CEST443498225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.185321093 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.185762882 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.185770988 CEST443498225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.189107895 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.196710110 CEST443498035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.196809053 CEST443498035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.196835041 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.197194099 CEST49803443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.204509020 CEST443498215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.215003967 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.215018988 CEST443498235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.215092897 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.215425968 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.215436935 CEST443498235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.219528913 CEST443498045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.219619036 CEST49804443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.221350908 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.232496977 CEST443498225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.245569944 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.245599985 CEST443498245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.245707989 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.246783018 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.246798038 CEST443498245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.251264095 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.256298065 CEST443498055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.256383896 CEST49805443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.264498949 CEST443498235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.284262896 CEST49825443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.284307957 CEST443498255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.284387112 CEST49825443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.284785986 CEST49825443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.284800053 CEST443498255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.292263031 CEST49825443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.296499968 CEST443498245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.305046082 CEST443498065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.305151939 CEST443498065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.305183887 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.305248976 CEST49806443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.320347071 CEST443498075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.320425034 CEST49807443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.325525999 CEST49826443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.325544119 CEST443498265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.325695038 CEST49826443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.326028109 CEST49826443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.326037884 CEST443498265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.335277081 CEST49826443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.336502075 CEST443498255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.356278896 CEST49827443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.356313944 CEST443498275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.356517076 CEST49827443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.356944084 CEST49827443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.356961012 CEST443498275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.360138893 CEST443498085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.360207081 CEST49808443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.365242958 CEST49827443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.376429081 CEST443498095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.376523018 CEST49809443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.380500078 CEST443498265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.386451960 CEST49828443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.386482954 CEST443498285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.386585951 CEST49828443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.386914015 CEST49828443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.386928082 CEST443498285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.397253036 CEST49828443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.407895088 CEST443498105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.407985926 CEST443498105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.408001900 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.408062935 CEST49810443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.408510923 CEST443498275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.417732000 CEST49829443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.417759895 CEST443498295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.418040037 CEST49829443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.418279886 CEST49829443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.418292999 CEST443498295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.424385071 CEST49829443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.435761929 CEST443498115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.435846090 CEST49811443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.444497108 CEST443498285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.448900938 CEST49830443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.448928118 CEST443498305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.449004889 CEST49830443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.449413061 CEST49830443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.449424028 CEST443498305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.452287912 CEST49830443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.464509010 CEST443498295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.468852043 CEST443498125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.468951941 CEST443498125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.469037056 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.469037056 CEST49812443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.485244989 CEST49831443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.485277891 CEST443498315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.485511065 CEST49831443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.492505074 CEST443498305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.498183012 CEST443498135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.498298883 CEST443498135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.498297930 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.498583078 CEST49813443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.511017084 CEST49832443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.511043072 CEST443498325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.511172056 CEST49832443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.511499882 CEST49832443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.511514902 CEST443498325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.516263008 CEST49832443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.542691946 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.542712927 CEST443498335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.542776108 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.543270111 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.543283939 CEST443498335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.548888922 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.552326918 CEST443498145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.552409887 CEST49814443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.560506105 CEST443498325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.573226929 CEST443498155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.573312998 CEST443498155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.573348999 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.573636055 CEST49815443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.576412916 CEST49834443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.576432943 CEST443498345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.576524973 CEST49834443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.576749086 CEST49834443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.576761007 CEST443498345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.583290100 CEST49834443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.596498966 CEST443498335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.605253935 CEST49835443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.605293036 CEST443498355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.605390072 CEST49835443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.605757952 CEST49835443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.605770111 CEST443498355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.609642029 CEST443498165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.609740019 CEST443498165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.609750986 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.609899998 CEST49816443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.616341114 CEST49835443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.628496885 CEST443498345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.652256012 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.652296066 CEST443498365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.652407885 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.655278921 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.655308008 CEST443498365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.656507015 CEST443498355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.663503885 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.670129061 CEST443498175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.670280933 CEST49817443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.678087950 CEST443498185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.678155899 CEST49818443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.683326960 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.683360100 CEST443498375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.683707952 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.684024096 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.684037924 CEST443498375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.694073915 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.700428009 CEST443498195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.700501919 CEST49819443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.704509020 CEST443498365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.730854988 CEST443498205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.730899096 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.730918884 CEST443498385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.730945110 CEST49820443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.731004953 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.731383085 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.731396914 CEST443498385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.736155987 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.740499973 CEST443498375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.763272047 CEST49839443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.763294935 CEST443498395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.763324976 CEST443498215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.763354063 CEST49839443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.763420105 CEST49821443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.764172077 CEST49839443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.764199972 CEST443498395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.768762112 CEST49839443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.776503086 CEST443498385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.793262005 CEST49840443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.793284893 CEST443498405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.793396950 CEST49840443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.793859005 CEST49840443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.793874025 CEST443498405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.798743010 CEST49840443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.816505909 CEST443498395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.824054003 CEST49841443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.824081898 CEST443498415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.824215889 CEST49841443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.824448109 CEST49841443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.824461937 CEST443498415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.825002909 CEST443498225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.825105906 CEST443498225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.825174093 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.825174093 CEST49822443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.825707912 CEST443498235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.825810909 CEST443498235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.825877905 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.825877905 CEST49823443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.830565929 CEST49841443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.844494104 CEST443498405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.856261969 CEST49842443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.856278896 CEST443498425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.856388092 CEST49842443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.859277010 CEST49842443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.859289885 CEST443498425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.865252972 CEST49842443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.872499943 CEST443498415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.876849890 CEST443498245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.876955032 CEST443498245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.876969099 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.877006054 CEST49824443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.889252901 CEST49843443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.889273882 CEST443498435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.889383078 CEST49843443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.891357899 CEST49843443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.891357899 CEST49843443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.891371012 CEST443498435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.908512115 CEST443498425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.912595034 CEST443498255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.912647963 CEST49825443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.922477961 CEST49844443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.922508955 CEST443498445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.922569036 CEST49844443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.922972918 CEST49844443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.922986984 CEST443498445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.932506084 CEST443498435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.937972069 CEST49844443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.961554050 CEST443498265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.961607933 CEST49826443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.966562986 CEST49845443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.966605902 CEST443498455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.966684103 CEST49845443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.967045069 CEST49845443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.967062950 CEST443498455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.975939989 CEST443498275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:23.975990057 CEST49827443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.976289034 CEST49845443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:23.984502077 CEST443498445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.001815081 CEST443498285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.001863956 CEST49828443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.014117956 CEST49846443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.014142990 CEST443498465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.014261961 CEST49846443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.014704943 CEST49846443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.014718056 CEST443498465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.020489931 CEST443498455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.029733896 CEST49846443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.038570881 CEST443498295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.038633108 CEST49829443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.059206963 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.059231043 CEST443498475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.059307098 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.059691906 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.059705973 CEST443498475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.061599016 CEST443498305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.061657906 CEST49830443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.072504997 CEST443498465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.081654072 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.107153893 CEST49848443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.107170105 CEST443498485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.107228041 CEST49848443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.107865095 CEST49848443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.107877016 CEST443498485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.118767977 CEST49848443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.126789093 CEST443498325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.126842022 CEST49832443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.128494978 CEST443498475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.153307915 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.153327942 CEST443498495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.153506041 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.153938055 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.153950930 CEST443498495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.162784100 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.164505005 CEST443498485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.183547974 CEST49850443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.183568954 CEST443498505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.183614016 CEST49850443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.183861017 CEST49850443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.183873892 CEST443498505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.188122034 CEST443498345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.188195944 CEST49834443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.192636013 CEST49850443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.208492994 CEST443498495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.215862036 CEST443498355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.215919971 CEST49835443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.216214895 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.216254950 CEST443498515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.216336966 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.216605902 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.216619015 CEST443498515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.219461918 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.240502119 CEST443498505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.246773005 CEST49852443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.246794939 CEST443498525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.246886015 CEST49852443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.247181892 CEST49852443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.247196913 CEST443498525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.254493952 CEST49852443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.264514923 CEST443498515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.284511089 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.284543037 CEST443498535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.284594059 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.284864902 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.284878969 CEST443498535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.300498962 CEST443498525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.307478905 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.310415030 CEST443498375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.310527086 CEST443498375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.310580969 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.310606003 CEST49837443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.340656042 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.340684891 CEST443498545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.340735912 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.341154099 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.341167927 CEST443498545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.349246025 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.352507114 CEST443498535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.371469021 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.371495962 CEST443498555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.371658087 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.372121096 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.372133970 CEST443498555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.378689051 CEST443498395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.378776073 CEST49839443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.379900932 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.396178007 CEST443498405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.396245956 CEST49840443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.396512032 CEST443498545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.403407097 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.403436899 CEST443498565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.403640032 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.403970003 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.403983116 CEST443498565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.411834955 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.424499035 CEST443498555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.434119940 CEST443498415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.434165001 CEST49841443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.434478045 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.434509039 CEST443498575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.434586048 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.435002089 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.435017109 CEST443498575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.438097000 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.456496000 CEST443498565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.465584993 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.465600014 CEST443498585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.465648890 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.465919018 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.465929031 CEST443498585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.474153996 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.484492064 CEST443498575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.496988058 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.497004986 CEST443498595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.497062922 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.497416973 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.497430086 CEST443498595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.501205921 CEST443498425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.501275063 CEST49842443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.504678011 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.520498037 CEST443498585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.525130987 CEST443498435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.525191069 CEST49843443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.528264046 CEST49860443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.528290987 CEST443498605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.528371096 CEST49860443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.528748035 CEST49860443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.528760910 CEST443498605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.535603046 CEST49860443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.536333084 CEST443498445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.536393881 CEST49844443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.552500010 CEST443498595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.558760881 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.558792114 CEST443498615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.558856964 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.559123993 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.559134007 CEST443498615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.564660072 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.577408075 CEST443498455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.577483892 CEST49845443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.580499887 CEST443498605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.590960979 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.590996981 CEST443498625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.591085911 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.591404915 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.591418028 CEST443498625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.596276045 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.608506918 CEST443498615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.617511034 CEST443498465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.617590904 CEST49846443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.622340918 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.622369051 CEST443498635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.622428894 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.622704983 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.622715950 CEST443498635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.629883051 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.640500069 CEST443498625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.669426918 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.669475079 CEST443498645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.669641972 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.669958115 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.669966936 CEST443498645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.672509909 CEST443498635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.683192015 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.683921099 CEST443498475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.684010029 CEST443498475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.684052944 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.684094906 CEST49847443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.715389013 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.715421915 CEST443498655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.715471983 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.715729952 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.715742111 CEST443498655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.721463919 CEST443498485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.721518993 CEST49848443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.724508047 CEST443498645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.729130030 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.763144970 CEST49866443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.763164997 CEST443498665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.763257027 CEST49866443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.763706923 CEST49866443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.763716936 CEST443498665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.769644976 CEST49866443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.770117998 CEST443498495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.770225048 CEST443498495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.770292044 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.770292044 CEST49849443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.776501894 CEST443498655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.793499947 CEST49867443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.793514013 CEST443498675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.793616056 CEST49867443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.793864012 CEST49867443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.793876886 CEST443498675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.801299095 CEST443498505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.801394939 CEST49850443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.804475069 CEST49867443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.816489935 CEST443498665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.823710918 CEST443498515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.823827028 CEST443498515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.823882103 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.823882103 CEST49851443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.840816975 CEST49868443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.840842009 CEST443498685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.840908051 CEST49868443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.841208935 CEST49868443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.841221094 CEST443498685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.844501972 CEST443498675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.849169970 CEST49868443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.870915890 CEST49869443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.870932102 CEST443498695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.871026993 CEST49869443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.871335983 CEST49869443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.871344090 CEST443498695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.873811960 CEST49869443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.882150888 CEST443498525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.882210016 CEST49852443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.892510891 CEST443498685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.904459953 CEST49870443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.904496908 CEST443498705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.909364939 CEST49870443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.912260056 CEST49870443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.912272930 CEST443498705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.914262056 CEST49870443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.916496992 CEST443498695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.920588017 CEST443498535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.920747042 CEST443498535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.920835972 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.920835972 CEST49853443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.947355032 CEST443498545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.947478056 CEST443498545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.947592020 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.947592974 CEST49854443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.956506968 CEST443498705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.975117922 CEST443498555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.975234985 CEST443498555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:24.975358009 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:24.975358009 CEST49855443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.027667046 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.027690887 CEST443498715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.029311895 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.029604912 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.029614925 CEST443498715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.033631086 CEST443498565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.033736944 CEST443498565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.033818960 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.033818960 CEST49856443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.034065008 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.058507919 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.058537960 CEST443498725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.058667898 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.059027910 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.059041023 CEST443498725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.067717075 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.073648930 CEST443498575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.073751926 CEST443498575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.073839903 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.073841095 CEST49857443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.080501080 CEST443498715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.092226982 CEST443498585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.092274904 CEST49873443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.092304945 CEST443498735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.092325926 CEST443498585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.092361927 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.092387915 CEST49873443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.092495918 CEST49858443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.104154110 CEST443498595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.104264021 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.104269028 CEST443498595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.104504108 CEST49859443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.108524084 CEST443498725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.120964050 CEST49874443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.120974064 CEST443498745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.125219107 CEST49874443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.125423908 CEST49874443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.125441074 CEST443498745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.128135920 CEST49874443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.157241106 CEST443498605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.157257080 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.157269955 CEST443498755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.157335997 CEST49860443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.157363892 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.158792019 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.158792019 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.158802986 CEST443498755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.168498993 CEST443498745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.184262037 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.184269905 CEST443498765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.184341908 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.184442997 CEST443498615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.184564114 CEST443498615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.184629917 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.184629917 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.184638977 CEST443498765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.184644938 CEST49861443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.188769102 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.200440884 CEST443498625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.200536966 CEST443498625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.200558901 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.201020956 CEST49862443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.204499960 CEST443498755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.220316887 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.220326900 CEST443498775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.223367929 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.223608017 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.223622084 CEST443498775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.230698109 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.232501030 CEST443498765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.248785019 CEST443498635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.248891115 CEST443498635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.248991966 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.248991966 CEST49863443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.265264034 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.265271902 CEST443498785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.265887022 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.266135931 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.266145945 CEST443498785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.271162987 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.276496887 CEST443498775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.298108101 CEST49879443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.298121929 CEST443498795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.298229933 CEST49879443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.298557997 CEST49879443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.298567057 CEST443498795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.304104090 CEST443498645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.304209948 CEST443498645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.304301023 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.304301023 CEST49864443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.306274891 CEST49879443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.316498995 CEST443498785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.331981897 CEST443498655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.332087994 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.332093000 CEST443498655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.332228899 CEST49865443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.340542078 CEST49880443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.340549946 CEST443498805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.340632915 CEST49880443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.341978073 CEST49880443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.341988087 CEST443498805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.352495909 CEST443498795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.370806932 CEST443498665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.370894909 CEST49866443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.374450922 CEST49880443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.403280973 CEST49881443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.403299093 CEST443498815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.403379917 CEST49881443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.403748989 CEST49881443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.403758049 CEST443498815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.408504009 CEST49881443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.419629097 CEST443498675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.419718027 CEST49867443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.420506954 CEST443498805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.433307886 CEST49882443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.433324099 CEST443498825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.433417082 CEST49882443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.433816910 CEST49882443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.433825970 CEST443498825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.441792965 CEST49882443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.449740887 CEST443498685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.449810982 CEST49868443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.452498913 CEST443498815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.469255924 CEST49883443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.469274998 CEST443498835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.469409943 CEST49883443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.469767094 CEST49883443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.469777107 CEST443498835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.471555948 CEST49883443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.488500118 CEST443498825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.495986938 CEST49884443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.496001959 CEST443498845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.496109962 CEST49884443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.496423006 CEST49884443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.496433973 CEST443498845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.502027035 CEST49884443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.510328054 CEST443498695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.510416031 CEST49869443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.516500950 CEST443498835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.529263973 CEST49885443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.529277086 CEST443498855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.529340982 CEST49885443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.529647112 CEST49885443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.529654980 CEST443498855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.532279968 CEST49885443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.544783115 CEST443498705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.544867039 CEST49870443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.548501015 CEST443498845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.558617115 CEST49886443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.558624983 CEST443498865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.558717966 CEST49886443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.559173107 CEST49886443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.559180021 CEST443498865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.568259001 CEST49886443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.576489925 CEST443498855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.592279911 CEST49887443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.592288971 CEST443498875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.592406034 CEST49887443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.592796087 CEST49887443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.592806101 CEST443498875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.601263046 CEST49887443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.608504057 CEST443498865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.624407053 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.624434948 CEST443498885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.624557018 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.624914885 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.624926090 CEST443498885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.628343105 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.637147903 CEST443498715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.637259960 CEST443498715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.637279987 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.637322903 CEST49871443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.648502111 CEST443498875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.659260035 CEST49889443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.659305096 CEST443498895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.659518003 CEST49889443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.659899950 CEST49889443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.659914970 CEST443498895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.665306091 CEST443498725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.665421009 CEST443498725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.665580034 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.665580034 CEST49872443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.668505907 CEST443498885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.682322025 CEST49889443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.720534086 CEST49890443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.720565081 CEST443498905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.721131086 CEST49890443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.721507072 CEST49890443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.721520901 CEST443498905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.728499889 CEST443498895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.740108013 CEST443498745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.740197897 CEST49874443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.745043039 CEST49890443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.776808023 CEST443498755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.776911020 CEST443498755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.776933908 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.777036905 CEST49875443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.779504061 CEST49891443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.779546022 CEST443498915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.779613972 CEST49891443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.780016899 CEST49891443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.780030966 CEST443498915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.787544012 CEST49891443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.792496920 CEST443498905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.807884932 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.807905912 CEST443498925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.808275938 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.811275005 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.811286926 CEST443498925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.813853025 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.815391064 CEST443498765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.815495968 CEST443498765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.815520048 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.815680027 CEST49876443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.832498074 CEST443498915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.835186958 CEST443498775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.835299015 CEST443498775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.835320950 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.835397005 CEST49877443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.841259003 CEST49893443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.841290951 CEST443498935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.841444016 CEST49893443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.844266891 CEST49893443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.844281912 CEST443498935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.844643116 CEST49893443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.860498905 CEST443498925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.868964911 CEST443498785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.869066000 CEST443498785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.869142056 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.869142056 CEST49878443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.871011019 CEST49894443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.871025085 CEST443498945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.871324062 CEST49894443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.876020908 CEST49894443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.876020908 CEST49894443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.876036882 CEST443498945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.888501883 CEST443498935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.901504040 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.901525021 CEST443498955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.901637077 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.901927948 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.901938915 CEST443498955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.902173996 CEST443498795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.902245998 CEST49879443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.918945074 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.920502901 CEST443498945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.952291965 CEST49896443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.952315092 CEST443498965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.952373028 CEST49896443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.952707052 CEST49896443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.952718019 CEST443498965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.955053091 CEST443498805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.955118895 CEST49880443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.960506916 CEST443498955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.961782932 CEST49896443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.997675896 CEST49897443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.997709990 CEST443498975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:25.997775078 CEST49897443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.998159885 CEST49897443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:25.998171091 CEST443498975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.006865025 CEST49897443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.008492947 CEST443498965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.019795895 CEST443498815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.019853115 CEST49881443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.037128925 CEST49898443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.037177086 CEST443498985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.037240982 CEST49898443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.037576914 CEST49898443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.037591934 CEST443498985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.048959017 CEST49898443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.052496910 CEST443498975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.058872938 CEST443498825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.058953047 CEST49882443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.076385975 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.076425076 CEST443498995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.076497078 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.076984882 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.076999903 CEST443498995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.078140974 CEST443498835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.078206062 CEST49883443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.081423998 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.092504025 CEST443498985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.100271940 CEST443498845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.100347996 CEST49884443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.111134052 CEST49900443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.111183882 CEST443499005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.111257076 CEST49900443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.111593008 CEST49900443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.111612082 CEST443499005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.119913101 CEST49900443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.128508091 CEST443498995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.135941982 CEST443498855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.136012077 CEST49885443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.155173063 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.155201912 CEST443499015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.155270100 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.156238079 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.156250954 CEST443499015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.160506964 CEST443499005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.164132118 CEST443498865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.164191008 CEST49886443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.165507078 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.200897932 CEST49902443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.200916052 CEST443499025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.200985909 CEST49902443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.201546907 CEST49902443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.201559067 CEST443499025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.208527088 CEST443499015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.210400105 CEST49902443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.210851908 CEST443498875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.210915089 CEST49887443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.232285976 CEST49903443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.232321024 CEST443499035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.232408047 CEST49903443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.232734919 CEST49903443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.232753992 CEST443499035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.240745068 CEST49903443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.253094912 CEST443498885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.253215075 CEST443498885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.253279924 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.253295898 CEST49888443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.256498098 CEST443499025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.264724016 CEST49904443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.264754057 CEST443499045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.264992952 CEST49904443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.265290022 CEST49904443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.265302896 CEST443499045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.274626970 CEST49904443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.288500071 CEST443499035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.299690008 CEST443498895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.299743891 CEST49889443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.311063051 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.311098099 CEST443499055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.311146975 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.311553955 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.311567068 CEST443499055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.320497036 CEST443499045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.329653025 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.355021954 CEST443498905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.355082989 CEST49890443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.369170904 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.369204998 CEST443499065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.369287968 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.369715929 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.369729042 CEST443499065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.376493931 CEST443499055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.385468960 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.410659075 CEST443498915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.410737991 CEST49891443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.419640064 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.419673920 CEST443499075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.419734955 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.420027018 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.420052052 CEST443499075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.432499886 CEST443499065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.438272953 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.444859982 CEST443498925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.444972038 CEST443498925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.445004940 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.445024967 CEST49892443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.460474968 CEST443498935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.460525036 CEST49893443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.465347052 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.465374947 CEST443499085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.465432882 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.465804100 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.465818882 CEST443499085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.473845959 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.484503031 CEST443499075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.485692978 CEST443498945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.485769987 CEST49894443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.496360064 CEST49909443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.496393919 CEST443499095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.496963978 CEST49909443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.497262955 CEST49909443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.497277021 CEST443499095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.503725052 CEST49909443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.510565996 CEST443498955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.510678053 CEST443498955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.510730028 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.510756016 CEST49895443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.520499945 CEST443499085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.527203083 CEST49910443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.527220964 CEST443499105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.527376890 CEST49910443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.527662039 CEST49910443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.527673006 CEST443499105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.532990932 CEST49910443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.548499107 CEST443499095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.558114052 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.558142900 CEST443499115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.558228970 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.558530092 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.558545113 CEST443499115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.564049959 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.579087019 CEST443498965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.579158068 CEST49896443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.580498934 CEST443499105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.589982986 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.590009928 CEST443499125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.590115070 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.590430021 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.590439081 CEST443499125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.595865965 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.608499050 CEST443499115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.609344959 CEST443498975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.609410048 CEST49897443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.621411085 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.621440887 CEST443499135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.621582985 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.621845007 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.621857882 CEST443499135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.624557018 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.640495062 CEST443499125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.651783943 CEST49914443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.651797056 CEST443499145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.651874065 CEST49914443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.652147055 CEST49914443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.652158022 CEST443499145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.657664061 CEST49914443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.662581921 CEST443498985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.662648916 CEST49898443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.668499947 CEST443499135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.684745073 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.684779882 CEST443499155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.684921026 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.685173988 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.685188055 CEST443499155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.695127010 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.703066111 CEST443498995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.703180075 CEST443498995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.703255892 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.703255892 CEST49899443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.704508066 CEST443499145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.715790987 CEST443499005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.715843916 CEST49900443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.740499020 CEST443499155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.770970106 CEST443499015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.771069050 CEST443499015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.771127939 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.771143913 CEST49901443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.778412104 CEST49916443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.778443098 CEST443499165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.778496981 CEST49916443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.778740883 CEST49916443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.778752089 CEST443499165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.784467936 CEST49916443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.807378054 CEST443499025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.807427883 CEST49902443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.808501005 CEST49917443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.808531046 CEST443499175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.808650970 CEST49917443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.808973074 CEST49917443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.808984041 CEST443499175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.814491987 CEST49917443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.828499079 CEST443499165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.839607000 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.839639902 CEST443499185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.839713097 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.840006113 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.840019941 CEST443499185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.841645002 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.842595100 CEST443499035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.842660904 CEST49903443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.856498957 CEST443499175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.871134996 CEST49919443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.871156931 CEST443499195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.871226072 CEST49919443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.871323109 CEST443499045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.871385098 CEST49904443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.871561050 CEST49919443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.871573925 CEST443499195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.878367901 CEST49919443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.888495922 CEST443499185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.902070045 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.902101040 CEST443499205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.902163029 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.902394056 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.902405977 CEST443499205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.908736944 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.923188925 CEST443499055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.923295975 CEST443499055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.923430920 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.923430920 CEST49905443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.924501896 CEST443499195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.933270931 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.933298111 CEST443499215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.933823109 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.936266899 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.936280012 CEST443499215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.945260048 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.956499100 CEST443499205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.964432001 CEST49922443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.964443922 CEST443499225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.969362020 CEST49922443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.969873905 CEST49922443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.969873905 CEST49922443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.969886065 CEST443499225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.982114077 CEST443499065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.982213020 CEST443499065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.984332085 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.984332085 CEST49906443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.988509893 CEST443499215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.995845079 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.995861053 CEST443499235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:26.995954990 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.996270895 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:26.996283054 CEST443499235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.001617908 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.012511969 CEST443499225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.026071072 CEST443499075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.026161909 CEST443499075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.026164055 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.026593924 CEST49907443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.028028965 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.028049946 CEST443499245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.028137922 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.028640032 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.028651953 CEST443499245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.037976980 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.048502922 CEST443499235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.058286905 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.058298111 CEST443499255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.058396101 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.058762074 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.058773041 CEST443499255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.060692072 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.080651045 CEST443499085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.080749989 CEST443499085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.080782890 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.081056118 CEST49908443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.084503889 CEST443499245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.089277983 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.089287043 CEST443499265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.089401960 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.090065002 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.090080023 CEST443499265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.096416950 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.104504108 CEST443499255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.125272036 CEST49927443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.125283957 CEST443499275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.125365973 CEST49927443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.125720024 CEST49927443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.125730038 CEST443499275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.128093004 CEST49927443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.131187916 CEST443499095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.131304979 CEST49909443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.131311893 CEST443499105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.131398916 CEST49910443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.136503935 CEST443499265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.153417110 CEST49928443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.153428078 CEST443499285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.153656960 CEST49928443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.153867006 CEST49928443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.153871059 CEST443499285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.160166979 CEST49928443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.168502092 CEST443499275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.169204950 CEST443499115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.169323921 CEST443499115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.169420958 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.169420958 CEST49911443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.184185028 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.184196949 CEST443499295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.184314013 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.184659958 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.184665918 CEST443499295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.194174051 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.200511932 CEST443499285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.208939075 CEST443499125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.209044933 CEST443499125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.209064960 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.209147930 CEST49912443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.216083050 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.216092110 CEST443499305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.216165066 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.216506958 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.216515064 CEST443499305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.223037958 CEST443499135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.223130941 CEST443499135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.223233938 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.223233938 CEST49913443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.228127956 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.236517906 CEST443499295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.260231018 CEST443499145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.260327101 CEST49914443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.262059927 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.262083054 CEST443499315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.262360096 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.262737036 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.262748003 CEST443499315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.272502899 CEST443499305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.274807930 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.308773994 CEST49932443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.308801889 CEST443499325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.309029102 CEST49932443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.309340000 CEST49932443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.309356928 CEST443499325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.320507050 CEST443499315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.325053930 CEST443499155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.325174093 CEST443499155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.325251102 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.325251102 CEST49915443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.332452059 CEST49932443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.357276917 CEST49933443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.357296944 CEST443499335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.357386112 CEST49933443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.357697964 CEST49933443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.357709885 CEST443499335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.367389917 CEST49933443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.372497082 CEST443499325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.402899027 CEST49934443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.402910948 CEST443499345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.403089046 CEST49934443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.403577089 CEST49934443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.403588057 CEST443499345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.408245087 CEST443499165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.408329010 CEST49916443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.408500910 CEST443499335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.414220095 CEST49934443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.445736885 CEST443499175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.445823908 CEST49917443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.456505060 CEST443499345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.472105980 CEST443499195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.472172976 CEST49919443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.475616932 CEST443499185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.475713015 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.475718021 CEST443499185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.475789070 CEST49918443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.509922028 CEST443499205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.510032892 CEST443499205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.510037899 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.510308981 CEST49920443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.543910027 CEST49935443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.543926001 CEST443499355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.545334101 CEST49935443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.545722961 CEST49935443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.545737028 CEST443499355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.561280966 CEST49935443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.570691109 CEST443499215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.570794106 CEST443499215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.570794106 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.570910931 CEST49921443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.589719057 CEST49936443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.589746952 CEST443499365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.589942932 CEST49936443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.593259096 CEST49936443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.593271971 CEST443499365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.599881887 CEST443499225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.599915028 CEST49936443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.599972963 CEST49922443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.604490042 CEST443499355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.609117985 CEST443499235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.609211922 CEST443499235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.609235048 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.609323025 CEST49923443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.620803118 CEST49937443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.620827913 CEST443499375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.621315002 CEST49937443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.621736050 CEST49937443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.621748924 CEST443499375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.633070946 CEST49937443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.640507936 CEST443499365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.646990061 CEST443499245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.647087097 CEST443499245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.647108078 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.649458885 CEST49924443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.660923958 CEST443499255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.661041975 CEST443499255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.661125898 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.661125898 CEST49925443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.667496920 CEST49938443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.667509079 CEST443499385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.669341087 CEST49938443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.673259974 CEST49938443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.673270941 CEST443499385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.676501989 CEST443499375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.678247929 CEST49938443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.697849989 CEST443499265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.697957039 CEST443499265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.697959900 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.698190928 CEST49926443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.701263905 CEST49939443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.701292992 CEST443499395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.701414108 CEST49939443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.705260992 CEST49939443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.705272913 CEST443499395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.707828045 CEST49939443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.724503994 CEST443499385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.730707884 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.730719090 CEST443499405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.730820894 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.731566906 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.731578112 CEST443499405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.744726896 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.748502970 CEST443499395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.760437965 CEST443499275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.760524988 CEST49927443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.761745930 CEST443499285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.761835098 CEST49928443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.777611017 CEST49941443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.777633905 CEST443499415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.777853966 CEST49941443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.778337955 CEST49941443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.778347015 CEST443499415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.792499065 CEST443499405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.799637079 CEST49941443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.819247961 CEST443499295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.819354057 CEST443499295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.819364071 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.819514990 CEST49929443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.823793888 CEST49942443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.823808908 CEST443499425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.825325966 CEST49942443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.825664043 CEST49942443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.825679064 CEST443499425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.828345060 CEST49942443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.834429979 CEST443499305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.834532976 CEST443499305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.834558010 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.834883928 CEST49930443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.844499111 CEST443499415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.856419086 CEST49943443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.856445074 CEST443499435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.857352018 CEST49943443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.857592106 CEST49943443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.857604027 CEST443499435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.864291906 CEST49943443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.868506908 CEST443499425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.875617027 CEST443499315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.875705957 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.875713110 CEST443499315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.875809908 CEST49931443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.886363983 CEST49944443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.886374950 CEST443499445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.886464119 CEST49944443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.886882067 CEST49944443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.886893034 CEST443499445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.893265963 CEST49944443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.908499002 CEST443499435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.918685913 CEST49945443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.918699980 CEST443499455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.918761015 CEST49945443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.919073105 CEST49945443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.919084072 CEST443499455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.930521011 CEST49945443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.932593107 CEST443499325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.932647943 CEST49932443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.940495014 CEST443499445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.966201067 CEST49946443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.966212988 CEST443499465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.966336012 CEST49946443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.966625929 CEST49946443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.966636896 CEST443499465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.971482992 CEST443499335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.971551895 CEST49933443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:27.976490974 CEST443499455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:27.991779089 CEST49946443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.013015985 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.013034105 CEST443499475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.013158083 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.013573885 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.013590097 CEST443499475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.024765968 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.032501936 CEST443499465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.040024042 CEST443499345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.040106058 CEST49934443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.057972908 CEST49948443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.057996035 CEST443499485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.058238029 CEST49948443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.058558941 CEST49948443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.058572054 CEST443499485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.064855099 CEST49948443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.072490931 CEST443499475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.095454931 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.095467091 CEST443499495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.095514059 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.095849991 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.095859051 CEST443499495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.103372097 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.112498999 CEST443499485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.135997057 CEST49950443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.136006117 CEST443499505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.136071920 CEST49950443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.136351109 CEST49950443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.136360884 CEST443499505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.143414021 CEST49950443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.148489952 CEST443499495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.167471886 CEST49951443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.167486906 CEST443499515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.167601109 CEST49951443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.167903900 CEST49951443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.167916059 CEST443499515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.171338081 CEST443499355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.171406984 CEST49935443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.173413992 CEST49951443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.188494921 CEST443499505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.198784113 CEST49952443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.198817015 CEST443499525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.199074984 CEST49952443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.199290037 CEST49952443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.199305058 CEST443499525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.207669020 CEST49952443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.207994938 CEST443499365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.208058119 CEST49936443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.220495939 CEST443499515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.228102922 CEST443499375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.228176117 CEST49937443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.230734110 CEST49953443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.230755091 CEST443499535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.230844021 CEST49953443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.231101036 CEST49953443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.231112957 CEST443499535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.237916946 CEST49953443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.252501965 CEST443499525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.260909081 CEST49954443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.260920048 CEST443499545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.260987043 CEST49954443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.261231899 CEST49954443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.261249065 CEST443499545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.263334990 CEST49954443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.280502081 CEST443499535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.292476892 CEST49955443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.292512894 CEST443499555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.292610884 CEST49955443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.292908907 CEST49955443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.292924881 CEST443499555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.298288107 CEST49955443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.308497906 CEST443499545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.308552027 CEST443499385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.308615923 CEST49938443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.309267998 CEST443499395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.309334040 CEST49939443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.323844910 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.323856115 CEST443499565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.323921919 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.324182987 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.324193954 CEST443499565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.329940081 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.340502977 CEST443499555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.355587959 CEST49957443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.355618000 CEST443499575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.355674982 CEST49957443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.356019974 CEST49957443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.356036901 CEST443499575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.363375902 CEST49957443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.376501083 CEST443499565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.387109995 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.387136936 CEST443499585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.387279034 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.387530088 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.387543917 CEST443499585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.394979000 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.394987106 CEST443499415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.395057917 CEST49941443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.408509016 CEST443499575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.422250986 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.422281027 CEST443499595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.422357082 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.422705889 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.422719955 CEST443499595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.429802895 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.436501026 CEST443499585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.441442966 CEST443499425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.441504955 CEST49942443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.464936018 CEST49960443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.464947939 CEST443499605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.465059996 CEST49960443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.465398073 CEST49960443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.465409040 CEST443499605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.469883919 CEST443499435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.469969034 CEST49943443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.470436096 CEST49960443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.472503901 CEST443499595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.488831997 CEST443499445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.488883018 CEST49944443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.495419979 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.495455980 CEST443499615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.495579958 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.495801926 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.495816946 CEST443499615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.501101017 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.516505957 CEST443499605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.526897907 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.526917934 CEST443499625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.526992083 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.527240038 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.527251005 CEST443499625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.533252954 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.546286106 CEST443499455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.546348095 CEST49945443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.548497915 CEST443499615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.559119940 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.559134007 CEST443499635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.559189081 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.559633017 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.559647083 CEST443499635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.572654963 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.575234890 CEST443499465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.575293064 CEST49946443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.580493927 CEST443499625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.607556105 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.607578993 CEST443499645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.609240055 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.609494925 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.609512091 CEST443499645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.613989115 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.620492935 CEST443499635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.620718956 CEST443499475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.620821953 CEST443499475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.620888948 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.620917082 CEST49947443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.636790037 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.636812925 CEST443499655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.636899948 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.637207031 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.637218952 CEST443499655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.645139933 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.656497955 CEST443499645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.668832064 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.668843985 CEST443499665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.668936014 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.669229031 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.669239998 CEST443499665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.683504105 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.689778090 CEST443499485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.689836979 CEST49948443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.692495108 CEST443499655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.714967966 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.714987040 CEST443499675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.715114117 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.715445995 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.715456009 CEST443499675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.723965883 CEST443499495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.724080086 CEST443499495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.724140882 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.724164963 CEST49949443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.724500895 CEST443499665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.725377083 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.745507002 CEST49968443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.745532990 CEST443499685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.745682001 CEST49968443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.745994091 CEST49968443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.746006966 CEST443499685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.751410961 CEST443499505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.751486063 CEST49950443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.752969980 CEST49968443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.772501945 CEST443499675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.777837038 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.777868032 CEST443499695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.777935982 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.778162956 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.778171062 CEST443499695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.783626080 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.800493956 CEST443499685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.807750940 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.807777882 CEST443499705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.807936907 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.808185101 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.808197021 CEST443499705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.809633017 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.814093113 CEST443499525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.814177990 CEST49952443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.828493118 CEST443499695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.838948965 CEST49971443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.838974953 CEST443499715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.839164019 CEST49971443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.839391947 CEST49971443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.839405060 CEST443499715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.844235897 CEST49971443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.846719027 CEST443499535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.846782923 CEST49953443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.856492043 CEST443499705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.863841057 CEST443499545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.863929987 CEST49954443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.870415926 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.870429039 CEST443499725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.870568037 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.870858908 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.870871067 CEST443499725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.875296116 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.888509035 CEST443499715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.901472092 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.901484013 CEST443499735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.901638985 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.901881933 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.901892900 CEST443499735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.906384945 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.920509100 CEST443499725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.937264919 CEST49974443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.937279940 CEST443499745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.941385031 CEST49974443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.952497959 CEST443499735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.953692913 CEST443499565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.953794003 CEST443499565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.953877926 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.953877926 CEST49956443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.963866949 CEST49975443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.963896036 CEST443499755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.964076042 CEST49975443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.965274096 CEST49975443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.965289116 CEST443499755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.967092037 CEST443499575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:28.967176914 CEST49957443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.969270945 CEST49975443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.997265100 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:28.997294903 CEST443499765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.001405001 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.002006054 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.002006054 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.002023935 CEST443499765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.015309095 CEST443499585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.015415907 CEST443499585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.015491962 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.015491962 CEST49958443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.016494989 CEST443499755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.026426077 CEST49977443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.026443005 CEST443499775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.026519060 CEST49977443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.026870012 CEST49977443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.026880980 CEST443499775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.028422117 CEST49977443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.048495054 CEST443499765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.057877064 CEST443499595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.057960987 CEST443499595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.057986021 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.058130980 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.058150053 CEST443499785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.058176041 CEST49959443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.058300972 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.058547020 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.058562994 CEST443499785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.063431025 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.067051888 CEST443499605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.067145109 CEST49960443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.068506956 CEST443499775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.089273930 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.089303017 CEST443499795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.089401960 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.093302965 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.093321085 CEST443499795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.094358921 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.104505062 CEST443499785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.110356092 CEST443499615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.110450029 CEST443499615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.110483885 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.110543013 CEST49961443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.126220942 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.126254082 CEST443499805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.126318932 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.126611948 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.126621962 CEST443499805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.134170055 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.138607025 CEST443499625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.138700962 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.138706923 CEST443499625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.138775110 CEST49962443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.140491962 CEST443499795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.167437077 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.167460918 CEST443499815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.167563915 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.169286966 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.169302940 CEST443499815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.172377110 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.180505991 CEST443499805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.189515114 CEST443499635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.189620018 CEST443499635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.189697027 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.189697027 CEST49963443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.198630095 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.198657990 CEST443499825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.199132919 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.199282885 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.199310064 CEST443499825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.204334974 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.216490984 CEST443499815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.216547966 CEST443499645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.216669083 CEST443499645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.216679096 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.216818094 CEST49964443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.230509996 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.230534077 CEST443499835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.230854988 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.231054068 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.231066942 CEST443499835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.237273932 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.248492002 CEST443499825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.251831055 CEST443499655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.251939058 CEST443499655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.251951933 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.252037048 CEST49965443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.261423111 CEST49984443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.261460066 CEST443499845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.261907101 CEST49984443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.262253046 CEST49984443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.262267113 CEST443499845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.269279957 CEST49984443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.284492016 CEST443499835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.292648077 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.292685032 CEST443499855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.292819023 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.293090105 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.293106079 CEST443499855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.301270008 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.314199924 CEST443499665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.314299107 CEST443499665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.314364910 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.314364910 CEST49966443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.316492081 CEST443499845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.324546099 CEST443499675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.324644089 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.324651003 CEST443499675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.324703932 CEST49967443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.324918985 CEST49986443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.324930906 CEST443499865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.324995041 CEST49986443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.325397015 CEST49986443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.325408936 CEST443499865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.333268881 CEST49986443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.348504066 CEST443499855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.355582952 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.355618000 CEST443499875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.355748892 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.356028080 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.356045961 CEST443499875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.360161066 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.367839098 CEST443499685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.367923975 CEST49968443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.380503893 CEST443499865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.386308908 CEST49988443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.386321068 CEST443499885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.386455059 CEST49988443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.386734962 CEST49988443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.386746883 CEST443499885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.393469095 CEST443499695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.393608093 CEST443499695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.393671989 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.393671989 CEST49969443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.397265911 CEST49988443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.404505014 CEST443499875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.418445110 CEST49989443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.418466091 CEST443499895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.418764114 CEST49989443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.419122934 CEST49989443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.419132948 CEST443499895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.424467087 CEST443499705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.424583912 CEST443499705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.424612999 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.424643993 CEST49970443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.428703070 CEST49989443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.444504976 CEST443499885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.457503080 CEST49990443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.457526922 CEST443499905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.457665920 CEST49990443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.457920074 CEST49990443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.457931995 CEST443499905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.463012934 CEST49990443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.471544981 CEST443499715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.471673965 CEST49971443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.472508907 CEST443499895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.494724035 CEST443499725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.494834900 CEST443499725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.494875908 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.495039940 CEST49972443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.496164083 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.496195078 CEST443499915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.496315956 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.496707916 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.496721983 CEST443499915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.504297018 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.504512072 CEST443499905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.518522978 CEST443499735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.518620968 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.518627882 CEST443499735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.518677950 CEST49973443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.529273987 CEST49992443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.529304028 CEST443499925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.529428005 CEST49992443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.529767990 CEST49992443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.529778957 CEST443499925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.535996914 CEST49992443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.548501015 CEST443499915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.558646917 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.558676958 CEST443499935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.558787107 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.559051037 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.559063911 CEST443499935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.568300009 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.573427916 CEST443499755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.573525906 CEST49975443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.576510906 CEST443499925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.589267969 CEST49994443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.589281082 CEST443499945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.589354992 CEST49994443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.593266964 CEST49994443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.593282938 CEST443499945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.597266912 CEST49994443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.610341072 CEST443499765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.610444069 CEST443499765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.610457897 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.610522032 CEST49976443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.612508059 CEST443499935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.621279955 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.621303082 CEST443499955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.621416092 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.621788979 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.621799946 CEST443499955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.627033949 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.644494057 CEST443499945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.650629997 CEST443499775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.650723934 CEST49977443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.652164936 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.652177095 CEST443499965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.652358055 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.652558088 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.652570009 CEST443499965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.659831047 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.666604042 CEST443499785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.666704893 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.666708946 CEST443499785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.668504953 CEST443499955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.668603897 CEST49978443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.700498104 CEST443499965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.700527906 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.700539112 CEST443499975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.700614929 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.701271057 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.701278925 CEST443499975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.704122066 CEST443499795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.704226971 CEST443499795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.704312086 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.704312086 CEST49979443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.709269047 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.729724884 CEST49998443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.729733944 CEST443499985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.732028008 CEST443499805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.732119083 CEST443499805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.732141972 CEST49998443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.732150078 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.732187033 CEST49980443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.732423067 CEST49998443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.732434988 CEST443499985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.737802982 CEST49998443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.756498098 CEST443499975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.765274048 CEST49999443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.765286922 CEST443499995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.765382051 CEST49999443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.769272089 CEST49999443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.769287109 CEST443499995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.770051956 CEST49999443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.784492016 CEST443499985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.790883064 CEST443499815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.790993929 CEST443499815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.791002989 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.791172028 CEST49981443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.799722910 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.799758911 CEST443500005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.799854994 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.800328970 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.800342083 CEST443500005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.803806067 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.816492081 CEST443499995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.826870918 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.826903105 CEST443500015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.827102900 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.827707052 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.827721119 CEST443500015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.833266020 CEST443499825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.833381891 CEST443499825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.833435059 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.833529949 CEST49982443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.848490953 CEST443500005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.863178968 CEST443499835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.863300085 CEST443499835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.863368034 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.863368034 CEST49983443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.871682882 CEST443499845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.871753931 CEST49984443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.881589890 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.898226976 CEST443499855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.898334980 CEST443499855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.898420095 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.898421049 CEST49985443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.902386904 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.902399063 CEST443500025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.902517080 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.903285980 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.903296947 CEST443500025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.906451941 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.928507090 CEST443500015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.938086033 CEST443499865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.938152075 CEST49986443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.939184904 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.939207077 CEST443500035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.939268112 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.939923048 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.939939022 CEST443500035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.948503971 CEST443500025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.962510109 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.962836027 CEST443499875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.962934017 CEST443499875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.962985992 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.962985992 CEST49987443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:29.989636898 CEST443499885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:29.989700079 CEST49988443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.000344992 CEST50004443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.000360966 CEST443500045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.000415087 CEST50004443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.000938892 CEST50004443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.000951052 CEST443500045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.008512974 CEST443500035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.047380924 CEST443499895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.047451019 CEST49989443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.066041946 CEST443499905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.066122055 CEST49990443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.108009100 CEST443499915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.108129978 CEST443499915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.108191967 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.108213902 CEST49991443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.136101961 CEST443499925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.136178017 CEST49992443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.196136951 CEST443499935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.196253061 CEST443499935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.196314096 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.196336985 CEST49993443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.199400902 CEST443499945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.199457884 CEST49994443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.259779930 CEST443499965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.259882927 CEST443499965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.259944916 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.259963036 CEST49996443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.261493921 CEST443499955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.261614084 CEST443499955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.261667967 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.262094021 CEST49995443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.316421986 CEST443499975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.316523075 CEST443499975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.316591024 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.316591024 CEST49997443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.329257011 CEST50004443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.339644909 CEST443499985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.339701891 CEST49998443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.372502089 CEST443500045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.403839111 CEST443500005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.403943062 CEST443500005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.403995991 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.405356884 CEST443499995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.405399084 CEST50000443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.405410051 CEST49999443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.450139046 CEST443500015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.450239897 CEST443500015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.450313091 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.451967955 CEST50001443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.514810085 CEST443500025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.514918089 CEST443500025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.514971972 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.514993906 CEST50002443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.571456909 CEST443500035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.571568012 CEST443500035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.571630001 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.571645975 CEST50003443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.602715969 CEST50005443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.602742910 CEST443500055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.602817059 CEST50005443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.603748083 CEST50005443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.603760958 CEST443500055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.626657009 CEST50005443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.629832029 CEST443500045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.629882097 CEST50004443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.654809952 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.654829979 CEST443500065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.654892921 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.655136108 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.655148029 CEST443500065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.668507099 CEST443500055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.676244974 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.700195074 CEST50007443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.700220108 CEST443500075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.700280905 CEST50007443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.700587034 CEST50007443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.700599909 CEST443500075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.713154078 CEST50007443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.716506958 CEST443500065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.748555899 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.748565912 CEST443500085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.748630047 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.749262094 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.749273062 CEST443500085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.760509968 CEST443500075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.765610933 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.796232939 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.796252966 CEST443500095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.796310902 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.796716928 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.796726942 CEST443500095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.807900906 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.812493086 CEST443500085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.848496914 CEST443500095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.852269888 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.852283001 CEST443500105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.852349043 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.852731943 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.852742910 CEST443500105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.865665913 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.887614965 CEST50011443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.887630939 CEST443500115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.887690067 CEST50011443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.887938976 CEST50011443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.887950897 CEST443500115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.894789934 CEST50011443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.908512115 CEST443500105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.940500021 CEST443500115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.980077028 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.980091095 CEST443500125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.980190039 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.985265970 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:30.985280037 CEST443500125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:30.986382008 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.017273903 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.017293930 CEST443500135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.017380953 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.018281937 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.018281937 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.018296957 CEST443500135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.032496929 CEST443500125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.042629004 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.042639971 CEST443500145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.042757034 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.044437885 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.044449091 CEST443500145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.049272060 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.064507008 CEST443500135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.075299978 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.075316906 CEST443500155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.075406075 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.080816984 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.080816984 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.080826998 CEST443500155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.096504927 CEST443500145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.105273008 CEST50016443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.105308056 CEST443500165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.105370998 CEST50016443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.105648041 CEST50016443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.105665922 CEST443500165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.115504026 CEST50016443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.128500938 CEST443500155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.137010098 CEST50017443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.137037039 CEST443500175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.137439966 CEST50017443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.139364004 CEST50017443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.139379025 CEST443500175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.144546986 CEST50017443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.160502911 CEST443500165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.175807953 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.175837994 CEST443500185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.176075935 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.176382065 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.176393986 CEST443500185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.183346033 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.192507982 CEST443500175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.215367079 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.215399027 CEST443500195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.215647936 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.215928078 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.215939999 CEST443500195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.219634056 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.228492975 CEST443500185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.232023001 CEST443500055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.232096910 CEST50005443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.247380018 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.247395039 CEST443500205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.247519016 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.247929096 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.247940063 CEST443500205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.253875017 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.264499903 CEST443500195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.265933990 CEST443500065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.266033888 CEST443500065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.266057968 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.266119003 CEST50006443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.277019978 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.277046919 CEST443500215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.277153969 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.277446985 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.277463913 CEST443500215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.285029888 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.300501108 CEST443500205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.303890944 CEST443500075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.303991079 CEST50007443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.311599016 CEST50022443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.311619997 CEST443500225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.311719894 CEST50022443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.312078953 CEST50022443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.312092066 CEST443500225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.317826033 CEST50022443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.332504034 CEST443500215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.340663910 CEST50023443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.340692997 CEST443500235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.340779066 CEST50023443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.341280937 CEST50023443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.341294050 CEST443500235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.350497007 CEST50023443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.360502958 CEST443500225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.364583015 CEST443500085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.364686966 CEST443500085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.364692926 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.364753962 CEST50008443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.392503977 CEST443500235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.409651041 CEST443500095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.409765959 CEST443500095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.409790993 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.409857988 CEST50009443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.419147968 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.419178963 CEST443500245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.419271946 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.419709921 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.419723988 CEST443500245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.426615953 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.453270912 CEST50025443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.453298092 CEST443500255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.453371048 CEST50025443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.453799963 CEST50025443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.453813076 CEST443500255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.458060980 CEST50025443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.468503952 CEST443500245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.480910063 CEST50026443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.480932951 CEST443500265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.481065989 CEST50026443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.481424093 CEST50026443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.481436968 CEST443500265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.482062101 CEST443500105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.482165098 CEST443500105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.482170105 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.482232094 CEST50010443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.487067938 CEST50026443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.495809078 CEST443500115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.495899916 CEST50011443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.504509926 CEST443500255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.512192011 CEST50027443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.512214899 CEST443500275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.512336016 CEST50027443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.512584925 CEST50027443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.512595892 CEST443500275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.520992994 CEST50027443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.532499075 CEST443500265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.553286076 CEST50028443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.553319931 CEST443500285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.553538084 CEST50028443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.553801060 CEST50028443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.553812981 CEST443500285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.562412977 CEST50028443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.568496943 CEST443500275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.589629889 CEST50029443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.589656115 CEST443500295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.589797020 CEST50029443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.590143919 CEST50029443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.590157032 CEST443500295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.593323946 CEST50029443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.601835966 CEST443500125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.601934910 CEST443500125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.602004051 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.602004051 CEST50012443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.608495951 CEST443500285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.618571997 CEST443500135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.618686914 CEST443500135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.618772030 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.618772030 CEST50013443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.621273041 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.621284008 CEST443500305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.621423960 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.625278950 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.625289917 CEST443500305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.629278898 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.640494108 CEST443500295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.653326988 CEST50031443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.653342009 CEST443500315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.653418064 CEST50031443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.653713942 CEST50031443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.653727055 CEST443500315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.656812906 CEST50031443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.657691956 CEST443500145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.657798052 CEST443500145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.657855034 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.657855034 CEST50014443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.676492929 CEST443500305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.682974100 CEST50032443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.683002949 CEST443500325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.685424089 CEST50032443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.685558081 CEST50032443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.685570955 CEST443500325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.689822912 CEST50032443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.690375090 CEST443500155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.690495968 CEST443500155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.690525055 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.690589905 CEST50015443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.704493046 CEST443500315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.714920044 CEST50033443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.714945078 CEST443500335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.715157032 CEST50033443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.715930939 CEST443500165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.715960026 CEST50033443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.715974092 CEST443500335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.716000080 CEST50016443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.722404957 CEST50033443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.736495972 CEST443500325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.748748064 CEST443500175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.748776913 CEST50034443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.748792887 CEST443500345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.748830080 CEST50017443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.748882055 CEST50034443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.749209881 CEST50034443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.749218941 CEST443500345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.751729012 CEST50034443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.768493891 CEST443500335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.776587009 CEST50035443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.776601076 CEST443500355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.776704073 CEST50035443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.776974916 CEST50035443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.776987076 CEST443500355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.785270929 CEST50035443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.796494007 CEST443500345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.808100939 CEST50036443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.808118105 CEST443500365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.808244944 CEST50036443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.808515072 CEST50036443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.808526993 CEST443500365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.810982943 CEST50036443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.811964035 CEST443500185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.812063932 CEST443500185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.812135935 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.812135935 CEST50018443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.825928926 CEST443500195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.826039076 CEST443500195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.826083899 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.826119900 CEST50019443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.832495928 CEST443500355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.841274977 CEST50037443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.841289997 CEST443500375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.841409922 CEST50037443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.845276117 CEST50037443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.845289946 CEST443500375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.847106934 CEST50037443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.856496096 CEST443500365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.871679068 CEST50038443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.871706009 CEST443500385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.871939898 CEST50038443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.876005888 CEST50038443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.876019001 CEST443500385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.879558086 CEST443500205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.879591942 CEST50038443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.879653931 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.879656076 CEST443500205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.879787922 CEST50020443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.892498016 CEST443500375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.903317928 CEST50039443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.903347969 CEST443500395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.903470993 CEST50039443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.903659105 CEST443500215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.903764009 CEST443500215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.903779984 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.903829098 CEST50039443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.903841972 CEST443500395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.903896093 CEST50021443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.910233974 CEST50039443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.923147917 CEST443500225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.923196077 CEST50022443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.924491882 CEST443500385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.935132027 CEST50040443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.935148954 CEST443500405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.935237885 CEST50040443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.935550928 CEST50040443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.935563087 CEST443500405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.945175886 CEST50040443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.950612068 CEST443500235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.950699091 CEST50023443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.956496000 CEST443500395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.964586020 CEST50041443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.964608908 CEST443500415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.964667082 CEST50041443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.965020895 CEST50041443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.965029955 CEST443500415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.971467972 CEST50041443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.992494106 CEST443500405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.997059107 CEST50042443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.997070074 CEST443500425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:31.997136116 CEST50042443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.997387886 CEST50042443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:31.997399092 CEST443500425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.003901005 CEST50042443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.012495041 CEST443500415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.027061939 CEST50043443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.027084112 CEST443500435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.027189970 CEST50043443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.027502060 CEST50043443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.027515888 CEST443500435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.029344082 CEST50043443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.040592909 CEST443500245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.040680885 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.040689945 CEST443500245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.040894985 CEST50024443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.048496008 CEST443500425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.059031010 CEST50044443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.059061050 CEST443500445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.059111118 CEST50044443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.059423923 CEST50044443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.059432983 CEST443500445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.068490028 CEST50044443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.076494932 CEST443500435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.090085030 CEST443500265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.090159893 CEST50026443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.091232061 CEST50045443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.091245890 CEST443500455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.091299057 CEST50045443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.091617107 CEST50045443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.091625929 CEST443500455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.102523088 CEST443500255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.102576971 CEST50025443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.107961893 CEST50045443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.116493940 CEST443500445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.138883114 CEST50046443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.138900042 CEST443500465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.138948917 CEST50046443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.139583111 CEST50046443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.139595032 CEST443500465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.140305042 CEST443500275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.140369892 CEST50027443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.148509979 CEST443500455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.156352043 CEST50046443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.184211969 CEST443500285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.184256077 CEST50028443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.190529108 CEST50047443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.190572977 CEST443500475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.190639973 CEST50047443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.191004038 CEST50047443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.191016912 CEST443500475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.192533970 CEST443500295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.192590952 CEST50029443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.200501919 CEST443500465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.221060991 CEST50047443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.240092039 CEST443500305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.240196943 CEST443500305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.240237951 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.240272045 CEST50030443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.250689983 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.250730991 CEST443500485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.250792980 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.251106977 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.251120090 CEST443500485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.256007910 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.260627985 CEST443500315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.260679007 CEST50031443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.268498898 CEST443500475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.278872013 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.278906107 CEST443500495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.278991938 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.279299021 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.279310942 CEST443500495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.287731886 CEST443500325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.287791967 CEST50032443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.291311026 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.300493956 CEST443500485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.325633049 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.325649977 CEST443500505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.325742006 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.326035976 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.326047897 CEST443500505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.327368975 CEST443500335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.327439070 CEST50033443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.332508087 CEST443500495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.334182024 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.355663061 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.355680943 CEST443500515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.355746984 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.356081009 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.356091976 CEST443500515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.359494925 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.376514912 CEST443500505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.379043102 CEST443500345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.379096985 CEST50034443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.388163090 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.388176918 CEST443500525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.388225079 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.388519049 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.388529062 CEST443500525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.392112970 CEST443500355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.392205000 CEST50035443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.396188021 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.404516935 CEST443500515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.419867039 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.419881105 CEST443500535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.419936895 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.420198917 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.420211077 CEST443500535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.423765898 CEST443500365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.423820019 CEST50036443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.427906036 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.436501980 CEST443500525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.451328039 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.451339960 CEST443500545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.451450109 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.451766968 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.451775074 CEST443500545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.461512089 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.467116117 CEST443500375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.467181921 CEST50037443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.472502947 CEST443500535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.487901926 CEST443500385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.487957001 CEST50038443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.495805025 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.495829105 CEST443500555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.495897055 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.496238947 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.496249914 CEST443500555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.502177954 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.504501104 CEST443500545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.527209997 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.527223110 CEST443500565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.527296066 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.527550936 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.527560949 CEST443500565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.532598019 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.538376093 CEST443500405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.538449049 CEST50040443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.539063931 CEST443500395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.539122105 CEST50039443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.548507929 CEST443500555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.564553976 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.564578056 CEST443500575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.564644098 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.564889908 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.564903021 CEST443500575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.571242094 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.576937914 CEST443500415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.577009916 CEST50041443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.580498934 CEST443500565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.606585979 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.606596947 CEST443500585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.606652975 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.606895924 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.606905937 CEST443500585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.612502098 CEST443500575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.612567902 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.627784967 CEST443500425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.627830029 CEST50042443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.630462885 CEST443500435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.630511045 CEST50043443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.637190104 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.637202978 CEST443500595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.637254953 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.637526035 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.637536049 CEST443500595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.643992901 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.656507015 CEST443500585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.669867992 CEST443500445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.669920921 CEST50044443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.672040939 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.672054052 CEST443500605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.672122955 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.672554016 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.672564030 CEST443500605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.680541039 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.688503981 CEST443500595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.707333088 CEST443500455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.707398891 CEST50045443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.715523958 CEST50061443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.715542078 CEST443500615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.716306925 CEST50061443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.717279911 CEST50061443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.717289925 CEST443500615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.724494934 CEST443500605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.725992918 CEST50061443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.745992899 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.746005058 CEST443500625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.746061087 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.746330023 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.746339083 CEST443500625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.757744074 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.768505096 CEST443500615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.779592037 CEST443500465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.779659033 CEST50046443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.793154001 CEST443500475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.793212891 CEST50047443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.796355009 CEST50063443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.796371937 CEST443500635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.796435118 CEST50063443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.796746016 CEST50063443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.796752930 CEST443500635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.800506115 CEST443500625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.811908960 CEST50063443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.840291977 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.840328932 CEST443500645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.840389967 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.840667009 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.840681076 CEST443500645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.856503010 CEST443500635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.878477097 CEST443500485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.878585100 CEST443500485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.878664970 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.879287958 CEST50048443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.885557890 CEST443500495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.885663986 CEST443500495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.885731936 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.885756016 CEST50049443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.937371016 CEST443500505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.937488079 CEST443500505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.941339016 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.941339016 CEST50050443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.952514887 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.971467972 CEST443500515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.971577883 CEST443500515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.971659899 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.971659899 CEST50051443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.995609999 CEST443500525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.995754957 CEST443500525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.996506929 CEST443500645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:32.999495029 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:32.999495029 CEST50052443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.034712076 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.034754038 CEST443500655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.034861088 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.035568953 CEST443500535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.035672903 CEST443500535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.039350986 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.039350986 CEST50053443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.043589115 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.043601036 CEST443500655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.062175035 CEST443500545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.062274933 CEST443500545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.063369989 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.063369989 CEST50054443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.115629911 CEST443500555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.115740061 CEST443500555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.119584084 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.119584084 CEST50055443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.137367010 CEST443500565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.137465954 CEST443500565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.137497902 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.137563944 CEST50056443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.142373085 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.181152105 CEST443500575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.181250095 CEST443500575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.183325052 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.183325052 CEST50057443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.184500933 CEST443500655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.230324984 CEST443500585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.230433941 CEST443500585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.231386900 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.231386900 CEST50058443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.267867088 CEST443500595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.267976999 CEST443500595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.267981052 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.268106937 CEST50059443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.277805090 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.277818918 CEST443500665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.277975082 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.278323889 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.278333902 CEST443500665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.294290066 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.299197912 CEST443500605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.299305916 CEST443500605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.299367905 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.299421072 CEST50060443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.318981886 CEST443500615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.319057941 CEST50061443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.336502075 CEST443500665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.356544971 CEST50067443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.356568098 CEST443500675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.359185934 CEST50067443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.359616041 CEST50067443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.359625101 CEST443500675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.367463112 CEST443500625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.367571115 CEST443500625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.368576050 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.368576050 CEST50062443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.385605097 CEST50067443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.419415951 CEST50068443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.419433117 CEST443500685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.419666052 CEST50068443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.419887066 CEST50068443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.419897079 CEST443500685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.427814007 CEST50068443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.430905104 CEST443500635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.430989027 CEST50063443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.432503939 CEST443500675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.468506098 CEST443500685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.470891953 CEST443500645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.470999956 CEST443500645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.471088886 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.471088886 CEST50064443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.543625116 CEST50069443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.543647051 CEST443500695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.543740988 CEST50069443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.544024944 CEST50069443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.544035912 CEST443500695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.550746918 CEST50069443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.583276033 CEST50070443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.583286047 CEST443500705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.583399057 CEST50070443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.587289095 CEST50070443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.587302923 CEST443500705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.589538097 CEST50070443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.596509933 CEST443500695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.623325109 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.623347044 CEST443500715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.623436928 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.627062082 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.627062082 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.627074957 CEST443500715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.632503986 CEST443500705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.668507099 CEST443500715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.669578075 CEST443500655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.669728041 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.669742107 CEST443500655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.669948101 CEST50065443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.761029005 CEST50072443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.761050940 CEST443500725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.761138916 CEST50072443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.763559103 CEST50072443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.763569117 CEST443500725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.767313004 CEST50072443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.792577982 CEST50073443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.792619944 CEST443500735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.792727947 CEST50073443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.793008089 CEST50073443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.793020010 CEST443500735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.800251961 CEST50073443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.808504105 CEST443500725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.823652983 CEST50074443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.823662996 CEST443500745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.823796034 CEST50074443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.824065924 CEST50074443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.824075937 CEST443500745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.827035904 CEST50074443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.840502977 CEST443500735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.854548931 CEST50075443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.854571104 CEST443500755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.855897903 CEST50075443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.856247902 CEST50075443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.856260061 CEST443500755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.860908031 CEST50075443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.872503042 CEST443500745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.886864901 CEST50076443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.886897087 CEST443500765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.887079954 CEST50076443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.887629032 CEST50076443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.887639046 CEST443500765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.894948006 CEST50076443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.905560970 CEST443500665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.905662060 CEST443500665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.905740023 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.905740023 CEST50066443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.908498049 CEST443500755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.923377037 CEST50077443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.923393011 CEST443500775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.923511982 CEST50077443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.927277088 CEST50077443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.927289009 CEST443500775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.930387020 CEST50077443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.936507940 CEST443500765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.966428995 CEST50078443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.966449022 CEST443500785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.966557980 CEST50078443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.967025995 CEST50078443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:33.967035055 CEST443500785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.976527929 CEST443500775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.990572929 CEST443500675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:33.990623951 CEST50067443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.011172056 CEST50078443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.052505016 CEST443500785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.055660009 CEST443500685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.055757046 CEST50068443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.092200994 CEST50079443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.092225075 CEST443500795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.092283010 CEST50079443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.092602015 CEST50079443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.092613935 CEST443500795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.109533072 CEST50079443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.138832092 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.138878107 CEST443500805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.138935089 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.139204979 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.139219999 CEST443500805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.150223017 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.155811071 CEST443500695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.155889988 CEST50069443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.156498909 CEST443500795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.184472084 CEST50081443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.184505939 CEST443500815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.184582949 CEST50081443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.184870005 CEST50081443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.184881926 CEST443500815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.192503929 CEST443500805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.192945957 CEST50081443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.203778028 CEST443500705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.203826904 CEST50070443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.215102911 CEST50082443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.215131044 CEST443500825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.215188026 CEST50082443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.215523958 CEST50082443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.215537071 CEST443500825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.222383022 CEST50082443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.236500978 CEST443500815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.237389088 CEST443500715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.237493992 CEST443500715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.237540007 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.237561941 CEST50071443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.246028900 CEST50083443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.246057034 CEST443500835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.246139050 CEST50083443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.246664047 CEST50083443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.246679068 CEST443500835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.264504910 CEST443500825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.266239882 CEST50083443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.293575048 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.293606043 CEST443500845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.293719053 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.293993950 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.294007063 CEST443500845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.300789118 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.312494993 CEST443500835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.325042009 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.325074911 CEST443500855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.325150967 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.325365067 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.325376987 CEST443500855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.332241058 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.348493099 CEST443500845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.356673002 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.356695890 CEST443500865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.356774092 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.357101917 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.357115984 CEST443500865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.363326073 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.376492023 CEST443500855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.378448963 CEST443500725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.378516912 CEST50072443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.386058092 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.386080980 CEST443500875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.386141062 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.386405945 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.386420012 CEST443500875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.392071962 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.402894974 CEST443500735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.402972937 CEST50073443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.404500008 CEST443500865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.417682886 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.417699099 CEST443500885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.417747974 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.418025017 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.418035030 CEST443500885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.425323963 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.431696892 CEST443500745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.431746960 CEST50074443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.432502031 CEST443500875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.449902058 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.449928045 CEST443500895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.449992895 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.450232983 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.450246096 CEST443500895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.457241058 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.466530085 CEST443500755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.466613054 CEST50075443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.472505093 CEST443500885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.481282949 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.481297016 CEST443500905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.481348038 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.481594086 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.481605053 CEST443500905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.484186888 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.498924017 CEST443500765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.498995066 CEST50076443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.504499912 CEST443500895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.511836052 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.511859894 CEST443500915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.511944056 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.512149096 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.512162924 CEST443500915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.518357992 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.528492928 CEST443500905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.538805008 CEST443500775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.538856983 CEST50077443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.542478085 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.542500019 CEST443500925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.542563915 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.542840958 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.542854071 CEST443500925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.547658920 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.564491987 CEST443500915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.576021910 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.576050997 CEST443500935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.576157093 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.576378107 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.576390028 CEST443500935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.576575994 CEST443500785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.576633930 CEST50078443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.581442118 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.592490911 CEST443500925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.605819941 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.605838060 CEST443500945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.605942011 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.606251955 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.606270075 CEST443500945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.627578974 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.628494978 CEST443500935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.652821064 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.652862072 CEST443500955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.652941942 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.653234959 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.653249979 CEST443500955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.658278942 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.668495893 CEST443500945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.683171034 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.683203936 CEST443500965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.683274984 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.683710098 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.683722973 CEST443500965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.691029072 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.704503059 CEST443500955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.715337038 CEST50097443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.715370893 CEST443500975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.715426922 CEST50097443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.715653896 CEST50097443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.715667009 CEST443500975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.723592043 CEST50097443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.724931002 CEST443500795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.724982977 CEST50079443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.732501984 CEST443500965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.746187925 CEST50098443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.746203899 CEST443500985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.746259928 CEST50098443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.746593952 CEST50098443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.746604919 CEST443500985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.753171921 CEST50098443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.768492937 CEST443500975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.777673006 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.777703047 CEST443500995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.777776003 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.777998924 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.778011084 CEST443500995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.779939890 CEST443500805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.780035973 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.780042887 CEST443500805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.780092955 CEST50080443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.785222054 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.796509027 CEST443500985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.808857918 CEST443500815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.808928967 CEST50081443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.809402943 CEST50100443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.809428930 CEST443501005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.809535980 CEST50100443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.809715986 CEST50100443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.809729099 CEST443501005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.815182924 CEST50100443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.827882051 CEST443500825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.827944040 CEST50082443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.832493067 CEST443500995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.839323044 CEST50101443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.839349031 CEST443501015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.839415073 CEST50101443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.839656115 CEST50101443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.839668036 CEST443501015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.846066952 CEST50101443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.849101067 CEST443500835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.849159002 CEST50083443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.856503010 CEST443501005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.870846987 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.870867014 CEST443501025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.870934963 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.871144056 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.871154070 CEST443501025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.876219988 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.892493963 CEST443501015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.901665926 CEST50103443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.901683092 CEST443501035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.901762962 CEST50103443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.902051926 CEST50103443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.902064085 CEST443501035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.904917002 CEST443500845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.905026913 CEST443500845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.905036926 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.905076981 CEST50084443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.907033920 CEST50103443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.916506052 CEST443501025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.932879925 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.932904959 CEST443501045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.935415030 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.936743975 CEST443500855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.936777115 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.936795950 CEST443501045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.936846018 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.936847925 CEST443500855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.936999083 CEST50085443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.940505028 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.952496052 CEST443501035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.964052916 CEST443500865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.964147091 CEST443500865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.964238882 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.964238882 CEST50086443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.964535952 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.964567900 CEST443501055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.964721918 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.967433929 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.967449903 CEST443501055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.969731092 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.988501072 CEST443501045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.995275974 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.995290041 CEST443501065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.995996952 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.999358892 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:34.999370098 CEST443501065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:34.999876976 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.003684044 CEST443500875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.003792048 CEST443500875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.007391930 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.007391930 CEST50087443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.016490936 CEST443501055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.027296066 CEST50107443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.027326107 CEST443501075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.031455040 CEST50107443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.044503927 CEST443501065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.052191973 CEST443500895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.052304029 CEST443500895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.052850962 CEST443500885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.052922010 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.052922010 CEST50089443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.052937031 CEST443500885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.052973986 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.055368900 CEST50088443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.059317112 CEST50108443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.059326887 CEST443501085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.063359976 CEST50108443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.085689068 CEST443500905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.085784912 CEST443500905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.085812092 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.086261988 CEST50090443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.091418028 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.091439009 CEST443501095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.091593027 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.094377995 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.094377995 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.094392061 CEST443501095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.120465994 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.120476007 CEST443501105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.120659113 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.123446941 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.123454094 CEST443501105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.123579025 CEST443500915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.123676062 CEST443500915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.123699903 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.123773098 CEST50091443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.126391888 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.136498928 CEST443501095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.146372080 CEST443500925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.146486998 CEST443500925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.146564960 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.146564960 CEST50092443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.155294895 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.155307055 CEST443501115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.155431986 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.156085014 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.156096935 CEST443501115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.159549952 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.172488928 CEST443501105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.182600975 CEST50112443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.182635069 CEST443501125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.183461905 CEST50112443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.183753967 CEST50112443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.183764935 CEST443501125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.191576958 CEST50112443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.202604055 CEST443500935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.202701092 CEST443500935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.202770948 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.202770948 CEST50093443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.204497099 CEST443501115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.212965965 CEST443500945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.213062048 CEST443500945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.213160992 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.213160992 CEST50094443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.215315104 CEST50113443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.215342999 CEST443501135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.215447903 CEST50113443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.219027042 CEST50113443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.219027042 CEST50113443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.219041109 CEST443501135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.232506990 CEST443501125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.245229006 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.245239019 CEST443501145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.245306969 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.245599031 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.245608091 CEST443501145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.247499943 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.264492989 CEST443501135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.275749922 CEST443500955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.275846004 CEST443500955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.275912046 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.275952101 CEST50095443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.279362917 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.279378891 CEST443501155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.279470921 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.281608105 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.281608105 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.281619072 CEST443501155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.292505026 CEST443501145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.298914909 CEST443500965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.299021959 CEST443500965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.299118996 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.299118996 CEST50096443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.318588972 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.318603039 CEST443501165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.318923950 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.319062948 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.319072008 CEST443501165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.324502945 CEST443501155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.328953981 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.343240023 CEST443500975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.343314886 CEST50097443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.355159998 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.355173111 CEST443501175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.355251074 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.355629921 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.355639935 CEST443501175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.360349894 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.372499943 CEST443501165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.382225037 CEST443500985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.382313013 CEST50098443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.387456894 CEST50118443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.387470007 CEST443501185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.387698889 CEST50118443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.388349056 CEST50118443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.388359070 CEST443501185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.389436007 CEST443500995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.389539957 CEST443500995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.389563084 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.389780998 CEST50099443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.395354986 CEST50118443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.400501966 CEST443501175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.419722080 CEST50119443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.419737101 CEST443501195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.419812918 CEST50119443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.420397043 CEST50119443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.420407057 CEST443501195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.424585104 CEST50119443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.424592018 CEST443501005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.424658060 CEST50100443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.436508894 CEST443501185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.443135977 CEST443499405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.443223953 CEST443499405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.443309069 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.443310022 CEST49940443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.451335907 CEST50120443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.451344967 CEST443501205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.451423883 CEST50120443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.451944113 CEST50120443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.451952934 CEST443501205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.461978912 CEST50120443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.465811014 CEST443501015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.465878010 CEST50101443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.472501993 CEST443501195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.500255108 CEST50121443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.500278950 CEST443501215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.500719070 CEST50121443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.501025915 CEST50121443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.501035929 CEST443501215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.504498005 CEST443501205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.523685932 CEST50121443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.534869909 CEST443501035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.534951925 CEST50103443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.564507008 CEST443501215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.567493916 CEST443501045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.567611933 CEST443501045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.567734957 CEST443501025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.567747116 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.567747116 CEST50104443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.567840099 CEST443501025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.567852020 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.567883015 CEST50102443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.574520111 CEST443501055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.574623108 CEST443501055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.574692965 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.574692965 CEST50105443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.618218899 CEST443501065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.618313074 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.618314981 CEST443501065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.620294094 CEST50106443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.651057005 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.651093006 CEST443501225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.651401997 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.652044058 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.652055979 CEST443501225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.731002092 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.772502899 CEST443501225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.838267088 CEST50123443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.838304043 CEST443501235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.838459969 CEST50123443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.852857113 CEST50123443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.852869987 CEST443501235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.920855999 CEST443501095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921025991 CEST443501095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921087027 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.921147108 CEST50109443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.921214104 CEST443501105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921344042 CEST443501105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921428919 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.921428919 CEST50110443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.921525002 CEST443501115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921696901 CEST443501115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921708107 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.921848059 CEST443501155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921951056 CEST443501155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.921977997 CEST443501125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.922002077 CEST50111443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922015905 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922015905 CEST50115443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922055006 CEST50112443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922071934 CEST443501145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.922197104 CEST443501145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.922230959 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922235966 CEST443501135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.922282934 CEST50114443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.922312975 CEST50113443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.926428080 CEST50123443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.956568003 CEST443501165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.956685066 CEST443501165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.956752062 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.956772089 CEST50116443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.972505093 CEST443501235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.995316982 CEST443501175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.995420933 CEST443501175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:35.995486021 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:35.995512962 CEST50117443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.030546904 CEST443501185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.030618906 CEST50118443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.070507050 CEST443501195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.070579052 CEST50119443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.073875904 CEST443501205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.073930025 CEST50120443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.085155964 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.085191011 CEST443501245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.085248947 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.085891008 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.085903883 CEST443501245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.163017035 CEST443501215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.163074970 CEST50121443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.197066069 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.233305931 CEST50125443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.233340025 CEST443501255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.233397007 CEST50125443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.233786106 CEST50125443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.233803988 CEST443501255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.240508080 CEST443501245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.252552986 CEST50125443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.271644115 CEST443501225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.271778107 CEST443501225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.271826029 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.271846056 CEST50122443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.277796984 CEST50126443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.277812958 CEST443501265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.277863979 CEST50126443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.278161049 CEST50126443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.278172970 CEST443501265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.287782907 CEST50126443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.300492048 CEST443501255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.309298038 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.309322119 CEST443501275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.309370041 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.309704065 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.309712887 CEST443501275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.319295883 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.332504034 CEST443501265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.357923985 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.357954979 CEST443501285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.358021021 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.358284950 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.358297110 CEST443501285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.364509106 CEST443501275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.377873898 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.403418064 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.403451920 CEST443501295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.403526068 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.403883934 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.403899908 CEST443501295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.413489103 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.420499086 CEST443501285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.434370995 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.434386015 CEST443501305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.434437037 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.434708118 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.434717894 CEST443501305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.447348118 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.460498095 CEST443501295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.481122017 CEST50131443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.481149912 CEST443501315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.481203079 CEST50131443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.481520891 CEST50131443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.481532097 CEST443501315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.491281033 CEST50131443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.492506981 CEST443501305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.511640072 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.511663914 CEST443501325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.511729956 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.512061119 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.512072086 CEST443501325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.517585993 CEST443501235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.517659903 CEST50123443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.520085096 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.532506943 CEST443501315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.543622017 CEST50133443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.543639898 CEST443501335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.543701887 CEST50133443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.544004917 CEST50133443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.544015884 CEST443501335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.550257921 CEST50133443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.564502001 CEST443501325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.575438023 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.575448036 CEST443501345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.575519085 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.575809956 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.575819969 CEST443501345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.578835011 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.596498966 CEST443501335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.605973959 CEST50135443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.605990887 CEST443501355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.606060982 CEST50135443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.606302977 CEST50135443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.606312990 CEST443501355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.611706018 CEST50135443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.624504089 CEST443501345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.638597965 CEST50136443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.638621092 CEST443501365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.638684988 CEST50136443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.638967037 CEST50136443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.638984919 CEST443501365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.646745920 CEST50136443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.652509928 CEST443501355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.674881935 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.674906015 CEST443501375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.675020933 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.675369978 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.675379992 CEST443501375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.680143118 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.692516088 CEST443501365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.701340914 CEST443501245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.701462030 CEST443501245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.701463938 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.701525927 CEST50124443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.715653896 CEST50138443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.715667963 CEST443501385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.715727091 CEST50138443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.715976000 CEST50138443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.715987921 CEST443501385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.724498034 CEST443501375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.724832058 CEST50138443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.746911049 CEST50139443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.746929884 CEST443501395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.746987104 CEST50139443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.747227907 CEST50139443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.747239113 CEST443501395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.755605936 CEST50139443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.768501997 CEST443501385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.778106928 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.778120041 CEST443501405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.778227091 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.778644085 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.778652906 CEST443501405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.787822962 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.796499014 CEST443501395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.808218956 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.808233023 CEST443501415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.808299065 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.808595896 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.808605909 CEST443501415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.816473007 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.832499981 CEST443501405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.840331078 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.840348005 CEST443501425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.840446949 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.840717077 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.840734959 CEST443501425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.846725941 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.860506058 CEST443501415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.866566896 CEST443501255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.866622925 CEST50125443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.871938944 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.871958017 CEST443501435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.872024059 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.872261047 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.872272015 CEST443501435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.878714085 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.888501883 CEST443501425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.889266968 CEST443501265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.889339924 CEST50126443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.902096987 CEST50144443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.902133942 CEST443501445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.902396917 CEST50144443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.902642012 CEST50144443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.902662039 CEST443501445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.904759884 CEST50144443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.924504042 CEST443501435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.935481071 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.935508013 CEST443501455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.935676098 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.936191082 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.936203957 CEST443501455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.939297915 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.944591999 CEST443501275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.944694042 CEST443501275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.944796085 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.944796085 CEST50127443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.948504925 CEST443501445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.964091063 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.964114904 CEST443501465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.964868069 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.967416048 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.967430115 CEST443501465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.970318079 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.976341963 CEST443501285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.976449013 CEST443501285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.976453066 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.976581097 CEST50128443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.980500937 CEST443501455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.995743036 CEST50147443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.995775938 CEST443501475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:36.995882988 CEST50147443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.996155977 CEST50147443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:36.996170044 CEST443501475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.003325939 CEST50147443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.012506008 CEST443501465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.020894051 CEST443501295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.021002054 CEST443501295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.021079063 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.021079063 CEST50129443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.027319908 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.027349949 CEST443501485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.031474113 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.032964945 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.032964945 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.032979965 CEST443501485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.044502020 CEST443501475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.076505899 CEST443501485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.081723928 CEST443501305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.081768036 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.081809998 CEST443501495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.081825018 CEST443501305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.081856012 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.083399057 CEST50130443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.083411932 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.083708048 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.083722115 CEST443501495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.086680889 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.113828897 CEST443501315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.113924980 CEST50131443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.119301081 CEST443501325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.119394064 CEST443501325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.119411945 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.119474888 CEST50132443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.123388052 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.123430967 CEST443501505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.123619080 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.123950005 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.123963118 CEST443501505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.128469944 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.132502079 CEST443501495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.155333996 CEST50151443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.155381918 CEST443501515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.155569077 CEST50151443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.155780077 CEST50151443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.155793905 CEST443501515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.158881903 CEST50151443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.172502995 CEST443501505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.183512926 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.183542967 CEST443501525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.183650970 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.183958054 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.183973074 CEST443501525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.185599089 CEST443501335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.185682058 CEST50133443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.190391064 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.200500965 CEST443501515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.207812071 CEST443501345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.207921982 CEST443501345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.207950115 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.208017111 CEST50134443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.215395927 CEST50153443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.215425014 CEST443501535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.215656996 CEST50153443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.216011047 CEST50153443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.216021061 CEST443501535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.221807957 CEST50153443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.229533911 CEST443501355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.229614973 CEST50135443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.236505032 CEST443501525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.241039038 CEST443501365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.241142988 CEST50136443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.247315884 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.247337103 CEST443501545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.247433901 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.247858047 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.247874975 CEST443501545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.253087044 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.268493891 CEST443501535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.277254105 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.277291059 CEST443501555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.277504921 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.279309988 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.279325008 CEST443501555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.284045935 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.300510883 CEST443501545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.308279037 CEST50156443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.308294058 CEST443501565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.311465025 CEST50156443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.311686039 CEST50156443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.311697960 CEST443501565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.314619064 CEST50156443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.317095041 CEST443501375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.317209005 CEST443501375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.317274094 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.317274094 CEST50137443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.325027943 CEST443501385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.325094938 CEST50138443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.328502893 CEST443501555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.343350887 CEST50157443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.343374968 CEST443501575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.343491077 CEST50157443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.344527960 CEST50157443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.344542980 CEST443501575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.345654011 CEST50157443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.352042913 CEST443501395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.352130890 CEST50139443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.360510111 CEST443501565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.379332066 CEST50158443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.379364967 CEST443501585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.379426003 CEST50158443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.379772902 CEST50158443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.379787922 CEST443501585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.388503075 CEST443501575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.392025948 CEST50158443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.397520065 CEST443501405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.397630930 CEST443501405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.397665024 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.397706985 CEST50140443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.417742014 CEST50159443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.417774916 CEST443501595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.418046951 CEST50159443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.418205023 CEST50159443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.418217897 CEST443501595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.426361084 CEST50159443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.426852942 CEST443501415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.426953077 CEST443501415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.427000046 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.427000046 CEST50141443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.436490059 CEST443501585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.449613094 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.449646950 CEST443501605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.449779034 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.450263977 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.450277090 CEST443501605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.453953028 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.455147028 CEST443501425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.455239058 CEST443501425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.455245972 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.455343008 CEST50142443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.468501091 CEST443501595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.479933977 CEST50161443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.479954958 CEST443501615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.480165958 CEST50161443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.480571032 CEST50161443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.480583906 CEST443501615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.487793922 CEST50161443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.500504971 CEST443501605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.504086971 CEST443501435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.504178047 CEST443501435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.504239082 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.504240036 CEST50143443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.511410952 CEST50162443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.511420965 CEST443501625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.511482000 CEST50162443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.511787891 CEST50162443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.511799097 CEST443501625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.528506994 CEST443501615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.528534889 CEST50162443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.535867929 CEST443501445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.535948038 CEST50144443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.544831038 CEST443501455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.544928074 CEST443501455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.544931889 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.545181036 CEST50145443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.558686018 CEST50163443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.558712959 CEST443501635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.558792114 CEST50163443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.559108973 CEST50163443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.559123993 CEST443501635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.562160969 CEST50163443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.576499939 CEST443501625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.577661991 CEST443501465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.577754974 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.577755928 CEST443501465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.578016043 CEST50146443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.591677904 CEST50164443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.591691017 CEST443501645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.591764927 CEST50164443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.592360973 CEST50164443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.592371941 CEST443501645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.594568014 CEST50164443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.604500055 CEST443501635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.618330002 CEST443501475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.618418932 CEST50147443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.623672009 CEST50165443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.623692989 CEST443501655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.623806000 CEST50165443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.624171972 CEST50165443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.624187946 CEST443501655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.626610041 CEST50165443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.640496969 CEST443501645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.651640892 CEST50166443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.651659012 CEST443501665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.651760101 CEST50166443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.652194023 CEST50166443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.652203083 CEST443501665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.653381109 CEST443501485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.653475046 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.653482914 CEST443501485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.653533936 CEST50148443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.658605099 CEST50166443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.672503948 CEST443501655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.687963963 CEST50167443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.687999964 CEST443501675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.688098907 CEST50167443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.688465118 CEST50167443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.688477993 CEST443501675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.700505972 CEST443501665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.722076893 CEST50167443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.730439901 CEST443501495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.730529070 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.730536938 CEST443501495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.730618000 CEST50149443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.739268064 CEST443501505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.739363909 CEST443501505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.739371061 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.739428043 CEST50150443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.757008076 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.757030964 CEST443501685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.757127047 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.757409096 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.757421017 CEST443501685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.768497944 CEST443501675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.774250984 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.778703928 CEST443501515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.778769970 CEST50151443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.801439047 CEST443501525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.801549911 CEST443501525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.801568985 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.801640987 CEST50152443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.809357882 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.809398890 CEST443501695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.809484959 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.809963942 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.809978962 CEST443501695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.816508055 CEST443501685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.819798946 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.830030918 CEST443501535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.830111027 CEST50153443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.840285063 CEST50170443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.840302944 CEST443501705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.840423107 CEST50170443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.841078997 CEST50170443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.841093063 CEST443501705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.850315094 CEST50170443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.864507914 CEST443501695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.873027086 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.873059034 CEST443501715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.873437881 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.873738050 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.873747110 CEST443501715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.881237984 CEST443501545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.881354094 CEST443501545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.883357048 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.883357048 CEST50154443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.884438038 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.892508984 CEST443501705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.894021034 CEST443501555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.894145012 CEST443501555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.894175053 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.894216061 CEST50155443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.917325974 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.917341948 CEST443501725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.917412996 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.918031931 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.918045044 CEST443501725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.922138929 CEST443501565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.922219992 CEST50156443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.926912069 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.928514004 CEST443501715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.950020075 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.950037003 CEST443501735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.950128078 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.950366974 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.950380087 CEST443501735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.968502998 CEST443501725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.976260900 CEST443501575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:37.976351976 CEST50157443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:37.979432106 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.014066935 CEST50174443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.014086962 CEST443501745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.014143944 CEST50174443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.014482975 CEST50174443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.014492989 CEST443501745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.018405914 CEST443501585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.018482924 CEST50158443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.024507046 CEST443501735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.043756008 CEST443501595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.043833971 CEST50159443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.056624889 CEST443501605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.056715012 CEST443501605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.056761026 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.056782961 CEST50160443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.058737993 CEST50174443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.091680050 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.091701031 CEST443501755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.091768026 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.092024088 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.092037916 CEST443501755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.100476027 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.104504108 CEST443501745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.122339010 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.122370005 CEST443501765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.122419119 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.122801065 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.122812986 CEST443501765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.141870022 CEST443501625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.141917944 CEST50162443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.143426895 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.144510031 CEST443501755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.149509907 CEST443501615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.149566889 CEST50161443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.168267965 CEST50177443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.168291092 CEST443501775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.168339968 CEST50177443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.168570042 CEST50177443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.168574095 CEST443501775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.177707911 CEST50177443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.178888083 CEST443501635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.178937912 CEST50163443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.188493013 CEST443501765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.206404924 CEST50178443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.206430912 CEST443501785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.206489086 CEST50178443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.207082987 CEST50178443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.207097054 CEST443501785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.224503040 CEST443501775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.227871895 CEST443501645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.227917910 CEST50164443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.235771894 CEST50178443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.272768974 CEST443501655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.272838116 CEST50165443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.280510902 CEST443501785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.323036909 CEST443501675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.323077917 CEST50167443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.334706068 CEST443501665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.334753990 CEST50166443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.359025955 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.359060049 CEST443501795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.359124899 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.359946012 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.359958887 CEST443501795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.429306984 CEST443501685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.429411888 CEST443501685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.429478884 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.429501057 CEST50168443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.456284046 CEST443501695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.456389904 CEST443501695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.456577063 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.456577063 CEST50169443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.483957052 CEST443501705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.484013081 CEST50170443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.508933067 CEST443501715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.509031057 CEST443501715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.509079933 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.509099007 CEST50171443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.566441059 CEST443501735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.566596985 CEST443501735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.566639900 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.566660881 CEST50173443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.570097923 CEST443501725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.570204020 CEST443501725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.570254087 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.571646929 CEST50172443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.665983915 CEST443501745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.666028023 CEST50174443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.712829113 CEST443501755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.712925911 CEST443501755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.712975025 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.712975025 CEST50175443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.751810074 CEST443501765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.751915932 CEST443501765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.752015114 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.752038956 CEST50176443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.800195932 CEST443501775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.800256014 CEST50177443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.841706991 CEST443501785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.841785908 CEST50178443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.878484011 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.901777029 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.901803017 CEST443501805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.901899099 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.902141094 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.902153015 CEST443501805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.906471014 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.924498081 CEST443501795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.937305927 CEST50181443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.937330961 CEST443501815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.941412926 CEST50181443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.952498913 CEST443501805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.980782032 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.980818033 CEST443501825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.980994940 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.981982946 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.981995106 CEST443501825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.989618063 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.996869087 CEST443501795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.996978045 CEST443501795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:38.997057915 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:38.997057915 CEST50179443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.010879040 CEST50183443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.010896921 CEST443501835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.011064053 CEST50183443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.013302088 CEST50183443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.013314009 CEST443501835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.013626099 CEST50183443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.036505938 CEST443501825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.045301914 CEST50184443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.045312881 CEST443501845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.049525023 CEST50184443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.049750090 CEST50184443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.049761057 CEST443501845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.049981117 CEST50184443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.056505919 CEST443501835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.074826002 CEST50185443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.074862957 CEST443501855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.075052977 CEST50185443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.077301025 CEST50185443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.077312946 CEST443501855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.087891102 CEST50185443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.092510939 CEST443501845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.120800018 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.120812893 CEST443501865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.120982885 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.121346951 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.121356964 CEST443501865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.128499985 CEST443501855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.129937887 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.153311014 CEST50187443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.153323889 CEST443501875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.153412104 CEST50187443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.153640032 CEST50187443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.153650999 CEST443501875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.157509089 CEST50187443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.172512054 CEST443501865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.185307026 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.185323000 CEST443501885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.185420990 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.185700893 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.185709953 CEST443501885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.189307928 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.204493999 CEST443501875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.217297077 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.217308044 CEST443501895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.217504978 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.217850924 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.217860937 CEST443501895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.218405962 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.232503891 CEST443501885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.244926929 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.244935989 CEST443501905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.245297909 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.245487928 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.245496988 CEST443501905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.249413967 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.264504910 CEST443501895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.281302929 CEST50191443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.281322956 CEST443501915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.281447887 CEST50191443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.296505928 CEST443501905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.307847023 CEST50192443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.307887077 CEST443501925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.309403896 CEST50192443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.309602022 CEST50192443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.309612989 CEST443501925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.313011885 CEST50192443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.339901924 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.339931011 CEST443501935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.341455936 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.341734886 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.341747046 CEST443501935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.342942953 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.356503963 CEST443501925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.370949984 CEST50194443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.370970011 CEST443501945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.371114016 CEST50194443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.371476889 CEST50194443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.371489048 CEST443501945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.377295017 CEST50194443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.384507895 CEST443501935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.401949883 CEST50195443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.401962996 CEST443501955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.402143955 CEST50195443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.402702093 CEST50195443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.402712107 CEST443501955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.420495033 CEST443501945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.421435118 CEST50195443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.449266911 CEST50196443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.449279070 CEST443501965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.449542046 CEST50196443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.449954033 CEST50196443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.449964046 CEST443501965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.453783035 CEST50196443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.468502998 CEST443501955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.480320930 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.480333090 CEST443501975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.480478048 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.480710983 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.480720997 CEST443501975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.487653017 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.496505022 CEST443501965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.507071018 CEST443501805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.507164955 CEST443501805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.507169962 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.507266998 CEST50180443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.511744976 CEST50198443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.511754990 CEST443501985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.511892080 CEST50198443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.512161016 CEST50198443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.512171030 CEST443501985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.520076990 CEST50198443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.532505035 CEST443501975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.542459011 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.542470932 CEST443501995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.542726040 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.542877913 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.542885065 CEST443501995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.544675112 CEST443498335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.544755936 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.544768095 CEST443498335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.544811964 CEST49833443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.551336050 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.564490080 CEST443501985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.571091890 CEST443498365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.571181059 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.571185112 CEST443498365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.571268082 CEST49836443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.573235989 CEST50200443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.573245049 CEST443502005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.573434114 CEST50200443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.573669910 CEST50200443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.573678970 CEST443502005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.579709053 CEST50200443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.596497059 CEST443501995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.601324081 CEST443501825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.601419926 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.601423979 CEST443501825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.601489067 CEST50182443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.607403994 CEST50201443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.607413054 CEST443502015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.607630014 CEST50201443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.607887030 CEST50201443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.607896090 CEST443502015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.615295887 CEST50201443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.620507002 CEST443502005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.636173010 CEST50202443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.636179924 CEST443502025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.636291027 CEST50202443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.639291048 CEST50202443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.639298916 CEST443502025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.642431974 CEST50202443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.655445099 CEST443501835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.655515909 CEST50183443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.657844067 CEST443501845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.657912016 CEST50184443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.660497904 CEST443502015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.667361021 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.667368889 CEST443502035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.667438030 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.667766094 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.667776108 CEST443502035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.671356916 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.688503981 CEST443502025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.689954042 CEST443501855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.690052986 CEST50185443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.698846102 CEST50204443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.698864937 CEST443502045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.698954105 CEST50204443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.699413061 CEST50204443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.699424982 CEST443502045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.706538916 CEST50204443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.716509104 CEST443502035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.730551004 CEST50205443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.730560064 CEST443502055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.730662107 CEST50205443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.730874062 CEST50205443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.730881929 CEST443502055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.736891985 CEST50205443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.748503923 CEST443502045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.767426014 CEST50206443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.767431974 CEST443502065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.767538071 CEST50206443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.769299984 CEST50206443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.769309044 CEST443502065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.770457983 CEST443501865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.770538092 CEST443501865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.770613909 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.770613909 CEST50186443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.773113012 CEST50206443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.776587009 CEST443501875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.776673079 CEST50187443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.780503988 CEST443502055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.791918993 CEST50207443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.791929960 CEST443502075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.792078972 CEST50207443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.793303967 CEST50207443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.793313026 CEST443502075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.801318884 CEST50207443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.804461956 CEST443501885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.804563999 CEST443501885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.804586887 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.804686069 CEST50188443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.816505909 CEST443502065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.825303078 CEST50208443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.825324059 CEST443502085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.829365969 CEST50208443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.835364103 CEST443498385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.835472107 CEST443498385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.835540056 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.835540056 CEST49838443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.848499060 CEST443502075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.857306004 CEST50209443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.857333899 CEST443502095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.857453108 CEST50209443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.857693911 CEST50209443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.857707977 CEST443502095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.860860109 CEST50209443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.861646891 CEST443501895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.861752033 CEST443501895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.861769915 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.861830950 CEST50189443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.886003971 CEST50210443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.886015892 CEST443502105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.886360884 CEST50210443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.888637066 CEST50210443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.888637066 CEST50210443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.888647079 CEST443502105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.908410072 CEST443501905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.908499002 CEST443502095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.908545017 CEST443501905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.908586025 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.909358025 CEST50190443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.917037964 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.917051077 CEST443502115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.917140007 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.921305895 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.921318054 CEST443502115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.922641993 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.923645973 CEST443501925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.923774004 CEST50192443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.932502031 CEST443502105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.949065924 CEST50212443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.949089050 CEST443502125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.949146032 CEST50212443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.949482918 CEST50212443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.949495077 CEST443502125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.955471992 CEST50212443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.968493938 CEST443502115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.980473042 CEST50213443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.980485916 CEST443502135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.980544090 CEST50213443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.980798006 CEST50213443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.980808973 CEST443502135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:39.987343073 CEST50213443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:39.996501923 CEST443502125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.006316900 CEST443501935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.006433964 CEST443501935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.006567001 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.007359982 CEST50193443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.007616997 CEST443501945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.007666111 CEST50194443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.011790991 CEST50214443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.011801958 CEST443502145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.011864901 CEST50214443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.012083054 CEST50214443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.012094021 CEST443502145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.017360926 CEST443501955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.017419100 CEST50195443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.018841982 CEST50214443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.032501936 CEST443502135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.043306112 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.043334007 CEST443502155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.043390989 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.043586969 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.043601990 CEST443502155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.049762964 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.064503908 CEST443502145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.076757908 CEST50216443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.076771975 CEST443502165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.076817036 CEST50216443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.077068090 CEST50216443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.077080011 CEST443502165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.084108114 CEST50216443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.096492052 CEST443502155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.106112003 CEST50217443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.106136084 CEST443502175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.106209993 CEST50217443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.106529951 CEST50217443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.106544018 CEST443502175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.112909079 CEST50217443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.112926006 CEST443501965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.112981081 CEST50196443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.117800951 CEST443501975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.117892981 CEST443501975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.117897987 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.117949009 CEST50197443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.124507904 CEST443502165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.137259007 CEST50218443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.137278080 CEST443502185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.137332916 CEST50218443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.137661934 CEST50218443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.137670040 CEST443502185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.143520117 CEST50218443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.160497904 CEST443502175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.184504986 CEST443502185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.184675932 CEST50219443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.184705019 CEST443502195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.184751987 CEST50219443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.184900999 CEST443501985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.184947968 CEST50198443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.185163021 CEST50219443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.185170889 CEST443502195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.185503960 CEST443501995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.185597897 CEST443501995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.185635090 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.185698986 CEST50199443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.192903042 CEST50219443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.215064049 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.215075970 CEST443502205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.215125084 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.215411901 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.215424061 CEST443502205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.220727921 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.226674080 CEST443502005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.226742983 CEST50200443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.240492105 CEST443502195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.247410059 CEST50221443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.247427940 CEST443502215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.247482061 CEST50221443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.247859001 CEST50221443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.247872114 CEST443502215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.268069983 CEST50221443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.268491030 CEST443502205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.290060043 CEST443502015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.290121078 CEST50201443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.290303946 CEST443502025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.290385008 CEST50202443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.298372984 CEST50222443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.298392057 CEST443502225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.298484087 CEST50222443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.298861027 CEST50222443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.298872948 CEST443502225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.312505007 CEST443502215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.317936897 CEST50222443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.336173058 CEST443502035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.336272001 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.336277962 CEST443502035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.336319923 CEST50203443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.341403961 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.341420889 CEST443502235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.341466904 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.341978073 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.341989994 CEST443502235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.356343985 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.358002901 CEST443502045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.358047009 CEST50204443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.360503912 CEST443502225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.389085054 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.389111996 CEST443502245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.389167070 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.389590025 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.389604092 CEST443502245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.396498919 CEST443502235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.398010969 CEST443502055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.398058891 CEST50205443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.406125069 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.414201021 CEST443502065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.414262056 CEST50206443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.438745022 CEST50225443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.438774109 CEST443502255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.438831091 CEST50225443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.439785957 CEST50225443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.439800024 CEST443502255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.445837021 CEST443502075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.445931911 CEST50207443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.448508024 CEST443502245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.458498001 CEST50225443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.481751919 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.481781006 CEST443502265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.481853008 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.482152939 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.482167006 CEST443502265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.493558884 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.504492044 CEST443502255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.517673016 CEST443502095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.517724991 CEST50209443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.527067900 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.527093887 CEST443502275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.527194977 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.527443886 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.527457952 CEST443502275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.532790899 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.534729004 CEST443502105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.534785032 CEST50210443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.536499023 CEST443502265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.558458090 CEST50228443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.558480978 CEST443502285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.558581114 CEST50228443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.558808088 CEST50228443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.558820009 CEST443502285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.561784029 CEST443502115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.561878920 CEST443502115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.561923981 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.561945915 CEST50211443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.564107895 CEST50228443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.580024958 CEST443502125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.580073118 CEST50212443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.580492020 CEST443502275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.589730024 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.589752913 CEST443502295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.589813948 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.590115070 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.590127945 CEST443502295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.596344948 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.605551004 CEST443502135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.605602980 CEST50213443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.608500004 CEST443502285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.620848894 CEST50230443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.620867968 CEST443502305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.620969057 CEST50230443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.621232033 CEST50230443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.621242046 CEST443502305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.626971960 CEST50230443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.640503883 CEST443502295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.651443958 CEST50231443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.651462078 CEST443502315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.651859045 CEST50231443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.652146101 CEST50231443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.652158022 CEST443502315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.654134035 CEST50231443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.661616087 CEST443502155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.661751986 CEST443502155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.661781073 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.661806107 CEST50215443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.666490078 CEST443502145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.666558981 CEST50214443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.668504000 CEST443502305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.682646036 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.682658911 CEST443502325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.682754993 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.683043003 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.683053970 CEST443502325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.689316034 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.700499058 CEST443502315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.712141037 CEST443502165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.712187052 CEST50216443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.714235067 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.714246988 CEST443502335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.714333057 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.714538097 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.714550018 CEST443502335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.719679117 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.732496977 CEST443502325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.745517969 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.745528936 CEST443502345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.745583057 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.745827913 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.745839119 CEST443502345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.750719070 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.757810116 CEST443502175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.757875919 CEST50217443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.758606911 CEST443502185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.758666039 CEST50218443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.764499903 CEST443502335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.777545929 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.777563095 CEST443502355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.777643919 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.778332949 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.778343916 CEST443502355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.787245035 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.792507887 CEST443502345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.796982050 CEST443502195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.797049046 CEST50219443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.808598995 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.808634043 CEST443502365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.808706045 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.808969975 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.808984041 CEST443502365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.815274000 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.828500032 CEST443502355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.839155912 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.839175940 CEST443502375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.839541912 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.839945078 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.839956999 CEST443502375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.845581055 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.851075888 CEST443502205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.851185083 CEST443502205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.851238966 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.851253986 CEST50220443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.860501051 CEST443502365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.871690035 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.871706009 CEST443502385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.871779919 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.872040987 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.872052908 CEST443502385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.877644062 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.878933907 CEST443502215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.878999949 CEST50221443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.892493963 CEST443502375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.909404039 CEST443502225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.909451962 CEST50222443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.918205976 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.918234110 CEST443502395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.918302059 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.918509007 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.918523073 CEST443502395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.920501947 CEST443502385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.936472893 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.949335098 CEST443502235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.949434042 CEST443502235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.949461937 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.953329086 CEST50223443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.965301991 CEST50240443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.965339899 CEST443502405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.965404987 CEST50240443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.966065884 CEST50240443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.966079950 CEST443502405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.971391916 CEST50240443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.976505995 CEST443502395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.995692015 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.995726109 CEST443502415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:40.995826006 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.996068954 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:40.996083021 CEST443502415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.002655983 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.016509056 CEST443502405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.024535894 CEST443502245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.024631977 CEST443502245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.025356054 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.025356054 CEST50224443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.029325008 CEST50242443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.029361963 CEST443502425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.029536009 CEST50242443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.033313036 CEST50242443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.033324003 CEST443502425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.033688068 CEST50242443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.044502974 CEST443502415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.057634115 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.057653904 CEST443502435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.061351061 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.061605930 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.061616898 CEST443502435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.065304041 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.076334000 CEST443502255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.076417923 CEST50225443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.076504946 CEST443502425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.088928938 CEST50244443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.088960886 CEST443502445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.089385033 CEST50244443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.089581966 CEST50244443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.089591980 CEST443502445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.091041088 CEST50244443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.108498096 CEST443502435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.120573997 CEST50245443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.120589018 CEST443502455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.120666027 CEST50245443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.121257067 CEST50245443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.121265888 CEST443502455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.136498928 CEST443502445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.141958952 CEST50245443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.150969982 CEST443502275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.151082993 CEST443502275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.151118040 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.151335955 CEST50227443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.167603016 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.167618990 CEST443502465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.167867899 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.169306040 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.169317961 CEST443502465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.174442053 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.188505888 CEST443502455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.201303005 CEST50247443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.201323032 CEST443502475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.201381922 CEST50247443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.201848984 CEST443502265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.201956034 CEST443502265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.202049017 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.202049017 CEST50226443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.203623056 CEST443502285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.203723907 CEST50228443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.209876060 CEST443502295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.209974051 CEST443502295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.210000992 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.210062981 CEST50229443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.220499992 CEST443502465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.229650021 CEST50248443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.229666948 CEST443502485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.230014086 CEST50248443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.230014086 CEST50248443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.230037928 CEST443502485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.236346006 CEST50248443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.260649920 CEST50249443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.260668993 CEST443502495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.260792017 CEST50249443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.261029959 CEST50249443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.261040926 CEST443502495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.267664909 CEST50249443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.276500940 CEST443502485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.287771940 CEST443502315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.287847996 CEST50231443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.292211056 CEST50250443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.292227030 CEST443502505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.292315006 CEST50250443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.292597055 CEST50250443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.292606115 CEST443502505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.296560049 CEST443502305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.296643019 CEST50230443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.298748970 CEST50250443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.308500051 CEST443502495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.323895931 CEST50251443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.323916912 CEST443502515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.325400114 CEST50251443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.325674057 CEST50251443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.325685978 CEST443502515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.331541061 CEST50251443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.344496012 CEST443502505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.345551968 CEST443502325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.345700026 CEST443502325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.345735073 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.345978022 CEST50232443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.354717016 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.354733944 CEST443502525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.357355118 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.360760927 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.360760927 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.360774040 CEST443502525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.372503996 CEST443502515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.375667095 CEST443502335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.375807047 CEST443502335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.375847101 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.376274109 CEST50233443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387124062 CEST443502345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.387167931 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387181997 CEST443502535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.387228012 CEST443502345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.387238026 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387253046 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387325048 CEST50234443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387741089 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.387752056 CEST443502535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.392765999 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.408498049 CEST443502525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.417150021 CEST443502355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.417254925 CEST443502355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.417295933 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.417381048 CEST50235443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.417958021 CEST50254443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.417970896 CEST443502545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.418081999 CEST50254443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.418258905 CEST50254443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.418278933 CEST443502545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.420433998 CEST50254443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.436496973 CEST443502535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.453304052 CEST50255443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.453325987 CEST443502555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.453422070 CEST50255443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.455797911 CEST50255443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.455797911 CEST50255443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.455816031 CEST443502555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.457654953 CEST443502375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.457756042 CEST443502375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.457932949 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.457932949 CEST50237443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.459078074 CEST443502365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.459166050 CEST443502365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.459223986 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.459224939 CEST50236443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.464498997 CEST443502545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.486450911 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.486474991 CEST443502565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.489383936 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.489726067 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.489738941 CEST443502565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.493803024 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.496503115 CEST443502555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.527328968 CEST50257443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.527362108 CEST443502575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.529365063 CEST50257443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.529994965 CEST50257443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.529994965 CEST50257443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.530009985 CEST443502575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.533441067 CEST443502385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.533550978 CEST443502385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.533586979 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.533998013 CEST50238443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.540503025 CEST443502565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.542819977 CEST443502395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.542924881 CEST443502395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.543015957 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.543015957 CEST50239443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.561310053 CEST50258443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.561322927 CEST443502585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.561405897 CEST50258443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.562944889 CEST50258443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.562944889 CEST50258443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.562952042 CEST443502585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.576494932 CEST443502575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.589083910 CEST50259443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.589104891 CEST443502595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.589338064 CEST50259443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.589603901 CEST50259443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.589616060 CEST443502595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.591793060 CEST443502405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.591870070 CEST50240443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.597309113 CEST50259443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.604500055 CEST443502585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.619872093 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.619894981 CEST443502605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.621503115 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.621619940 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.621633053 CEST443502605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.625724077 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.644500017 CEST443502595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.651742935 CEST50261443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.651757956 CEST443502615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.651982069 CEST50261443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.652230978 CEST50261443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.652240992 CEST443502615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.659560919 CEST443502415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.659594059 CEST50261443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.659660101 CEST443502415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.659667015 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.659774065 CEST50241443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.668500900 CEST443502605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.675044060 CEST443502425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.675118923 CEST50242443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.684037924 CEST50262443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.684051037 CEST443502625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.684216976 CEST50262443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.684791088 CEST50262443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.684801102 CEST443502625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.693523884 CEST50262443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.697025061 CEST443502435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.697124958 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.697132111 CEST443502435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.697376966 CEST50243443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.700527906 CEST443502615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.714481115 CEST50263443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.714498043 CEST443502635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.714751959 CEST50263443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.714937925 CEST50263443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.714948893 CEST443502635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.723730087 CEST50263443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.724153996 CEST443502445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.724261045 CEST50244443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.736510038 CEST443502625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.745311975 CEST50264443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.745332956 CEST443502645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.745511055 CEST50264443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.749308109 CEST50264443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.749320984 CEST443502645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.750881910 CEST50264443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.751046896 CEST443502455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.751127958 CEST50245443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.768492937 CEST443502635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.777307034 CEST50265443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.777329922 CEST443502655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.777529001 CEST50265443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.777787924 CEST50265443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.777796030 CEST443502655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.785306931 CEST50265443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.796499014 CEST443502645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.804748058 CEST443502465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.804867029 CEST443502465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.805036068 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.805036068 CEST50246443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.809583902 CEST50266443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.809593916 CEST443502665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.813364983 CEST50266443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.813755035 CEST50266443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.813767910 CEST443502665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.819672108 CEST50266443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.832529068 CEST443502655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.841239929 CEST50267443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.841269016 CEST443502675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.841345072 CEST50267443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.841732979 CEST50267443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.841744900 CEST443502675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.844146013 CEST443502485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.844230890 CEST50248443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.847728968 CEST50267443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.864500999 CEST443502665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.866461992 CEST443502495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.866556883 CEST50249443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.873305082 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.873321056 CEST443502685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.873478889 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.873823881 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.873831987 CEST443502685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.878009081 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.892496109 CEST443502675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.901423931 CEST50269443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.901434898 CEST443502695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.905463934 CEST50269443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.905759096 CEST50269443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.905769110 CEST443502695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.906270981 CEST50269443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.915070057 CEST443502505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.915157080 CEST50250443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.920502901 CEST443502685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.933305025 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.933314085 CEST443502705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.933382034 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.933686972 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.933696985 CEST443502705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.938999891 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.948509932 CEST443502695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.950664043 CEST443502515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.950737000 CEST50251443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.965225935 CEST50271443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.965244055 CEST443502715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.965328932 CEST50271443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.965585947 CEST50271443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.965595961 CEST443502715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.969805002 CEST50271443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.980503082 CEST443502705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.997009039 CEST50272443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.997042894 CEST443502725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.997174978 CEST50272443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.997494936 CEST50272443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.997504950 CEST443502725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.999300957 CEST443502525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.999398947 CEST443502525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:41.999442101 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:41.999459028 CEST50252443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.005286932 CEST443502535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.005397081 CEST443502535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.005445004 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.005471945 CEST50253443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.012521029 CEST443502715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.012527943 CEST50272443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.043118954 CEST50273443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.043142080 CEST443502735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.043256998 CEST50273443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.043502092 CEST50273443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.043509960 CEST443502735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.051453114 CEST50273443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.056502104 CEST443502725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.074768066 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.074783087 CEST443502745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.074841022 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.075066090 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.075078964 CEST443502745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.078747034 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.096503973 CEST443502735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.104839087 CEST50275443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.104866982 CEST443502755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.104952097 CEST50275443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.105160952 CEST50275443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.105173111 CEST443502755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.111838102 CEST50275443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.115135908 CEST443502555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.115205050 CEST50255443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.120501995 CEST443502745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.136456013 CEST50276443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.136468887 CEST443502765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.136518955 CEST50276443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.136764050 CEST50276443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.136775017 CEST443502765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.143991947 CEST50276443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.152498007 CEST443502755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.172450066 CEST50277443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.172501087 CEST443502775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.172555923 CEST50277443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.172872066 CEST50277443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.172883034 CEST443502775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.174259901 CEST443502545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.174324989 CEST50254443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.175811052 CEST443502575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.175865889 CEST50257443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.178369999 CEST443502565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.178456068 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.178467989 CEST443502565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.178658962 CEST50256443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.180279970 CEST50277443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.188509941 CEST443502765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.205739021 CEST443502585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.205800056 CEST50258443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.214883089 CEST50278443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.214894056 CEST443502785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.214955091 CEST50278443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.215399981 CEST50278443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.215411901 CEST443502785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.220503092 CEST443502775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.222749949 CEST50278443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.244956970 CEST50279443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.244983912 CEST443502795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.245038033 CEST50279443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.245255947 CEST50279443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.245270014 CEST443502795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.252059937 CEST50279443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.264504910 CEST443502785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.276377916 CEST50280443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.276391983 CEST443502805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.276444912 CEST50280443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.276765108 CEST50280443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.276777029 CEST443502805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.282653093 CEST50280443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.292509079 CEST443502795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.294085979 CEST443502595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.294140100 CEST50259443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.308175087 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.308197021 CEST443502815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.308257103 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.308552980 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.308568001 CEST443502815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.316271067 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.324505091 CEST443502805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.338943005 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.338952065 CEST443502825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.339006901 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.339304924 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.339314938 CEST443502825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.345213890 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.355931997 CEST443502615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.355983973 CEST50261443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.357455969 CEST443502605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.357547998 CEST443502605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.357595921 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.357618093 CEST50260443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.360503912 CEST443502815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.370230913 CEST50283443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.370244980 CEST443502835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.370326996 CEST50283443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.370609045 CEST50283443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.370620012 CEST443502835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.373420954 CEST443502625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.373476028 CEST50262443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.377531052 CEST50283443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.384330034 CEST443502635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.384392977 CEST50263443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.388505936 CEST443502825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.401995897 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.402018070 CEST443502845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.402072906 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.402309895 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.402318001 CEST443502845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.406335115 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.424504995 CEST443502835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.433772087 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.433787107 CEST443502855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.434037924 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.434303999 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.434315920 CEST443502855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.441931009 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.448506117 CEST443502845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.451349974 CEST443502645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.451400995 CEST50264443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.463831902 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.463840961 CEST443502865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.463896036 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.464174032 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.464185953 CEST443502865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.470885992 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.471352100 CEST443502655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.471405029 CEST50265443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.484502077 CEST443502855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.496968985 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.496988058 CEST443502875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.497045040 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.497703075 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.497714996 CEST443502875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.512514114 CEST443502865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.515778065 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.520068884 CEST443502665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.520150900 CEST50266443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.544050932 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.544085979 CEST443502885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.544193029 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.544524908 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.544534922 CEST443502885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.545562983 CEST443502685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.545654058 CEST443502685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.545716047 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.545728922 CEST50268443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.546825886 CEST443502675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.546876907 CEST50267443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.558514118 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.560503960 CEST443502875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.589674950 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.589701891 CEST443502895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.589776993 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.590055943 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.590069056 CEST443502895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.600508928 CEST443502885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.601208925 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.620351076 CEST50290443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.620362997 CEST443502905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.620440006 CEST50290443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.620798111 CEST50290443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.620810986 CEST443502905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.626087904 CEST50290443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.642226934 CEST443502695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.642276049 CEST50269443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.648504972 CEST443502895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.651371002 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.651393890 CEST443502915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.651556969 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.651971102 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.651981115 CEST443502915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.659648895 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.662111044 CEST443502705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.662211895 CEST443502705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.662403107 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.662404060 CEST50270443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.667555094 CEST443502715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.667619944 CEST50271443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.668509960 CEST443502905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.682935953 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.682948112 CEST443502925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.683187962 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.683242083 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.683248997 CEST443502925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.691318035 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.704500914 CEST443502915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.714149952 CEST50293443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.714168072 CEST443502935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.714226007 CEST50293443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.714521885 CEST50293443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.714531898 CEST443502935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.722208977 CEST50293443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.736490011 CEST443502925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.745162964 CEST50294443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.745171070 CEST443502945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.745229006 CEST50294443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.745593071 CEST50294443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.745604038 CEST443502945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.751327038 CEST443502725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.751382113 CEST50272443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.751923084 CEST50294443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.755239964 CEST443502735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.755299091 CEST50273443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.756544113 CEST443502745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.756644964 CEST443502745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.756688118 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.756706953 CEST50274443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.768501997 CEST443502935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.777146101 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.777158022 CEST443502955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.777235985 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.777549982 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.777560949 CEST443502955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.783833981 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.784656048 CEST443502755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.784717083 CEST50275443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.790352106 CEST443502765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.790431976 CEST50276443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.792499065 CEST443502945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.808124065 CEST50296443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.808132887 CEST443502965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.808226109 CEST50296443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.808535099 CEST50296443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.808547020 CEST443502965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.815165043 CEST50296443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.824503899 CEST443502955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.840024948 CEST50297443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.840040922 CEST443502975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.840188980 CEST50297443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.840385914 CEST50297443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.840396881 CEST443502975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.844947100 CEST50297443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.850893021 CEST443502775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.850976944 CEST50277443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.856501102 CEST443502965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.871516943 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.871541023 CEST443502985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.871619940 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.871876955 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.871890068 CEST443502985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.877953053 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.879344940 CEST443502795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.879410028 CEST50279443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.888506889 CEST443502975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.902607918 CEST443502785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.902667999 CEST50278443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.902954102 CEST50299443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.902968884 CEST443502995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.903074980 CEST50299443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.903472900 CEST50299443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.903482914 CEST443502995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.905522108 CEST443502805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.905570984 CEST50280443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.911220074 CEST50299443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.924500942 CEST443502985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.933190107 CEST50300443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.933211088 CEST443503005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.933263063 CEST50300443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.933583975 CEST50300443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.933597088 CEST443503005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.940824986 CEST50300443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.956506968 CEST443502995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.957629919 CEST443502815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.957721949 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.957729101 CEST443502815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.957798004 CEST50281443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.961044073 CEST443502825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.961144924 CEST443502825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.961214066 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.961214066 CEST50282443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.964272022 CEST50301443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.964284897 CEST443503015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.964519978 CEST50301443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.964849949 CEST50301443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.964862108 CEST443503015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.972318888 CEST50301443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.988496065 CEST443503005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.995623112 CEST50302443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.995636940 CEST443503025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:42.997421026 CEST50302443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.997633934 CEST50302443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:42.997652054 CEST443503025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.003360987 CEST50302443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.016494036 CEST443503015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.025120974 CEST443502835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.025207996 CEST50283443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.029333115 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.029365063 CEST443503035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.029509068 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.031275034 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.031275034 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.031291962 CEST443503035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.044502020 CEST443503025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.047698021 CEST443502845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.047785997 CEST443502845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.047852993 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.047852993 CEST50284443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.051563978 CEST443502855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.051647902 CEST443502855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.051672935 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.051702976 CEST50285443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.057566881 CEST50304443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.057591915 CEST443503045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.057713032 CEST50304443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.058002949 CEST50304443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.058015108 CEST443503045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.061422110 CEST50304443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.072499990 CEST443503035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.088716984 CEST50305443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.088742018 CEST443503055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.088864088 CEST50305443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.089215994 CEST50305443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.089225054 CEST443503055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.095851898 CEST50305443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.108489990 CEST443503045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.114356995 CEST443502865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.114449024 CEST443502865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.114449978 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.114528894 CEST50286443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.121308088 CEST50306443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.121316910 CEST443503065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.121380091 CEST50306443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.125308990 CEST50306443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.125318050 CEST443503065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.126245022 CEST50306443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.135152102 CEST443502875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.135241032 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.135246038 CEST443502875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.135461092 CEST50287443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.140491962 CEST443503055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.151926041 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.151945114 CEST443503075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.152420044 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.152765989 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.152777910 CEST443503075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.158469915 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.172507048 CEST443503065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.190581083 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.190589905 CEST443503085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.190665960 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.190958977 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.190970898 CEST443503085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.199018002 CEST443502885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.199110985 CEST443502885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.199136019 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.201344013 CEST443502895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.201387882 CEST50288443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.201436043 CEST443502895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.202181101 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.202181101 CEST50289443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.204500914 CEST443503075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.210272074 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.228171110 CEST443502905.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.228247881 CEST50290443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.245645046 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.245659113 CEST443503095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.245733976 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.246033907 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.246043921 CEST443503095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.252772093 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.256505013 CEST443503085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.277314901 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.277323961 CEST443503105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.277391911 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.277800083 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.277810097 CEST443503105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.279691935 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.296504021 CEST443503095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.301090002 CEST443502915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.301192045 CEST443502915.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.301198006 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.301409960 CEST50291443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.307444096 CEST443502925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.307550907 CEST443502925.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.307625055 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.307625055 CEST50292443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.307986021 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.308010101 CEST443503115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.308239937 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.308684111 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.308696032 CEST443503115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.316101074 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.320499897 CEST443503105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.327191114 CEST443502935.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.327261925 CEST50293443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.339312077 CEST50312443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.339322090 CEST443503125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.339488029 CEST50312443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.339740038 CEST50312443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.339745045 CEST443503125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.348439932 CEST50312443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.356506109 CEST443503115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.370722055 CEST443502945.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.370752096 CEST50313443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.370764017 CEST443503135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.370798111 CEST50294443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.370836973 CEST50313443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.371670008 CEST50313443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.371679068 CEST443503135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.380238056 CEST50313443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.392488956 CEST443503125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.393250942 CEST443502955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.393357038 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.393357992 CEST443502955.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.393481016 CEST50295443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.401603937 CEST50314443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.401612043 CEST443503145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.401735067 CEST50314443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.402053118 CEST50314443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.402062893 CEST443503145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.411470890 CEST50314443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.424504995 CEST443503135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.433311939 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.433322906 CEST443503155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.433433056 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.433676958 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.433686972 CEST443503155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.438246965 CEST443502965.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.438311100 CEST50296443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.441310883 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.452745914 CEST443502975.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.452827930 CEST50297443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.456501007 CEST443503145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.465311050 CEST50316443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.465321064 CEST443503165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.465425968 CEST50316443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.465687990 CEST50316443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.465697050 CEST443503165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.470859051 CEST50316443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.488507986 CEST443503155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.493177891 CEST443502985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.493288040 CEST443502985.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.493360996 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.493360996 CEST50298443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.496911049 CEST50317443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.496920109 CEST443503175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.496995926 CEST50317443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.497313023 CEST50317443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.497323036 CEST443503175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.500931025 CEST50317443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.516506910 CEST443503165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.529314995 CEST50318443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.529321909 CEST443503185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.529392004 CEST50318443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.529843092 CEST50318443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.529851913 CEST443503185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.538722992 CEST443502995.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.538800955 CEST50299443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.544507027 CEST443503175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.545661926 CEST50318443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.549228907 CEST443503005.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.549318075 CEST50300443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.573405027 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.573414087 CEST443503195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.573518991 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.577312946 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.577322960 CEST443503195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.579525948 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.588500977 CEST443503185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.595170975 CEST443503015.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.595235109 CEST50301443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.604181051 CEST50320443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.604209900 CEST443503205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.604650974 CEST50320443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.605314970 CEST50320443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.605325937 CEST443503205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.609312057 CEST50320443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.618418932 CEST443503025.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.618494987 CEST50302443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.624501944 CEST443503195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.631582975 CEST443503035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.631660938 CEST443503035.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.631724119 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.631724119 CEST50303443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.635829926 CEST50321443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.635852098 CEST443503215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.635974884 CEST50321443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.636203051 CEST50321443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.636214018 CEST443503215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.640852928 CEST50321443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.652499914 CEST443503205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.660196066 CEST443503045.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.660276890 CEST50304443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.669310093 CEST50322443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.669325113 CEST443503225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.669399977 CEST50322443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.669672966 CEST50322443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.669683933 CEST443503225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.672501087 CEST50322443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.688509941 CEST443503215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.696991920 CEST443503055.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.697087049 CEST50305443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.699285030 CEST50323443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.699296951 CEST443503235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.699392080 CEST50323443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.699857950 CEST50323443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.699867010 CEST443503235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.705312014 CEST50323443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.720494986 CEST443503225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.733318090 CEST50324443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.733325958 CEST443503245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.733412027 CEST50324443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.737317085 CEST50324443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.737327099 CEST443503245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.740133047 CEST50324443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.741942883 CEST443503065.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.742011070 CEST50306443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.752496004 CEST443503235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.765312910 CEST50325443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.765326023 CEST443503255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.765484095 CEST50325443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.765710115 CEST50325443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.765718937 CEST443503255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.768862009 CEST50325443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.769378901 CEST443503075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.769468069 CEST443503075.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.769479990 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.769553900 CEST50307443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.784487009 CEST443503245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.792368889 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.792376041 CEST443503265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.792654037 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.793098927 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.793107986 CEST443503265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.801315069 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.812500000 CEST443503255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.823502064 CEST50327443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.823520899 CEST443503275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.823936939 CEST50327443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.825313091 CEST50327443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.825325012 CEST443503275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.829312086 CEST50327443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.840997934 CEST443503085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.841088057 CEST443503085.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.841152906 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.841152906 CEST50308443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.844504118 CEST443503265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.856242895 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.856251955 CEST443503285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.856370926 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.856528044 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.856538057 CEST443503285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.865314007 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.876502037 CEST443503275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.881547928 CEST443503095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.881653070 CEST443503095.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.881716967 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.881716967 CEST50309443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.885241032 CEST443503105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.885339022 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.885339975 CEST443503105.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.885416031 CEST50310443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.901314974 CEST50329443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.901324034 CEST443503295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.901420116 CEST50329443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.901648045 CEST50329443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.901662111 CEST443503295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.905031919 CEST50329443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.912504911 CEST443503285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.926395893 CEST443503115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.926496983 CEST443503115.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.926562071 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.926562071 CEST50311443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.933314085 CEST50330443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.933320999 CEST443503305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.933423996 CEST50330443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.933746099 CEST50330443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.933753967 CEST443503305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.937333107 CEST50330443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.948503017 CEST443503295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.964914083 CEST50331443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.964925051 CEST443503315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.964989901 CEST50331443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.965257883 CEST50331443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.965267897 CEST443503315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.970089912 CEST443503125.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.970132113 CEST50312443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.974669933 CEST50331443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.984498024 CEST443503305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.996156931 CEST50332443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.996170998 CEST443503325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:43.996221066 CEST50332443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.996504068 CEST50332443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:43.996512890 CEST443503325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.005794048 CEST50332443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.016511917 CEST443503315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.022897005 CEST443503135.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.022948027 CEST50313443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.028558016 CEST50333443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.028567076 CEST443503335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.028631926 CEST50333443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.029009104 CEST50333443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.029017925 CEST443503335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.040781021 CEST50333443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.052501917 CEST443503325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.058970928 CEST443503155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.059075117 CEST443503155.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.059125900 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.060395002 CEST443503145.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.060425043 CEST50315443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.060430050 CEST50314443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.076421976 CEST50334443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.076445103 CEST443503345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.076499939 CEST50334443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.077167988 CEST50334443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.077181101 CEST443503345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.088488102 CEST443503335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.088783979 CEST50334443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.124058008 CEST50335443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.124078035 CEST443503355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.124237061 CEST50335443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.124490976 CEST443503175.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.124541044 CEST50317443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.124624014 CEST50335443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.124633074 CEST443503355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.127259970 CEST443503165.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.127301931 CEST50316443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.136507988 CEST443503345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.144053936 CEST50335443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.161007881 CEST443503185.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.161057949 CEST50318443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.170299053 CEST50336443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.170332909 CEST443503365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.170392990 CEST50336443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.170727015 CEST50336443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.170741081 CEST443503365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.184519053 CEST443503355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.189420938 CEST50336443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.217829943 CEST50337443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.217859983 CEST443503375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.217907906 CEST50337443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.219523907 CEST50337443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.219538927 CEST443503375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.233215094 CEST443503195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.233319044 CEST443503195.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.233335972 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.233370066 CEST50319443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.236507893 CEST443503365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.243408918 CEST50337443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.248815060 CEST443503205.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.248876095 CEST50320443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.277565956 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.277587891 CEST443503385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.277646065 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.277966976 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.277978897 CEST443503385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.284507990 CEST443503375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.286043882 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.305391073 CEST443503215.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.305440903 CEST50321443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.308487892 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.308514118 CEST443503395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.308576107 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.308873892 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.308887005 CEST443503395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.315898895 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.332505941 CEST443503385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.339487076 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.339505911 CEST443503405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.339685917 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.339930058 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.339941978 CEST443503405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.344980955 CEST443503225.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.345038891 CEST50322443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.346550941 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.346607924 CEST443503235.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.346652031 CEST50323443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.356499910 CEST443503395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.370711088 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.370734930 CEST443503415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.370783091 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.371056080 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.371064901 CEST443503415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.373640060 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.392504930 CEST443503405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.401916981 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.401938915 CEST443503425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.401988983 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.402280092 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.402293921 CEST443503425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.409379005 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.416501045 CEST443503415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.418631077 CEST443503245.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.418684959 CEST50324443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.432954073 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.432966948 CEST443503435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.433020115 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.433281898 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.433294058 CEST443503435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.435777903 CEST443503255.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.435832977 CEST50325443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.439570904 CEST443503265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.439668894 CEST443503265.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.439686060 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.439706087 CEST50326443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.439932108 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.452498913 CEST443503425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.464368105 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.464382887 CEST443503445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.464446068 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.464656115 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.464665890 CEST443503445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.472064018 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.484500885 CEST443503435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.496562004 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.496606112 CEST443503455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.496670008 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.496989965 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.497016907 CEST443503455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.499195099 CEST443503275.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.499269009 CEST50327443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.500705004 CEST443503285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.500798941 CEST443503285.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.500847101 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.500859976 CEST50328443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.504354954 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.516505957 CEST443503445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.527208090 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.527220964 CEST443503465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.527276993 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.527533054 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.527543068 CEST443503465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.533754110 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.544504881 CEST443503455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.562299013 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.562319040 CEST443503475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.562378883 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.562895060 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.562906027 CEST443503475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.579164028 CEST443503305.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.579233885 CEST50330443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.580498934 CEST443503465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.582339048 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.583153963 CEST443503295.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.583205938 CEST50329443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.606213093 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.606235027 CEST443503485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.606308937 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.606626987 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.606642008 CEST443503485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.613040924 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.622795105 CEST443503315.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.622853041 CEST50331443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.628495932 CEST443503475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.638200998 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.638233900 CEST443503495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.638293982 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.638551950 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.638566017 CEST443503495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.641869068 CEST443503325.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.641921043 CEST50332443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.646225929 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.652249098 CEST443503335.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.652329922 CEST50333443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.656502008 CEST443503485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.668194056 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.668207884 CEST443503505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.668333054 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.668580055 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.668591022 CEST443503505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.675360918 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.688499928 CEST443503495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.699367046 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.699404955 CEST443503515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.699489117 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.699754953 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.699764967 CEST443503515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.701531887 CEST443503345.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.701581001 CEST50334443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.704416037 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.720501900 CEST443503505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.730303049 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.730329037 CEST443503525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.730387926 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.730628014 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.730640888 CEST443503525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.738137007 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.748493910 CEST443503515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.762214899 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.762238979 CEST443503535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.762299061 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.762578964 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.762593985 CEST443503535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.766216993 CEST443503355.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.766267061 CEST50335443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.772342920 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.784490108 CEST443503525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.787947893 CEST443503365.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.788007975 CEST50336443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.793028116 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.793047905 CEST443503545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.793122053 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.793382883 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.793395996 CEST443503545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.803067923 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.816500902 CEST443503535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.824223995 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.824242115 CEST443503555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.824295998 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.824673891 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.824685097 CEST443503555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.832083941 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.834897995 CEST443503375.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.834954977 CEST50337443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.848500013 CEST443503545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.854985952 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.855005026 CEST443503565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.855074883 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.855365038 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.855372906 CEST443503565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.860999107 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.876511097 CEST443503555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.889048100 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.889081001 CEST443503575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.889147997 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.889487982 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.889501095 CEST443503575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.896369934 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.904508114 CEST443503565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.910188913 CEST443503385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.910283089 CEST443503385.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.910332918 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.910332918 CEST50338443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.921956062 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.921982050 CEST443503585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.922061920 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.922322989 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.922334909 CEST443503585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.925659895 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.936505079 CEST443503575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.939101934 CEST443503395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.939187050 CEST443503395.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.939191103 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.939229012 CEST50339443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.948110104 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.948137999 CEST443503595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.948353052 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.949337959 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.949348927 CEST443503595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.953845978 CEST443503405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.953938961 CEST443503405.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.957341909 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.957423925 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.957423925 CEST50340443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.968506098 CEST443503585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.981321096 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.981345892 CEST443503605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.985646009 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.985646009 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.985681057 CEST443503605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.989317894 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.994879007 CEST443503415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.994952917 CEST443503415.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:44.997729063 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:44.997730017 CEST50341443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.004508972 CEST443503595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.026145935 CEST443503425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.026171923 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.026197910 CEST443503615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.026299953 CEST443503425.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.026410103 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.026410103 CEST50342443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.026415110 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.029323101 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.029335022 CEST443503615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.032502890 CEST443503605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.032567978 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.052539110 CEST443503435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.052633047 CEST443503435.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.053411007 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.053411007 CEST50343443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.057339907 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.057348967 CEST443503625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.057635069 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.061319113 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.061328888 CEST443503625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.065318108 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.074455976 CEST443503445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.074562073 CEST443503445.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.077481985 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.077481985 CEST50344443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.080499887 CEST443503615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.089333057 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.089354992 CEST443503635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.089730024 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.089730024 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.089754105 CEST443503635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.097321987 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.108500004 CEST443503625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.114247084 CEST443503455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.114335060 CEST443503455.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.117414951 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.117414951 CEST50345443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.121330023 CEST50364443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.121340990 CEST443503645.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.125422955 CEST50364443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.140499115 CEST443503635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.151338100 CEST443503465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.151372910 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.151391983 CEST443503655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.151431084 CEST443503465.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.151539087 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.151536942 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.151536942 CEST50346443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.153321981 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.153341055 CEST443503655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.157324076 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.182653904 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.182667971 CEST443503665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.182753086 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.185328960 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.185344934 CEST443503665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.189070940 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.199933052 CEST443503475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.200031042 CEST443503475.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.200508118 CEST443503655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.200591087 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.200591087 CEST50347443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.213834047 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.213860035 CEST443503675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.214112043 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.214221954 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.214234114 CEST443503675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.221333027 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.232904911 CEST443503485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.233006954 CEST443503485.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.233120918 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.233120918 CEST50348443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.236499071 CEST443503665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.245405912 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.245431900 CEST443503685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.245547056 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.246207952 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.246218920 CEST443503685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.249434948 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.264509916 CEST443503675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.274214029 CEST443503495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.274298906 CEST443503495.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.274390936 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.274390936 CEST50349443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.276797056 CEST50369443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.276820898 CEST443503695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.277425051 CEST50369443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.277652025 CEST50369443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.277662039 CEST443503695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.281819105 CEST50369443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.286164999 CEST443503505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.286248922 CEST443503505.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.286288023 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.286515951 CEST50350443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.296489954 CEST443503685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.308068037 CEST50370443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.308077097 CEST443503705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.308340073 CEST50370443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.308418989 CEST50370443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.308429003 CEST443503705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.313942909 CEST50370443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.324409008 CEST443503515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.324498892 CEST443503695.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.324510098 CEST443503515.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.324609995 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.324609995 CEST50351443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.333056927 CEST443503525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.333147049 CEST443503525.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.333262920 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.333262920 CEST50352443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.341320038 CEST50371443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.341336966 CEST443503715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.341521978 CEST50371443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.345330000 CEST50371443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.345330000 CEST50371443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.345345974 CEST443503715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.356507063 CEST443503705.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.373315096 CEST50372443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.373325109 CEST443503725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.373452902 CEST50372443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.377325058 CEST50372443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.377325058 CEST50372443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.377336025 CEST443503725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.392491102 CEST443503715.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.392956972 CEST443503535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.393047094 CEST443503535.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.393223047 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.393223047 CEST50353443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.405323982 CEST50373443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.405333996 CEST443503735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.405690908 CEST50373443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.405980110 CEST50373443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.405989885 CEST443503735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.409322023 CEST50373443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.409760952 CEST443503545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.409852028 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.409856081 CEST443503545.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.410099030 CEST50354443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.424496889 CEST443503725.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.433315039 CEST50374443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.433324099 CEST443503745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.433506012 CEST50374443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.433676004 CEST50374443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.433685064 CEST443503745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.441323996 CEST50374443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.456495047 CEST443503735.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.465152979 CEST50375443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.465162992 CEST443503755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.465265989 CEST50375443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.469322920 CEST50375443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.469322920 CEST50375443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.469336033 CEST443503755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.480593920 CEST443503555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.480706930 CEST443503555.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.480844021 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.480998039 CEST50355443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.484508038 CEST443503745.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.497319937 CEST50376443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.497339010 CEST443503765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.497415066 CEST50376443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.497874975 CEST50376443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.497885942 CEST443503765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.501841068 CEST50376443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.508793116 CEST443503575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.508896112 CEST443503575.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.509387970 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.509387970 CEST50357443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.511614084 CEST443503565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.511708021 CEST443503565.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.512506008 CEST443503755.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.512592077 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.512592077 CEST50356443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.529320002 CEST50377443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.529340982 CEST443503775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.529527903 CEST50377443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.533330917 CEST50377443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.533330917 CEST50377443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.533344030 CEST443503775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.548500061 CEST443503765.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.551004887 CEST443503585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.551096916 CEST443503585.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.551121950 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.551198959 CEST50358443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.561317921 CEST50378443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.561330080 CEST443503785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.561434031 CEST50378443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.561728954 CEST50378443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.561739922 CEST443503785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.564498901 CEST50378443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.576504946 CEST443503775.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.589221001 CEST50379443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.589231014 CEST443503795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.589322090 CEST50379443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.589600086 CEST50379443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.589611053 CEST443503795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.598362923 CEST443503595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.598406076 CEST50379443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.598472118 CEST443503595.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.598494053 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.598675013 CEST50359443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.612509012 CEST443503785.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.621325970 CEST50380443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.621339083 CEST443503805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.621507883 CEST50380443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.625317097 CEST50380443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.625325918 CEST443503805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.629324913 CEST50380443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.635428905 CEST443503605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.635525942 CEST443503605.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.635564089 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.636001110 CEST50360443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.640494108 CEST443503795.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.653723001 CEST50381443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.653733015 CEST443503815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.653886080 CEST50381443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.654227018 CEST50381443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.654237986 CEST443503815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.660938978 CEST50381443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.672298908 CEST443503625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.672435045 CEST443503625.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.672504902 CEST443503805.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.672523022 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.672523975 CEST50362443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.683327913 CEST50382443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.683339119 CEST443503825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.683502913 CEST50382443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.683810949 CEST443503615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.683846951 CEST50382443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.683859110 CEST443503825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.683908939 CEST443503615.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.683968067 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.685379028 CEST50361443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.688208103 CEST50382443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.704503059 CEST443503815.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.715240002 CEST50383443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.715255976 CEST443503835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.715342999 CEST50383443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.717339039 CEST50383443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.717350006 CEST443503835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.722193003 CEST50383443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.732502937 CEST443503825.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.738750935 CEST443503635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.738854885 CEST443503635.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.738883972 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.739041090 CEST50363443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.745326042 CEST50384443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.745358944 CEST443503845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.748224974 CEST50384443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.748456001 CEST50384443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.748466015 CEST443503845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.753340006 CEST50384443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.764503002 CEST443503835.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.776408911 CEST443503655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.776523113 CEST443503655.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.776645899 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.776645899 CEST50365443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.777579069 CEST50385443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.777604103 CEST443503855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.781405926 CEST50385443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.781637907 CEST50385443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.781650066 CEST443503855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.785181046 CEST50385443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.796511889 CEST443503845.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.813325882 CEST50386443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.813334942 CEST443503865.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.817411900 CEST50386443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.832489014 CEST443503855.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.839922905 CEST50387443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.839939117 CEST443503875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.840279102 CEST50387443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.840341091 CEST50387443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.840349913 CEST443503875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.847487926 CEST50387443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.869436979 CEST443503675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.869544029 CEST443503675.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.869576931 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.870100021 CEST443503665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.870177031 CEST50367443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.870202065 CEST443503665.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.870207071 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.870394945 CEST50366443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.871018887 CEST50388443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.871032953 CEST443503885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.871377945 CEST50388443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.871377945 CEST50388443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.871398926 CEST443503885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.877865076 CEST50388443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.888499022 CEST443503875.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.889111042 CEST443503685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.889213085 CEST443503685.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.891412020 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.891412020 CEST50368443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.903331041 CEST50389443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.903359890 CEST443503895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.903686047 CEST50389443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.904295921 CEST50389443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.904308081 CEST443503895.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.905693054 CEST50389443192.168.2.55.75.168.191
                                  Sep 3, 2024 09:56:45.924501896 CEST443503885.75.168.191192.168.2.5
                                  Sep 3, 2024 09:56:45.935704947 CEST50390443192.168.2.55.75.168.191

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Sep 3, 2024 09:54:58.096790075 CEST192.168.2.51.1.1.10xdf16Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:55:47.996092081 CEST192.168.2.51.1.1.10x5192Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:56:47.527441978 CEST192.168.2.51.1.1.10x9962Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:18.513726950 CEST192.168.2.51.1.1.10xbd23Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:44.526156902 CEST192.168.2.51.1.1.10x4627Standard query (0)getscreen.meA (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:58:44.526979923 CEST192.168.2.51.1.1.10x825eStandard query (0)getscreen.meA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Sep 3, 2024 09:54:58.105314016 CEST1.1.1.1192.168.2.50xdf16No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:54:58.105314016 CEST1.1.1.1192.168.2.50xdf16No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:54:58.105314016 CEST1.1.1.1192.168.2.50xdf16No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:55:48.004107952 CEST1.1.1.1192.168.2.50x5192No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:55:48.004107952 CEST1.1.1.1192.168.2.50x5192No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:55:48.004107952 CEST1.1.1.1192.168.2.50x5192No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:56:47.534778118 CEST1.1.1.1192.168.2.50x9962No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:56:47.534778118 CEST1.1.1.1192.168.2.50x9962No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:56:47.534778118 CEST1.1.1.1192.168.2.50x9962No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:18.521183968 CEST1.1.1.1192.168.2.50xbd23No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:18.521183968 CEST1.1.1.1192.168.2.50xbd23No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:18.521183968 CEST1.1.1.1192.168.2.50xbd23No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:44.534419060 CEST1.1.1.1192.168.2.50x4627No error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:44.534419060 CEST1.1.1.1192.168.2.50x4627No error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:57:44.534419060 CEST1.1.1.1192.168.2.50x4627No error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:58:44.534476042 CEST1.1.1.1192.168.2.50x825eNo error (0)getscreen.me51.89.95.37A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:58:44.534476042 CEST1.1.1.1192.168.2.50x825eNo error (0)getscreen.me5.75.168.191A (IP address)IN (0x0001)false
                                  Sep 3, 2024 09:58:44.534476042 CEST1.1.1.1192.168.2.50x825eNo error (0)getscreen.me78.47.165.25A (IP address)IN (0x0001)false

                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.5497065.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:54:58 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:54:59 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:54:59 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 9
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:54:59 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.5497075.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:55:11 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:55:12 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:55:12 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:55:12 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.5497155.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:55:30 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:55:31 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:55:31 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:55:31 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.5497165.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:55:37 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:55:38 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:55:38 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 8
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:55:38 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.5497175.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:55:48 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:55:48 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:55:48 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:55:48 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.5497195.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:56:02 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:56:03 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:56:03 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:56:03 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.5497205.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:56:05 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:56:05 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:56:05 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:56:05 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.5497215.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:56:09 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:56:10 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:56:10 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:56:10 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.5497225.75.168.1914436512C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  TimestampBytes transferredDirectionData
                                  2024-09-03 07:56:14 UTC290OUTGET /signal/agent HTTP/1.1
                                  Host: getscreen.me
                                  Upgrade: websocket
                                  Connection: Upgrade
                                  Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
                                  Origin: https://getscreen.me
                                  Sec-WebSocket-Protocol: chat, superchat
                                  Sec-WebSocket-Version: 13
                                  User-Agent: Getscreen.me/2.21.3 (Win, getscreen.me, 2)
                                  2024-09-03 07:56:14 UTC265INHTTP/1.1 400 Bad Request
                                  content-type: text/plain; charset=utf-8
                                  sec-websocket-version: 13
                                  x-content-type-options: nosniff
                                  date: Tue, 03 Sep 2024 07:56:14 GMT
                                  content-length: 12
                                  x-envoy-upstream-service-time: 3
                                  server: lb2.getscreen.me
                                  connection: close
                                  2024-09-03 07:56:14 UTC12INData Raw: 42 61 64 20 52 65 71 75 65 73 74 0a
                                  Data Ascii: Bad Request


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:03:54:54
                                  Start date:03/09/2024
                                  Path:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\getscreen-941605629-x86.exe"
                                  Imagebase:0x2d0000
                                  File size:3'654'448 bytes
                                  MD5 hash:5ACB80C387B2A64A4D8BDC6E8489F7E9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:1
                                  Start time:03:54:54
                                  Start date:03/09/2024
                                  Path:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\getscreen-941605629-x86.exe" -gpipe \\.\pipe\PCommand97ykuajzqlynjfrrw -gui
                                  Imagebase:0x2d0000
                                  File size:3'654'448 bytes
                                  MD5 hash:5ACB80C387B2A64A4D8BDC6E8489F7E9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:3
                                  Start time:03:54:55
                                  Start date:03/09/2024
                                  Path:C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\ProgramData\Getscreen.me\wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.exe" -elevate \\.\pipe\elevateGS512wtpgbjxopbtgkqvmzyoyjecsgtfbypc
                                  Imagebase:0xe10000
                                  File size:3'654'448 bytes
                                  MD5 hash:5ACB80C387B2A64A4D8BDC6E8489F7E9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 0%, ReversingLabs
                                  • Detection: 1%, Virustotal, Browse
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:03:54:57
                                  Start date:03/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
                                  Imagebase:0x7ff7e52b0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  General

                                  Target ID:5
                                  Start time:03:54:57
                                  Start date:03/09/2024
                                  Path:C:\Users\user\Desktop\getscreen-941605629-x86.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\getscreen-941605629-x86.exe" -cpipe \\.\pipe\PCommand96hiybpleygsfogra -cmem 0000pipe0PCommand96hiybpleygsfograi025cfv5ugjp5yj -child
                                  Imagebase:0x2d0000
                                  File size:3'654'448 bytes
                                  MD5 hash:5ACB80C387B2A64A4D8BDC6E8489F7E9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:1.1%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:4.6%
                                    Total number of Nodes:175
                                    Total number of Limit Nodes:10
                                    execution_graph 13304 1a229e0 13305 1a229f8 13304->13305 13306 1a22b03 LoadLibraryA 13305->13306 13308 1a22b48 VirtualProtect VirtualProtect 13305->13308 13309 1a22b2c GetProcAddress 13305->13309 13306->13305 13310 1a22bc0 13308->13310 13309->13305 13311 1a22b42 ExitProcess 13309->13311 13312 99b62b 13313 99b637 13312->13313 13314 99b64b 13313->13314 13315 99b63e GetLastError RtlExitUserThread 13313->13315 13318 9af42c GetLastError 13314->13318 13315->13314 13317 99b650 13319 9af442 13318->13319 13329 9af44c SetLastError 13319->13329 13345 9af717 13319->13345 13322 9af4dc 13322->13317 13323 9af479 13324 9af4b9 13323->13324 13325 9af481 13323->13325 13353 9af25a 13324->13353 13349 9af066 13325->13349 13326 9af4e1 13331 9af4fe 13326->13331 13334 9af717 RtlAllocateHeap 13326->13334 13329->13322 13329->13326 13332 9af503 13331->13332 13335 9af57d GetLastError 13331->13335 13332->13317 13333 9af066 ___std_exception_copy 2 API calls 13333->13329 13336 9af522 13334->13336 13337 9af593 13335->13337 13338 9af55e 13336->13338 13339 9af52a 13336->13339 13341 9af622 SetLastError 13337->13341 13340 9af25a 2 API calls 13338->13340 13342 9af066 ___std_exception_copy 2 API calls 13339->13342 13343 9af569 13340->13343 13341->13317 13342->13331 13344 9af066 ___std_exception_copy 2 API calls 13343->13344 13344->13332 13348 9af730 13345->13348 13346 9af74f RtlAllocateHeap 13347 9af764 13346->13347 13346->13348 13347->13323 13348->13346 13348->13347 13350 9af071 RtlFreeHeap 13349->13350 13352 9af093 ___std_exception_copy 13349->13352 13351 9af086 GetLastError 13350->13351 13350->13352 13351->13352 13352->13329 13358 9af0ee 13353->13358 13359 9af0fa 13358->13359 13370 99f2a5 RtlEnterCriticalSection 13359->13370 13361 9af104 13371 9af134 13361->13371 13364 9af200 13365 9af20c 13364->13365 13375 99f2a5 RtlEnterCriticalSection 13365->13375 13367 9af216 13376 9af24e 13367->13376 13370->13361 13374 99f2ed RtlLeaveCriticalSection 13371->13374 13373 9af122 13373->13364 13374->13373 13375->13367 13379 99f2ed RtlLeaveCriticalSection 13376->13379 13378 9af23c 13378->13333 13379->13378 13380 8e652b 13387 36a090 13380->13387 13383 8e6577 13408 98fc8d 13383->13408 13386 8e6661 13388 36a09d 13387->13388 13403 36a105 13388->13403 13415 338cb0 RtlInitializeConditionVariable 13388->13415 13390 36a0d0 13416 338fe0 13390->13416 13395 36a0fe 13399 36a126 13395->13399 13395->13403 13428 36d8c0 13395->13428 13400 36a136 13399->13400 13432 339120 13399->13432 13401 339120 2 API calls 13400->13401 13404 36a146 13400->13404 13401->13404 13403->13383 13405 3489b0 13403->13405 13436 337900 13404->13436 13459 338c50 InitOnceExecuteOnce 13405->13459 13407 3489c2 13407->13383 13409 98fc95 13408->13409 13410 98fc96 IsProcessorFeaturePresent 13408->13410 13409->13386 13412 98fce6 13410->13412 13464 98fca9 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13412->13464 13414 98fdc9 13414->13386 13415->13390 13417 338feb 13416->13417 13418 337900 2 API calls 13417->13418 13419 339012 13417->13419 13418->13419 13419->13395 13420 339040 13419->13420 13421 33904b 13420->13421 13422 337900 2 API calls 13421->13422 13423 339072 13421->13423 13422->13423 13423->13395 13424 36d7c0 13423->13424 13425 36d7cb 13424->13425 13426 36d7fb 13425->13426 13440 36d800 13425->13440 13426->13395 13429 36d8cf 13428->13429 13430 36d8ca 13428->13430 13429->13399 13431 36d800 2 API calls 13430->13431 13431->13429 13433 33912a 13432->13433 13435 339132 13432->13435 13434 337900 2 API calls 13433->13434 13434->13435 13435->13400 13437 337984 13436->13437 13439 33790c 13436->13439 13437->13403 13439->13439 13456 995f15 13439->13456 13441 36d821 13440->13441 13443 36d831 13440->13443 13452 339140 13441->13452 13444 339140 2 API calls 13443->13444 13448 36d852 13443->13448 13444->13448 13445 337900 2 API calls 13447 36d869 13445->13447 13446 36d880 13450 36d89e 13446->13450 13451 337900 2 API calls 13446->13451 13447->13446 13449 337900 2 API calls 13447->13449 13448->13445 13448->13447 13449->13446 13450->13426 13451->13450 13453 339150 13452->13453 13454 33919d 13452->13454 13455 337900 2 API calls 13453->13455 13454->13443 13455->13454 13457 9af066 ___std_exception_copy 2 API calls 13456->13457 13458 995f2d 13457->13458 13458->13437 13460 338c78 13459->13460 13463 338c87 13459->13463 13461 98fc8d std::invalid_argument::invalid_argument 5 API calls 13460->13461 13462 338c82 13461->13462 13462->13407 13463->13407 13464->13414 13465 32d00a 13476 32be18 13465->13476 13469 32d01f 13492 3c2edc 13469->13492 13471 32d030 13472 32be18 9 API calls 13471->13472 13473 32d049 13472->13473 13474 32c13c 3 API calls 13473->13474 13475 32d052 13474->13475 13477 32be41 13476->13477 13485 32be39 13476->13485 13503 98ff78 RtlAcquireSRWLockExclusive 13477->13503 13479 32be4b 13479->13485 13508 98fecc 13479->13508 13481 32be5e 13513 32be80 RtlInitializeCriticalSection TlsAlloc 13481->13513 13483 32be6a 13514 98ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 13483->13514 13486 32c13c 13485->13486 13487 32c153 TlsGetValue 13486->13487 13488 32c14a 13486->13488 13490 32c167 TlsSetValue 13487->13490 13491 32c151 13487->13491 13519 32c178 13488->13519 13490->13469 13491->13490 13493 3c300b 13492->13493 13497 3c2f33 13492->13497 13495 98ff78 3 API calls 13493->13495 13494 3c2fbf KiUserExceptionDispatcher 13494->13471 13496 3c3015 13495->13496 13496->13497 13499 3c3025 GetModuleHandleA GetProcAddress 13496->13499 13497->13494 13498 3c2f92 GetCurrentThread 13497->13498 13501 3c2fb5 SetThreadDescription 13498->13501 13522 98ff27 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 13499->13522 13501->13494 13502 3c3059 13502->13497 13504 98ff8c 13503->13504 13505 98ff91 RtlReleaseSRWLockExclusive 13504->13505 13515 98ffc7 SleepConditionVariableSRW 13504->13515 13505->13479 13509 98fed1 13508->13509 13510 98feeb 13509->13510 13516 9923ce 13509->13516 13510->13481 13512 990ffb 13512->13481 13513->13483 13514->13485 13515->13504 13517 9923e8 13516->13517 13518 992415 KiUserExceptionDispatcher 13516->13518 13517->13518 13518->13512 13520 98fecc KiUserExceptionDispatcher 13519->13520 13521 32c187 13520->13521 13521->13491 13522->13502 13523 43b829 SetLastError 13524 43b88c 13523->13524 13528 43b841 13523->13528 13532 8af1f8 13524->13532 13533 8af206 Concurrency::cancel_current_task 13532->13533 13534 9923ce Concurrency::cancel_current_task KiUserExceptionDispatcher 13533->13534 13535 8af214 13534->13535

                                    Executed Functions

                                    Function 01A229E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 14 1a229e0-1a229f0 15 1a22a02-1a22a07 14->15 16 1a22a09 15->16 17 1a22a0b 16->17 18 1a229f8-1a229fd 16->18 19 1a22a10-1a22a12 17->19 20 1a229fe-1a22a00 18->20 21 1a22a14-1a22a19 19->21 22 1a22a1b-1a22a1f 19->22 20->15 20->16 21->22 23 1a22a21 22->23 24 1a22a2c-1a22a2f 22->24 25 1a22a23-1a22a2a 23->25 26 1a22a4b-1a22a50 23->26 27 1a22a31-1a22a36 24->27 28 1a22a38-1a22a3a 24->28 25->24 25->26 29 1a22a52-1a22a5b 26->29 30 1a22a63-1a22a65 26->30 27->28 28->19 31 1a22ad2-1a22ad5 29->31 32 1a22a5d-1a22a61 29->32 33 1a22a67-1a22a6c 30->33 34 1a22a6e 30->34 35 1a22ada 31->35 32->34 33->34 36 1a22a70-1a22a73 34->36 37 1a22a3c-1a22a3e 34->37 38 1a22adc-1a22ade 35->38 39 1a22a75-1a22a7a 36->39 40 1a22a7c 36->40 41 1a22a40-1a22a45 37->41 42 1a22a47-1a22a49 37->42 43 1a22ae0-1a22ae3 38->43 44 1a22af7 38->44 39->40 40->37 45 1a22a7e-1a22a80 40->45 41->42 46 1a22a9d-1a22aac 42->46 43->38 47 1a22ae5-1a22af5 43->47 48 1a22afd-1a22b01 44->48 49 1a22a82-1a22a87 45->49 50 1a22a89-1a22a8d 45->50 51 1a22aae-1a22ab5 46->51 52 1a22abc-1a22ac9 46->52 47->35 54 1a22b03-1a22b19 LoadLibraryA 48->54 55 1a22b48-1a22b4b 48->55 49->50 50->45 56 1a22a8f 50->56 51->51 57 1a22ab7 51->57 52->52 53 1a22acb-1a22acd 52->53 53->20 59 1a22b1a-1a22b1f 54->59 58 1a22b4e-1a22b55 55->58 60 1a22a91-1a22a98 56->60 61 1a22a9a 56->61 57->20 62 1a22b57-1a22b59 58->62 63 1a22b79-1a22bbd VirtualProtect * 2 58->63 59->48 64 1a22b21-1a22b23 59->64 60->45 60->61 61->46 65 1a22b5b-1a22b6a 62->65 66 1a22b6c-1a22b77 62->66 69 1a22bc0-1a22bc1 63->69 67 1a22b25-1a22b2b 64->67 68 1a22b2c-1a22b39 GetProcAddress 64->68 65->58 66->65 67->68 70 1a22b42 ExitProcess 68->70 71 1a22b3b-1a22b40 68->71 72 1a22bc5-1a22bc9 69->72 71->59 72->72 73 1a22bcb 72->73
                                    APIs
                                    • LoadLibraryA.KERNEL32(?), ref: 01A22B13
                                    • GetProcAddress.KERNELBASE(?,019FCFF9), ref: 01A22B31
                                    • ExitProcess.KERNEL32(?,019FCFF9), ref: 01A22B42
                                    • VirtualProtect.KERNELBASE(002D0000,00001000,00000004,?,00000000), ref: 01A22B90
                                    • VirtualProtect.KERNELBASE(002D0000,00001000), ref: 01A22BA5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                    • String ID:
                                    • API String ID: 1996367037-0
                                    • Opcode ID: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction ID: be29c2174ffe7544937d72a3112bbd0ba001cc5a42c24fc44e68134560e3ac71
                                    • Opcode Fuzzy Hash: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction Fuzzy Hash: EF51F472A507225AD7318EBCCCC0774BBA5EB45230B5C073ADAE2DB6C6E7A458068760
                                    Function 003C2EDC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91threadlibraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetCurrentThread.KERNEL32 ref: 003C2FA5
                                    • SetThreadDescription.KERNELBASE(00000000,?), ref: 003C2FBD
                                    • KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,?), ref: 003C2FEA
                                    • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 003C3031
                                    • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 003C303D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Thread$AddressCurrentDescriptionDispatcherExceptionHandleModuleProcUser
                                    • String ID: Kernel32.dll$SetThreadDescription
                                    • API String ID: 2856497764-1724334159
                                    • Opcode ID: c82ef71306f53c8f2bd1db63ec3a7c9da816da6d78856eb9a09d132b9f3a931f
                                    • Instruction ID: f2ba1ecc8f34c71d3f2a1c38a21d17e3a3f13bf3660d27f14af5a79d99fb1983
                                    • Opcode Fuzzy Hash: c82ef71306f53c8f2bd1db63ec3a7c9da816da6d78856eb9a09d132b9f3a931f
                                    • Instruction Fuzzy Hash: A041CEB1D107499FD710CF58DC88FAAB7B4FB89320F11835AE8A9973A1DB744984CB90
                                    Function 0043B829 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 74 43b829-43b83f SetLastError 75 43b841-43b84e 74->75 76 43b88c-43b8c0 call 8af1f8 call 98fecc 74->76 82 43b852-43b854 75->82 83 43b8c2-43b8dd 76->83 84 43b8e0-43b8fc 76->84 85 43b883-43b889 82->85 86 43b856-43b85b 82->86 83->84 87 43b903 84->87 88 43b8fe-43b901 84->88 89 43b87a-43b880 call 98fc88 86->89 90 43b85d-43b875 86->90 91 43b906-43b91e call 822ba0 87->91 88->91 89->85 90->89
                                    APIs
                                    • SetLastError.KERNEL32(00000000), ref: 0043B834
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0043B88C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Concurrency::cancel_current_taskErrorLast
                                    • String ID:
                                    • API String ID: 523316592-0
                                    • Opcode ID: dc224d41cb88686d0efc6692f25e0c5db5136b6a1770ef8433ec51a85acd7e5a
                                    • Instruction ID: 9c7340bda6a7a2a8d43688c409b57cf3ccf737c231cd41f67ebcf9dc10aab1db
                                    • Opcode Fuzzy Hash: dc224d41cb88686d0efc6692f25e0c5db5136b6a1770ef8433ec51a85acd7e5a
                                    • Instruction Fuzzy Hash: 2C31ADB5A107289FC714EF69D884A6BBBA9FF8C720B05052AEA4997701D771FC40CBD0
                                    Function 0099B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetLastError.KERNEL32(00AF0388,0000000C), ref: 0099B63E
                                    • RtlExitUserThread.NTDLL(00000000), ref: 0099B645
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitLastThreadUser
                                    • String ID:
                                    • API String ID: 1750398979-0
                                    • Opcode ID: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction ID: 05963f88b7a16fd2dfc2522daf8275ae33fa3a17c366f650bee3415995dc072d
                                    • Opcode Fuzzy Hash: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction Fuzzy Hash: 9EF0C871940204AFDF10AFB4D90AB6E7775FF84710F104155F00197262CB346941DFA1
                                    Function 009AF066 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 118 9af066-9af06f 119 9af09e-9af09f 118->119 120 9af071-9af084 RtlFreeHeap 118->120 120->119 121 9af086-9af09d GetLastError call 995f3b call 995fd8 120->121 121->119
                                    APIs
                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF07C
                                    • GetLastError.KERNEL32(?,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF087
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 485612231-0
                                    • Opcode ID: cd68980369be554096d11fb2f08fe05fb0e91b6b136dbe5aa3f15937328ade98
                                    • Instruction ID: 91ca93c02a8a7af5ed27075ac8ee5ec95656500a0c830ee7740945e2412b3762
                                    • Opcode Fuzzy Hash: cd68980369be554096d11fb2f08fe05fb0e91b6b136dbe5aa3f15937328ade98
                                    • Instruction Fuzzy Hash: 4BE0EC32245618ABDF322BA4ED09B9A7B9D9B417A1F124035F61C960B2DA748890DBA4
                                    Function 009923CE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 126 9923ce-9923e6 127 9923e8-9923eb 126->127 128 992415-992437 KiUserExceptionDispatcher 126->128 129 99240b-99240e 127->129 130 9923ed-992409 127->130 129->128 131 992410 129->131 130->128 130->129 131->128
                                    APIs
                                    • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,00990FFB,?,?,?,?,00990FFB,?,00AF0BD8), ref: 0099242E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: DispatcherExceptionUser
                                    • String ID:
                                    • API String ID: 6842923-0
                                    • Opcode ID: 3474e943514071c88ef16c4f09609e6270d7e83134e7aecb09d2f59601d5e1e1
                                    • Instruction ID: e21e551b10441feadd5d91e5066549efbda337ff81fd6148b8dc206110a0d6fe
                                    • Opcode Fuzzy Hash: 3474e943514071c88ef16c4f09609e6270d7e83134e7aecb09d2f59601d5e1e1
                                    • Instruction Fuzzy Hash: F801A275904208ABCB01DF5CD880BAEBBB9FF58714F15416AED45AB3A1D770ED81CB90

                                    Non-executed Functions

                                    Function 00947449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 709 947449-94745b LoadLibraryA 710 94745d 709->710 711 94745e-9478e4 GetProcAddress * 63 call 95001b 709->711
                                    APIs
                                    • LoadLibraryA.KERNEL32(wtsapi32.dll,00947168), ref: 0094744E
                                    • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0094746B
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0094747D
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0094748F
                                    • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 009474A1
                                    • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 009474B3
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 009474C5
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 009474D7
                                    • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 009474E9
                                    • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 009474FB
                                    • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0094750D
                                    • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0094751F
                                    • GetProcAddress.KERNEL32(WTSCloseServer), ref: 00947531
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 00947543
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 00947555
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 00947567
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 00947579
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0094758B
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0094759D
                                    • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 009475AF
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 009475C1
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 009475D3
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 009475E5
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 009475F7
                                    • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 00947609
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                    • API String ID: 2238633743-2998606599
                                    • Opcode ID: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction ID: 01890786a5cc9c84123f1660955e1ce2065128ce0f8d144bce487c53b416ef49
                                    • Opcode Fuzzy Hash: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction Fuzzy Hash: 7BB129B4ED9314BADF119F76AD4A8663EA5F7097703008C9AE80477270DFB64268DE90
                                    Function 008FE4DD Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 138registrythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00946B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,008FE59B,00000001,00006060,00000010), ref: 00946B3E
                                    • GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                    • GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 008FE6DC
                                    • CreateThreadpool.KERNEL32(00000000), ref: 008FE6E2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                    • String ID: ~mV$Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                    • API String ID: 3882483829-235670476
                                    • Opcode ID: 33656bd76b5d2ffa2f321174483ae329ea8a5ae09fc315f7df68e41c6e0bfa9b
                                    • Instruction ID: 3aef38b37b1e84aa6498f4bdbee37917d84adf5e9e78688e4adffa4368bab0a3
                                    • Opcode Fuzzy Hash: 33656bd76b5d2ffa2f321174483ae329ea8a5ae09fc315f7df68e41c6e0bfa9b
                                    • Instruction Fuzzy Hash: BD41AFB1A00719AFEB20AFB8DC85B66B7E8FF45304F10447EF649D6252DB70E9548B50
                                    Function 0093E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009443BE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                    • API String ID: 689400697-3976766517
                                    • Opcode ID: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction ID: 343f2e26b8ac709d4e87701eb2b70399a12e0979d4f41f944bce9d385257261c
                                    • Opcode Fuzzy Hash: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction Fuzzy Hash: 581191313C82057BEB216E66EC07F6B3AACEB81B50F0004A5F900A70E1DDA59A10DAA4
                                    Function 0093E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009442FB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                    • API String ID: 689400697-3301108232
                                    • Opcode ID: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction ID: 4ad498c404c95604263d475349eba517935530950f0f3ab872caa95e6a094709
                                    • Opcode Fuzzy Hash: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction Fuzzy Hash: 7E1194313C83057BDA215A66ED47F6B3AACEBC5B50F000495FA00A71E1DD96DE10D6A4
                                    Function 008E5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_fingerprint.GETSCREEN-941605629-X86(?), ref: 008E5E1C
                                      • Part of subcall function 008E576E: crypto_cert_fingerprint_by_hash.GETSCREEN-941605629-X86(?,sha256), ref: 008E5779
                                    • crypto_cert_issuer.GETSCREEN-941605629-X86(?), ref: 008E5E30
                                    • crypto_cert_subject.GETSCREEN-941605629-X86(?,?), ref: 008E5E3A
                                    • certificate_data_new.GETSCREEN-941605629-X86(?,?,00000000,00000000,00000000,?,?), ref: 008E5E4A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                    • String ID:
                                    • API String ID: 1865246629-0
                                    • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction ID: c04658d280f9daed0f6bcbf9dc62e9c71040a234a6e564548503094c203a38cb
                                    • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction Fuzzy Hash: 15E01A75500648BACF112F6ADC06CAF7EADEF867E8B144124B9189A121DA718E1096A1
                                    Function 003489A0 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Genu$OPENSSL_ia32cap$ineI$ntel
                                    • API String ID: 0-3767422159
                                    • Opcode ID: 85ab72deefd698158befb920813d938375297e4eb9e15cbf944deb47b3ca5d53
                                    • Instruction ID: 190b6796aae55cc687b6f009c3c4aab5a8ce2f1e1c231a40b9f6b05601a661b3
                                    • Opcode Fuzzy Hash: 85ab72deefd698158befb920813d938375297e4eb9e15cbf944deb47b3ca5d53
                                    • Instruction Fuzzy Hash: 124103B3F352070AEF1D457CBC5637E6585AB91324F29623FD92AD23C0DE248D40CA91
                                    Function 008F3F1C Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_base64_encode.GETSCREEN-941605629-X86(00ADA688,00000000,00000000,00000000,00000000,?,008E5E4F,?,?,00000000,00000000,00000000,?,?), ref: 008F3F7D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: crypto_base64_encode
                                    • String ID:
                                    • API String ID: 2528031924-0
                                    • Opcode ID: 3049358892b94bc5156611ae7fec2e336514520783df6d1b4e322e3bcdb107a5
                                    • Instruction ID: f50384d951cde70a467f39df1a046c701f88cb377b7942c6d5e37b248285ae73
                                    • Opcode Fuzzy Hash: 3049358892b94bc5156611ae7fec2e336514520783df6d1b4e322e3bcdb107a5
                                    • Instruction Fuzzy Hash: 4F21C171904B06ABDF316F7DC802A6BB7E8FF84320714492EBA45C6192EF31D940CBA0
                                    Function 008E5B39 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_subject.GETSCREEN-941605629-X86(?), ref: 008E5B42
                                    • crypto_cert_issuer.GETSCREEN-941605629-X86(?,?), ref: 008E5B4C
                                    • crypto_cert_fingerprint.GETSCREEN-941605629-X86(?,?,?), ref: 008E5B56
                                      • Part of subcall function 008E576E: crypto_cert_fingerprint_by_hash.GETSCREEN-941605629-X86(?,sha256), ref: 008E5779
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: crypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                    • String ID:
                                    • API String ID: 727492566-0
                                    • Opcode ID: 47bb302fc3a239f4261f2c05365037b69a32037a066d0657c536d9bf54fd457d
                                    • Instruction ID: bb797ee3b0dd79a88d1daf287a4452a3a298373f84a7c17cc394516184cdd880
                                    • Opcode Fuzzy Hash: 47bb302fc3a239f4261f2c05365037b69a32037a066d0657c536d9bf54fd457d
                                    • Instruction Fuzzy Hash: 2D116575704B4226EB24967B9C16F1E27CCEF567A8F244425FC00DB5C2EE61ED408659
                                    Function 008E576E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_fingerprint_by_hash.GETSCREEN-941605629-X86(?,sha256), ref: 008E5779
                                      • Part of subcall function 008E5782: crypto_cert_hash.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,008E577E,?,sha256), ref: 008E5792
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: crypto_cert_fingerprint_by_hashcrypto_cert_hash
                                    • String ID: sha256
                                    • API String ID: 2885152359-1556616439
                                    • Opcode ID: 0d92534d5fa3d1fe0d426c260dc847e109e7095850ff3e3e3cfb0e8eb463f970
                                    • Instruction ID: e8e48256c84557c201e618d18c4bd8ad6abd4ffab991f17bad2ef37bb43b20e0
                                    • Opcode Fuzzy Hash: 0d92534d5fa3d1fe0d426c260dc847e109e7095850ff3e3e3cfb0e8eb463f970
                                    • Instruction Fuzzy Hash: 1EA0026014875CBB8A013F5BCC03C4E7E5DFA52B95B40D460F908551639BA2AA6255D7
                                    Function 002F9700 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ~mV$o..
                                    • API String ID: 0-4198758326
                                    • Opcode ID: 12c4d1b1b57b03c9e8670d2101f200770d16fa98461a98148c1e86d5ef210a75
                                    • Instruction ID: 5d3618064d1f0cc4a6c79653e1d74043a32536d1ddc70bc2c532cd719590b253
                                    • Opcode Fuzzy Hash: 12c4d1b1b57b03c9e8670d2101f200770d16fa98461a98148c1e86d5ef210a75
                                    • Instruction Fuzzy Hash: 4381C260928BC986E7128F3C84427B6F3A0BFD6354F10D729EED466152FB71A6C58781
                                    Function 0094EE20 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,00946941,?,?,?,?,00946A0A,?,?), ref: 0094EE73
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: DebuggerPresent
                                    • String ID:
                                    • API String ID: 1347740429-0
                                    • Opcode ID: 63cac06597be22763e6452bb86e473fa55023cecc74647ba0d05d7e61e1cabf1
                                    • Instruction ID: b307608e118ecb4c3ab226bc4999c608be7575e26c79ae9e10a7477ccf0a40a8
                                    • Opcode Fuzzy Hash: 63cac06597be22763e6452bb86e473fa55023cecc74647ba0d05d7e61e1cabf1
                                    • Instruction Fuzzy Hash: 85F0DAB1545F608FE7309F55A458B43BBF0FB007A9F51084CE2824AA91D7F1E889CF80
                                    Function 008E5782 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_hash.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,008E577E,?,sha256), ref: 008E5792
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: crypto_cert_hash
                                    • String ID:
                                    • API String ID: 1547982073-0
                                    • Opcode ID: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                    • Instruction ID: cac4067a2abf002fff0b1cabacdbc6b87f362d82304844ad3ab71336d13a7633
                                    • Opcode Fuzzy Hash: 7460d84a63f73ef57bb7a90a7cbc953c30664581771c6989db31222eff5a1bf8
                                    • Instruction Fuzzy Hash: A7C09BB501010CBF9F055FC5CC46CEF7B6DEB05250B008125F90445011F671BF1057B1
                                    Function 009C2165 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide
                                    • String ID: ~mV
                                    • API String ID: 626452242-3743065008
                                    • Opcode ID: 2839c303ebb509bdb9f53db2a26a52b72c2fb003260ef62be14f303093e4cd18
                                    • Instruction ID: ac6882736498fd7f37bfa74781c345611aec93e26915a3f3d306c89823e696ab
                                    • Opcode Fuzzy Hash: 2839c303ebb509bdb9f53db2a26a52b72c2fb003260ef62be14f303093e4cd18
                                    • Instruction Fuzzy Hash: 47011275A0020DABDB08DFA9DC51DFEB7B9EBC8360F10822AF52597291EA7059058B60
                                    Function 008E5ABB Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @
                                    • API String ID: 0-2766056989
                                    • Opcode ID: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                    • Instruction ID: 8d7d8a5dcc4408020432eefa9d74ea6dcf5f373882062789640390f6170c1b40
                                    • Opcode Fuzzy Hash: 6f2c8adfc3a7746f7bcc21c7e8ebdf9c9b635e5e3cb3ad753f3208d9ff8683b7
                                    • Instruction Fuzzy Hash: 9EF08232214A49BFEF229A96DD86F9F7BACEB817B8F104066F9049E141D7719D04C6A0
                                    Function 003001A0 Relevance: .3, Instructions: 322COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a92d79c75ec97e8fa8051d64597b362564a23c1a1ada6f0ff142ee1273c3d43
                                    • Instruction ID: 3773a7c9cf247a57b64f377a01bf8742338d3c22044e3a234132226e43210a5c
                                    • Opcode Fuzzy Hash: 0a92d79c75ec97e8fa8051d64597b362564a23c1a1ada6f0ff142ee1273c3d43
                                    • Instruction Fuzzy Hash: 74E1C265C2DFD945E323573EA80336BE764AFFB284E51EB1BBDD831C20EB6142456209
                                    Function 00336657 Relevance: .2, Instructions: 238COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 815ce8121196bfdcef8d923872acad6c0caed9e8d6be5fe25fb6397cbf7061cb
                                    • Instruction ID: 19c1d025f76b7d8f7cd0d01932330ece7a37644eeecedf8f95b8b2060e8791b0
                                    • Opcode Fuzzy Hash: 815ce8121196bfdcef8d923872acad6c0caed9e8d6be5fe25fb6397cbf7061cb
                                    • Instruction Fuzzy Hash: 85A19D61C19FC55AE70B7B354483260E330AFF3288F50DB06FDA1B9967EB61B6C85160
                                    Function 008F7B3F Relevance: .1, Instructions: 113COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b01ef019716d576b4a6c1208cd3f01dfb071384595f8916a0aab77888b3a718c
                                    • Instruction ID: b3df87046a4383c1b26e002e6b59aab439a8cbdf9ab803ac5cccd9dc465fdeb9
                                    • Opcode Fuzzy Hash: b01ef019716d576b4a6c1208cd3f01dfb071384595f8916a0aab77888b3a718c
                                    • Instruction Fuzzy Hash: F13112726483C40EE71E8B3C88607757FE5ABAA110B1D84DEE9E9CF347E025DA06D720
                                    Function 0031B080 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 67c5a5b38ad57acd17395755d6869b213b2472f5960ea1db488aef957251935f
                                    • Instruction ID: ae7b2d855ead97db5eec9f2f0161e8e154a333e03ba403c60a26391b93e77e00
                                    • Opcode Fuzzy Hash: 67c5a5b38ad57acd17395755d6869b213b2472f5960ea1db488aef957251935f
                                    • Instruction Fuzzy Hash: 9A515271C20F8186E662AB31CD05393B7A1BFE5304F259B2EE4DE21161FBB171E48B81
                                    Function 00337300 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                    • Instruction ID: 2e02c00a0c79c011228dfc62116cb0bcd2fc029cc16351307fb09acaffb1d53c
                                    • Opcode Fuzzy Hash: 1bd6ee22b8be88284ea3de3379d93d189bee9a2acde73ad58f94725c0800f69d
                                    • Instruction Fuzzy Hash: EE2182A5C1CF8D81E7337B3984C33AAA710AFE6354F51D316F8D83D952FB205684A151
                                    Function 0033A30D Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                    • Instruction ID: 3e4aa2ddb2d8e81c8354a7a9abd9c0855dd406e35942f766b766150b3b172115
                                    • Opcode Fuzzy Hash: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
                                    • Instruction Fuzzy Hash: DD1151D9C2AF7A06E713633B5D42242DA105EF7989550D347FCB439D61F701B5C17210
                                    Function 008E590A Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc4f00ece05cf65c7b0f88698b77950a7ecc7ba65abf9ea099d73c525f2ab87b
                                    • Instruction ID: 88e062797115cb9f802d3dfea2368d5d78b3091f50e2ac66b826e249f95f4607
                                    • Opcode Fuzzy Hash: dc4f00ece05cf65c7b0f88698b77950a7ecc7ba65abf9ea099d73c525f2ab87b
                                    • Instruction Fuzzy Hash: 15F09072900168AFDF15FBA9DC069BEBBBCFB05368F100469F811D7142FA749A248765
                                    Function 008E5732 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eaffa1c3fe73f616efca779162ea91e887e3722784d475c562f64d8dff9a6373
                                    • Instruction ID: c17554e52aba5376aad5f0f02fc46e7f7816ab24eda3dcc187093ecd85f6ef3f
                                    • Opcode Fuzzy Hash: eaffa1c3fe73f616efca779162ea91e887e3722784d475c562f64d8dff9a6373
                                    • Instruction Fuzzy Hash: D5E09232000E59EACB222E0ADC41AAB3B59FFC33B5F15002AF908D70408B31A8A18B91
                                    Function 009C2620 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                    • Instruction ID: ef49d921a32e87ab6c1d36f047e8dfc78d8ffe1375c159f8d11cfb55a505a98d
                                    • Opcode Fuzzy Hash: cfd3501ae8cc7d54b5b6039e73c4159469e4ee806065cc444d8108c8b9717388
                                    • Instruction Fuzzy Hash: 78E08635B122159F8B15CF65C900F6A73E9BF45700354846DDC85DB300D330EC018BB1
                                    Function 008E73E8 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abef29f18486b8e7023c2129847a18c3c9cea34ce2d28db27c277d5279c50b60
                                    • Instruction ID: ebcec094bcaf194e0af8cef302b58a5c096a90337f64fb3099a97a7a8c2d8739
                                    • Opcode Fuzzy Hash: abef29f18486b8e7023c2129847a18c3c9cea34ce2d28db27c277d5279c50b60
                                    • Instruction Fuzzy Hash: 31D05E3225424DABDF099EE6AC00DBA3B9DFF45628B084498FD1CC6611E637D831A741
                                    Function 008E5ED1 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                    • Instruction ID: 752511bdfabc6d0417a747e6649442863bac06522774737bded5382f8f29ed5d
                                    • Opcode Fuzzy Hash: 92904718c7774d80baf37b01db223b482aa12a3400e7c889efefc14f73fae5f7
                                    • Instruction Fuzzy Hash: CDE0C22A5096E7878320495E50004A7FFA9FDDA698324C5AADEE49B3068420EA4143F0
                                    Function 008E5DA5 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                    • Instruction ID: 78da3c03e5600eb6d16a3b084e2d3401bf7be4889dd0cf92510055139cef0fa9
                                    • Opcode Fuzzy Hash: b4a5700dd9c090860e746394635df8148f9f381a8a4f8febb47ad15a4feb3c59
                                    • Instruction Fuzzy Hash: 46D0123251D93536D92626699C03E9B794DCB437B4F140321BD21A92D5E9809E0140E0
                                    Function 008E612F Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                    • Instruction ID: fee3cd821e33300a4bb6cf263b160ef77294fc8ab1cc684af26483274afc504c
                                    • Opcode Fuzzy Hash: 020cacdd8480cb7acb5a33face7ae5f67d8364c27b2bc5f228b0cde8383a0b65
                                    • Instruction Fuzzy Hash: 48D0673204424DBBCF021E869C029AA3B6AFB15654F444050FB1845521D6739571AB95
                                    Function 008E5D58 Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc66a9d30c7db1291679ea8940f3866de8d0a73c04af855de0002ed13e2284d9
                                    • Instruction ID: 5fbd96d9a360dca9eb884fc86a540f29f03bf855f07ee40774d57aa0d59925fd
                                    • Opcode Fuzzy Hash: dc66a9d30c7db1291679ea8940f3866de8d0a73c04af855de0002ed13e2284d9
                                    • Instruction Fuzzy Hash: 31D02233101A2E3AEA2125D9EC02FDF3B0CDB01BB8F004022FE0C9E180C860880003E0
                                    Function 008E6105 Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                    • Instruction ID: f057d9cc75f67fa258c572d7bb5117446cbd8e1bb476b2a1c3ded50bfd4198ca
                                    • Opcode Fuzzy Hash: 0a874a97c1a0f1350a0a091136a2aa511b6a6aa38adc0722bbc87292597935bc
                                    • Instruction Fuzzy Hash: 41D0923200468EBB8F025EC6CC01CAA3F6AFB19390F008010FE1050021DA33D531ABD1
                                    Function 008E584E Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ae5cc064ac0b0b91d9dea232e24b1b7155d328854b5d11a8c21d1c67ca697bc
                                    • Instruction ID: 542c3d17719b39032ab91e3784cda903815f75b8662640f8bfc2bc83d822d98f
                                    • Opcode Fuzzy Hash: 6ae5cc064ac0b0b91d9dea232e24b1b7155d328854b5d11a8c21d1c67ca697bc
                                    • Instruction Fuzzy Hash: 59C0122044025C7AEF01F6AACC0BDBF7A6CFB11780F8004107A20D1083F674D52546A1
                                    Function 008E5831 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                    • Instruction ID: 3d63994e9c163e71b7884f938f8b9b4a0833733e7c28ad01e781608b8f68378b
                                    • Opcode Fuzzy Hash: 00697b1b55a066e8f6e82ecc9971366dd5c01e2c0e8b86d5be220022d81dff43
                                    • Instruction Fuzzy Hash: 75C09B32501638674D116D46D4019DBBB5CDD05BA57054475FD48BB21545526C5056D4
                                    Function 008F7B24 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                    • Instruction ID: de8b72bd73845f58c089de44946c056c16d2f18a1f026afeea21c3f6a9d23b0a
                                    • Opcode Fuzzy Hash: 4b7a3ce230df7e31ab3e725e1e43306e95fe06bef9b56ac6c445c84563359095
                                    • Instruction Fuzzy Hash: 95C0027114820DABDF029FA5EC018993F6AFF45364B008064FE184A221D67399319B96
                                    Function 008E5D82 Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                    • Instruction ID: 582c4c9c56175f10ee3ad9846cefe76f1cd40261925c24c35cbfaba0fc72cb1f
                                    • Opcode Fuzzy Hash: f213a4fa0332fa88bc39a926fb07c1300ecb502a4f432fd2e01db9a1bb9e3ce3
                                    • Instruction Fuzzy Hash: E0B0123200C30C3A9D0D36E6FC0388A7B9DDA416B47180416F82C49052AD63B59010DD
                                    Function 008E5966 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                    • Instruction ID: 49c3f3a00699b1b1852bcb6387fc8e59cfd2652b7259f62ad0214f4310285290
                                    • Opcode Fuzzy Hash: 5c058d809a171879c7d2e6b30af2b691a972df3c75a096c5f2351ff0c006427d
                                    • Instruction Fuzzy Hash: A4B09235004228BB47266A9A8809C8BBFACEB0AAA07000100BD084B1118A20A94196E9
                                    Function 008E5A65 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                    • Instruction ID: 25577a3d126378bece431bc49223b62a03fc843acec36dfb087938e71d66f94d
                                    • Opcode Fuzzy Hash: 4a503f68feaf53306e5e090325c103b21fd0aafa9d66652788954b5afafb2aef
                                    • Instruction Fuzzy Hash: 69C09B648053485AD610F7F9894A89FBAECAF01740F458414699456143EA789554C7F3
                                    Function 008E5B24 Relevance: .0, Instructions: 6COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                    • Instruction ID: a975c3ba5e09ac84d2befae0bea05855d7621b800a8da1c1793e600ca7e435a8
                                    • Opcode Fuzzy Hash: c1147995217c392e36dfc48353d2d3a4c789210a0bcddb43d26d5ef8e713f020
                                    • Instruction Fuzzy Hash: 0DA01130000288338E003AABCC0380A3A8CAA022C0B800020B820820228AA2FA2008AA
                                    Function 008E5D97 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                    • Instruction ID: f86980f143f73ccadbad95aee3ae69f2ec01aaeaa447a9ca55be6a9bfe28df94
                                    • Opcode Fuzzy Hash: 1a308af3d19b287379fcfdac4b35ebea863e8ea0d915d34481b303974fcc68d7
                                    • Instruction Fuzzy Hash:
                                    Function 008E5A61 Relevance: .0, Instructions: 3COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                    • Instruction ID: f9d93bb6050abece768ba640a33519d1f25643404e4c276bdb386cb4d050c773
                                    • Opcode Fuzzy Hash: 3c1af10e55f65fcf33e1f61e2858dedc3d93677e06f0a9ee18408edf0f16553e
                                    • Instruction Fuzzy Hash:
                                    Function 009314E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 816 9314e3-9314fb 817 931501-931509 816->817 818 9316dd 816->818 817->818 820 93150f-931523 freerdp_error_info 817->820 819 9316df-9316e3 818->819 821 9316e4-9316f0 820->821 822 931529-93152f 820->822 823 9316f2-9316f9 call 93e717 821->823 824 9316fe-93170a call 93e9a3 821->824 822->818 825 931535-93153c 822->825 823->824 836 931710-931736 call 93ed82 824->836 837 93158e-931595 824->837 828 93154e-93155a call 93e9a3 825->828 829 93153e-931549 call 93e717 825->829 838 931589 828->838 839 93155c-931586 freerdp_get_error_info_string call 93ed82 828->839 829->828 836->837 837->818 840 93159b-9315a3 837->840 838->837 839->838 843 9315b3-9315ba 840->843 844 9315a5-9315ad 840->844 847 9315c8-9315d4 call 93e9a3 843->847 848 9315bc-9315c3 call 93e717 843->848 844->818 844->843 853 931600-931609 freerdp_reconnect 847->853 854 9315d6-9315fd call 93ed82 847->854 848->847 856 93173b-93173e 853->856 857 93160f-93161c freerdp_get_last_error 853->857 854->853 856->819 859 93166b 857->859 860 93161e-931625 857->860 861 93166d-931671 859->861 862 931633-93163f call 93e9a3 860->862 863 931627-93162e call 93e717 860->863 864 931673-93167a 861->864 865 93167c-931688 Sleep 861->865 873 931641-931664 call 93ed82 862->873 874 931667 862->874 863->862 864->818 864->865 865->861 868 93168a-93168e 865->868 868->840 872 931694-93169b 868->872 875 9316a9-9316b5 call 93e9a3 872->875 876 93169d-9316a4 call 93e717 872->876 873->874 874->859 875->818 883 9316b7-9316da call 93ed82 875->883 876->875 883->818
                                    APIs
                                    • freerdp_error_info.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931519
                                    • freerdp_get_error_info_string.GETSCREEN-941605629-X86(00000000,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093155D
                                    • freerdp_reconnect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931601
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931611
                                    • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093167E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                    • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                    • API String ID: 968149013-2963753137
                                    • Opcode ID: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction ID: 0ae16ba41c324963bd10ffdf1a04a4162996fa99853b354ac10486811896f3e6
                                    • Opcode Fuzzy Hash: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction Fuzzy Hash: AD51D675B80305BBEB207B65EC43FAA27ACAB50B54F14443AF901EB1E2EB7099408F55
                                    Function 008FA89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_get_pixel_format.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FA8B3
                                    • gdi_free.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FAA40
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_freegdi_get_pixel_format
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                    • API String ID: 1251975138-534786182
                                    • Opcode ID: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction ID: 6731901582a6301185719cb33873c23558d4847fba7641c96c5b99e6c1c01256
                                    • Opcode Fuzzy Hash: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction Fuzzy Hash: 4D4150B5200706AFD715BF38DC42B6A77A5FF44320F148429FA58DB292EF72A851CB52
                                    Function 00936C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,?), ref: 00936D79
                                    • _strlen.LIBCMT ref: 00936DF4
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936E1D
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936F6F
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00937044
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_device_collection_add$_strlen
                                    • String ID: drive$parallel$printer$serial$smartcard
                                    • API String ID: 2230162058-807955808
                                    • Opcode ID: 9145fddbca09626d474e81ec36617b528909a6b80c8068a8784eb7699309b182
                                    • Instruction ID: cd88d004155b4c449fd57c8f12a564ff4e06dc6ae07178283b6a7863356fed87
                                    • Opcode Fuzzy Hash: 9145fddbca09626d474e81ec36617b528909a6b80c8068a8784eb7699309b182
                                    • Instruction Fuzzy Hash: 69B1DF32604602ABDF16AF1CDC41B6E7BA5FF45320B158469F8189F292EF32DD518F90
                                    Function 008C0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0F64
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0F79
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                    • API String ID: 3168844106-1571615648
                                    • Opcode ID: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction ID: f0082c08295352f182a68c739b2fbdb6a6ec42f0bdf33fa01cd042b995023f97
                                    • Opcode Fuzzy Hash: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction Fuzzy Hash: D3415A71A84309ABEB149F68DC46FA977B4FB48754F108419F618EB2D1DB70E9408F98
                                    Function 008F42E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008F42FA
                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4320
                                    • GetFileSize.KERNEL32(00000000,?), ref: 008F433A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreateSize_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 2645226956-2916857029
                                    • Opcode ID: 22e2ea4068f2dc40c49e4c6f4a7cef165be62cda2098d4712e58ac4d2450af52
                                    • Instruction ID: 9db898e1064cd5029083c85e12b2ce03a9a3fc3e8dc85a42484c4198fec2f7a8
                                    • Opcode Fuzzy Hash: 22e2ea4068f2dc40c49e4c6f4a7cef165be62cda2098d4712e58ac4d2450af52
                                    • Instruction Fuzzy Hash: 7A5161B1904219AFEB11ABB4DC45ABF77BCFF59724F10412BFA01E6191EB309D408B64
                                    Function 008C0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0D92
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0DB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                    • API String ID: 3168844106-4217659166
                                    • Opcode ID: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction ID: 8565790384e5fed5b9d6ceb7bbf63195b971b3dc4a69720169146947dc6a25fb
                                    • Opcode Fuzzy Hash: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction Fuzzy Hash: 69516C71A40305ABDB109F65ED46FA97BB4FB48754F108429FA08EB291EB74E900CF54
                                    Function 009C5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • avc444_ensure_buffer, xrefs: 009C5F1F
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 009C5F24
                                    • YUV buffer not initialized! check your decoder settings, xrefs: 009C5F1A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                    • API String ID: 733272558-18228272
                                    • Opcode ID: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction ID: a6e15c08fef856697b28219784dd2e474c47cc3c5bd4e9be78b09697b4e1b793
                                    • Opcode Fuzzy Hash: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction Fuzzy Hash: F8419A71A00B06AFDB249F25C882B5AB7E5FB45314F14883EF586CA661D371F990CB82
                                    Function 009C3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,00000400,00000001), ref: 009C3B87
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000401,00000000), ref: 009C3BB7
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000404,?), ref: 009C3BDB
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000402,00000000), ref: 009C3BFA
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000014,?), ref: 009C3C12
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,000006C1,?), ref: 009C3C2B
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000403,?), ref: 009C3C44
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000015,00000000), ref: 009C3C60
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,00000013,?), ref: 009C3C82
                                    • freerdp_target_net_addresses_free.GETSCREEN-941605629-X86(?), ref: 009C3C93
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                    • String ID:
                                    • API String ID: 949014189-0
                                    • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction ID: 5e7fa2fdeaa10955a72c758e7e2d670652118f1795242c6590350bc158e46c8c
                                    • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction Fuzzy Hash: F5418371A00A16BBE7215F39DC45F9A7398FF05310F04C029FA06966D2E773EA61CB96
                                    Function 00971612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00945CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,00971701,00000001), ref: 00945CF9
                                    • zgfx_context_new.GETSCREEN-941605629-X86(00000000), ref: 00971874
                                      • Part of subcall function 009C693A: zgfx_context_reset.GETSCREEN-941605629-X86(00000000,00000000,00000000,?,00971879,00000000), ref: 009C6964
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                    • API String ID: 3732774510-3243565116
                                    • Opcode ID: 1d2a2988b81c60e60f1aca7e3f1db8ccba90001a578401f7b5a642a080945eb6
                                    • Instruction ID: 39b129f77322450d156c06d0cf39d3f34d61db2c9cbfd9d292a9eb69b726fca1
                                    • Opcode Fuzzy Hash: 1d2a2988b81c60e60f1aca7e3f1db8ccba90001a578401f7b5a642a080945eb6
                                    • Instruction Fuzzy Hash: 4571EB72A887027FD3249F299C42B9677E8FF59724F104529F5499BAC2DBB4E440CF84
                                    Function 0093E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8B2
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8D6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                    • API String ID: 1431749950-225596728
                                    • Opcode ID: 06108e1e0d976773e51a0e17094f95da69fea2b2afd356ba1faac8627e8071eb
                                    • Instruction ID: d0768d85262d8f9b9e4a70d6ee11c2371d0708746a696899ce8a45174e21902b
                                    • Opcode Fuzzy Hash: 06108e1e0d976773e51a0e17094f95da69fea2b2afd356ba1faac8627e8071eb
                                    • Instruction Fuzzy Hash: 9021C83235835679AE557369BC4BF3B179CDFC2BB4B20052AF405A60C2EE909C418BA1
                                    Function 008B2BCF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C14
                                    • clearChannelError.GETSCREEN-941605629-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C1B
                                      • Part of subcall function 008B26E1: ResetEvent.KERNEL32(?), ref: 008B270A
                                      • Part of subcall function 008C8142: ResetEvent.KERNEL32(?,?,008B2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008C814E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                    • String ID: ~mV$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                    • API String ID: 3632380314-3706819305
                                    • Opcode ID: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction ID: c813ff696e37b02b52812fb96a3596cb93c0c0c0818a20b24347dbfc41194bad
                                    • Opcode Fuzzy Hash: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction Fuzzy Hash: 09316D75600605AFEB14EF79D885BEAB7F8FF18350F140179E808E7391EB719A508B50
                                    Function 008B3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 008C48D9
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 008C498F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_set_last_error_ex
                                    • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                    • API String ID: 270715978-29603548
                                    • Opcode ID: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction ID: 2dda067885571cce08f1c51629fb2b466f5129645566d50e4a3feda198c9029d
                                    • Opcode Fuzzy Hash: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction Fuzzy Hash: 4E21F972A40315B6D7106B58DC02FEB7F78FB51B14F10906AF90CEB2D2E6B09680CBA1
                                    Function 009C58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C58FA
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000001,00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C5902
                                    • audio_format_compatible.GETSCREEN-941605629-X86(009C5425,?,?,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C594D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string$audio_format_compatible
                                    • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                    • API String ID: 204136587-155179076
                                    • Opcode ID: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction ID: 81f5b1bba8379f57279ad716c0e207b1c42a8eda9b6b1b2649ff24ab49c1ebc7
                                    • Opcode Fuzzy Hash: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction Fuzzy Hash: 5121C9B1B443057AE7146BA4AC83FBA33ACDB50724F51041FF645EA2C1E9B1A981866A
                                    Function 00338EE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,Function_00068C90,00338EC0,00000000), ref: 00338F0A
                                    • GetLastError.KERNEL32 ref: 00338F38
                                    • TlsGetValue.KERNEL32 ref: 00338F46
                                    • SetLastError.KERNEL32(00000000), ref: 00338F4F
                                    • RtlAcquireSRWLockExclusive.NTDLL(00B71284), ref: 00338F61
                                    • RtlReleaseSRWLockExclusive.NTDLL(00B71284), ref: 00338F73
                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,0031B080), ref: 00338FB5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                    • String ID: ~mV
                                    • API String ID: 389898287-3743065008
                                    • Opcode ID: 7bcfde0d2dcc1b053848d4aed0cf2c501fa6b4af259fbdd4e483148d64adf861
                                    • Instruction ID: 13212bdafb4b25feae6b34a114b3e64fdb72b638411769ab64e0e4a0ef963654
                                    • Opcode Fuzzy Hash: 7bcfde0d2dcc1b053848d4aed0cf2c501fa6b4af259fbdd4e483148d64adf861
                                    • Instruction Fuzzy Hash: 2221D134650305AFDB016FACFC89BAE7BA9FB44711F010421F909D72A1EF7199909BB1
                                    Function 00944B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(secur32.dll,?,00944AEC), ref: 00944B18
                                    • LoadLibraryA.KERNEL32(security.dll,?,00944AEC), ref: 00944B28
                                    • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 00944B42
                                    • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 00944B51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                    • API String ID: 2574300362-4081094439
                                    • Opcode ID: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction ID: 2010c1b7fac7c6f4984db987f25739ce7e1cb5b1511fbaf3aa8074a52d3ac849
                                    • Opcode Fuzzy Hash: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction Fuzzy Hash: A0F01972DA9726678B11ABBDBC04E6E6AECEE847503064597D804D3110EFB0C8418FA1
                                    Function 0091DFDE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0091E040
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E04F
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0091E062
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E0A3
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?), ref: 0091E0C8
                                    • gdi_RectToCRgn.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0091E147
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID: ~mV
                                    • API String ID: 2404991910-3743065008
                                    • Opcode ID: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction ID: c970457fd17f9f929ef4652aac787311bb3c6759ada2ece3a1346dae2589b3da
                                    • Opcode Fuzzy Hash: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction Fuzzy Hash: 1751C471E0521DEFCF14DF98C9809EEBBB9FF88710B14441AE915A7250D770AA81CFA0
                                    Function 008D501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_read_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D502A
                                    • ber_read_length.GETSCREEN-941605629-X86(?,?), ref: 008D503F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_read_lengthber_read_universal_tag
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                    • API String ID: 3186670568-2454464461
                                    • Opcode ID: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction ID: 9771df8a3274ea0fea1c14afcfd07d627a17d5f8fd49db3699dbfa6412fda48d
                                    • Opcode Fuzzy Hash: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction Fuzzy Hash: 6E4125B1B44F116BDB208F24CC42B2937E5FBA1725F14866BE559CB3C5EA34DA00CB60
                                    Function 00919C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,?), ref: 00919C6E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_rects
                                    • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                    • API String ID: 844131241-2640574824
                                    • Opcode ID: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction ID: 1bbcc0dacf8359dd107ca2fa9ee667a76c41a09c1020a2011d667daf9fd8570c
                                    • Opcode Fuzzy Hash: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction Fuzzy Hash: 5F31BF76780306BAF620BB65AC93FB637DCEB59B11F100425F954EB1C1FEA19D8087A1
                                    Function 008D53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5415
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000001,?,00000002,00000000), ref: 008D541D
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5440
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000002,?,00000002,00000000), ref: 008D5448
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_write_lengthber_write_universal_tag
                                    • String ID:
                                    • API String ID: 1889070510-0
                                    • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction ID: 0067f79c901b216a141f70fede5b06ed2b49d0fe35da5dda4549c32518eb49af
                                    • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction Fuzzy Hash: 9921FB70101F44AFDB126B09DD52BAB7766FF11B01F00455BF94A9F782C621BA41CBA7
                                    Function 008DCB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB79
                                    • brush_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB86
                                    • pointer_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB94
                                    • bitmap_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBA2
                                    • offscreen_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBB0
                                    • palette_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBBE
                                    • nine_grid_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBCC
                                    • cache_free.GETSCREEN-941605629-X86(00000000), ref: 008DCBDE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                    • String ID:
                                    • API String ID: 2332728789-0
                                    • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction ID: 6ee5cac63c32ace225eecfbcb44f2f60bda2553ea5fe761cb457ec2c9e17e28a
                                    • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction Fuzzy Hash: 34018436148B0B5AE7256EB99842D3B67E8FF42B70710463FE481D6B81EF20D401C672
                                    Function 008FEFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_init.GETSCREEN-941605629-X86(?), ref: 008FF58A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_init
                                    • String ID:
                                    • API String ID: 4140821900-0
                                    • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction ID: 9167258e75f8a1d82103209f33e43f90cd9b3296c114be7d65fe1906ea9d95a5
                                    • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction Fuzzy Hash: 31514CB2D0021D9BDB18DFA5C881AEEBBF9FF48304F14452AF619E7241E7359945CB60
                                    Function 00918AF6 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 00918C2B
                                    Strings
                                    • freerdp_image_copy_from_icon_data, xrefs: 00918DBA
                                    • ~mV, xrefs: 00918AFF
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 00918DBF
                                    • 1bpp and 4bpp icons are not supported, xrefs: 00918DB5
                                    • com.freerdp.color, xrefs: 00918D98
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: ~mV$1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                    • API String ID: 1523062921-2358202828
                                    • Opcode ID: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction ID: ff1207c7c8ae53c65d8ed5413b23e59d5ef2468ed3a2aa385dffdc15578e0b34
                                    • Opcode Fuzzy Hash: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction Fuzzy Hash: 3251C4B6B0021DAADF149F14DC41BFA77A8EB58300F0481A9FE14A21D1DB709EC1DF64
                                    Function 008FAA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CreateCompatibleDC.GETSCREEN-941605629-X86(?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?,?,?,?,?,008FA899), ref: 008FAAE7
                                    • gdi_CreateCompatibleBitmap.GETSCREEN-941605629-X86(?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB0E
                                    • gdi_CreateBitmapEx.GETSCREEN-941605629-X86(?,?,?,?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB2A
                                    • gdi_SelectObject.GETSCREEN-941605629-X86(?,?), ref: 008FAB60
                                    • gdi_CreateRectRgn.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000), ref: 008FABA5
                                    • gdi_DeleteObject.GETSCREEN-941605629-X86(?), ref: 008FAC39
                                    • gdi_DeleteDC.GETSCREEN-941605629-X86(?), ref: 008FAC48
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                    • String ID:
                                    • API String ID: 412453062-0
                                    • Opcode ID: 465b4ffd023e57f5a0c4565455c46a70f3e764856c2752f7a876167ddfb1c273
                                    • Instruction ID: 722f303549af0a5b36e4b3c4f4afc7871c2c3cec97e3460b7a11ee6e12813f98
                                    • Opcode Fuzzy Hash: 465b4ffd023e57f5a0c4565455c46a70f3e764856c2752f7a876167ddfb1c273
                                    • Instruction Fuzzy Hash: 485108B92007099FC729DF29C885EA6B7E1FF5C320B05456DE98A8B762E771E841CF40
                                    Function 0094EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,00946939,?,?,?,?,00946A0A,?), ref: 0094EABD
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EAE7
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB14
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB37
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                    • API String ID: 1431749950-2760771567
                                    • Opcode ID: ee4324b7b01873be51ba98ed81d2a0d607d37ad80bdaae685ed24e3c743e1773
                                    • Instruction ID: fc4c0e72271cbff368cbc4fe9cb681207bc7b7fc105c2eebe4c61662fbecf514
                                    • Opcode Fuzzy Hash: ee4324b7b01873be51ba98ed81d2a0d607d37ad80bdaae685ed24e3c743e1773
                                    • Instruction Fuzzy Hash: 5131D571905B16BF9B255FA69C89E6F7BACFF817B83100019F40593680DB709D50C7E1
                                    Function 00938423 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ~mV$kbd-lang-list$kbd-list$monitor-list
                                    • API String ID: 0-2280088830
                                    • Opcode ID: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction ID: 09dc973c295c32f3d5a0352183e99183002f3fe8866e71cca4cb017f38c64773
                                    • Opcode Fuzzy Hash: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction Fuzzy Hash: 3F318932A11319AACF209B68DD46EDBB7ECEB44754F0405A5F914A71E2DB70DA408ED0
                                    Function 0094F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0094F673
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F68A
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F6AB
                                    • closesocket.WS2_32(?), ref: 0094F6E6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$closesocketsocket
                                    • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                    • API String ID: 65193492-3368084233
                                    • Opcode ID: 15568864a47407cec908f23ac7b2339a17326b4c2fdcf8e187be9bf07f5cd8f8
                                    • Instruction ID: d9e0eb1496f092aad389b6394bcc444f7e690d667ebd7759c50171b0a9abea42
                                    • Opcode Fuzzy Hash: 15568864a47407cec908f23ac7b2339a17326b4c2fdcf8e187be9bf07f5cd8f8
                                    • Instruction Fuzzy Hash: 9921D131154B076BD3305F659C29F177BE4FB80768F21092DF1429AAE1DBB1A4418750
                                    Function 00338E40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,00338C90,00338EC0,00000000), ref: 00338E6A
                                    • GetLastError.KERNEL32 ref: 00338E7F
                                    • TlsGetValue.KERNEL32 ref: 00338E8D
                                    • SetLastError.KERNEL32(00000000), ref: 00338E96
                                    • TlsAlloc.KERNEL32 ref: 00338EC3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLastOnce$AllocExecuteInitValue
                                    • String ID: ~mV
                                    • API String ID: 2822033501-3743065008
                                    • Opcode ID: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction ID: ea0a9fc2c0fbd6f6c58edc85f36a6f88222f7e74e071cabfac7dcefcb1587e26
                                    • Opcode Fuzzy Hash: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction Fuzzy Hash: 8201D6356553089FCB019FBCEC49A6ABBB8FB48720F010526F919D3261EF3099508F70
                                    Function 0095001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(winsta.dll,?,009478D9,00BF7120), ref: 00950023
                                    • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0095003C
                                    • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 00950052
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                    • API String ID: 2238633743-2382846951
                                    • Opcode ID: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction ID: fb29f60d676437bf14e7bf645aa4915a726107801921e73f020557d68173f9bf
                                    • Opcode Fuzzy Hash: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction Fuzzy Hash: 560192705593009FD714DF729D0DBA53BE4BB85316F0644B9D909CB262EBB09048DF10
                                    Function 008DCB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_free.GETSCREEN-941605629-X86(?), ref: 008DCB1E
                                    • brush_cache_free.GETSCREEN-941605629-X86(?,?), ref: 008DCB26
                                    • pointer_cache_free.GETSCREEN-941605629-X86(?,?,?), ref: 008DCB2E
                                    • bitmap_cache_free.GETSCREEN-941605629-X86(?,?,?,?), ref: 008DCB36
                                    • offscreen_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 008DCB3E
                                    • palette_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?), ref: 008DCB46
                                    • nine_grid_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?,?), ref: 008DCB4E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                    • String ID:
                                    • API String ID: 637575458-0
                                    • Opcode ID: 2a12e379a9b476aac062f53d4a627af9393f4fd168afc1b96a522a904cabb56b
                                    • Instruction ID: 942c526e9a41e56c46184c417a70a51a0d3712e80741303537c91e8b895e0357
                                    • Opcode Fuzzy Hash: 2a12e379a9b476aac062f53d4a627af9393f4fd168afc1b96a522a904cabb56b
                                    • Instruction Fuzzy Hash: 1AE09B31411A14ABCE323F69DC03D1EBB65FF007603014639F595A1573CB22AC609B83
                                    Function 008F1D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,000007C0,?), ref: 008F1DA2
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000001), ref: 008F1DCC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1DE8
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1DFC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1E19
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1E2D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                    • String ID:
                                    • API String ID: 4272850885-0
                                    • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction ID: 9ce53094d298ca4a5f871c21e8af4c31daf3666aa8d82bf4215be8f2160f422d
                                    • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction Fuzzy Hash: 85118262B8520EF5FD6020798C86F7B175CFF61B54F140525FF08E51C1F995AA0084A7
                                    Function 0031A790 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: ~mV$error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                    • API String ID: 4218353326-1989195043
                                    • Opcode ID: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction ID: 9e9e32d2ba7154ac36df14caad16b4458c06a26f8703b5684fe149ef803e3893
                                    • Opcode Fuzzy Hash: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction Fuzzy Hash: EB414872F4071A16EB256B648C41BFE7329BBD9345F154224FD44D6282FB709AC1C2D2
                                    Function 00909962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    • com.freerdp.codec, xrefs: 00909AD0
                                    • interleaved_compress, xrefs: 00909AF5
                                    • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 00909AF0
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 00909AFA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                    • API String ID: 0-4054760794
                                    • Opcode ID: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction ID: 9165c68135b529b37d0ecef290e420466dd3894ecc6cc57898b7752dd8a14bbf
                                    • Opcode Fuzzy Hash: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction Fuzzy Hash: C8216F72700209BFEF255E6AEC46FAB3B6CEF45768F084118F904561E2E671EC50DB50
                                    Function 0093E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                    • API String ID: 689400697-743139187
                                    • Opcode ID: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction ID: 363503faa4baa5d66f5b29c30e31861b0026d4e30115a22a58fe4078149e44ea
                                    • Opcode Fuzzy Hash: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction Fuzzy Hash: 20219632384244BBDF125F65EC06FAB3F69EF95B54F044095FA04660E1CE62D960DB60
                                    Function 0093E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943DA3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                    • API String ID: 689400697-1744466472
                                    • Opcode ID: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction ID: f44026e69fc8d8f4018d3a6fbe322531fbf31c138842e4c9648239eb13a55b57
                                    • Opcode Fuzzy Hash: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction Fuzzy Hash: 43217832384208BBDF125E65EC06FAB3F6DFF89B54F004095FA04660E1DE66DA60DB60
                                    Function 008C11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C11FA
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C1248
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelDetached$freerdp
                                    • API String ID: 3987305115-436519898
                                    • Opcode ID: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction ID: 35e5e51394404870ed931a03d5759ee0d19c5efeb272739f3de3b3dcea02f132
                                    • Opcode Fuzzy Hash: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction Fuzzy Hash: 7C212B75A00209AFDF10DF98C885FAEBBF9FF09344F108469E944E7252D771AA509BA0
                                    Function 008C0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C0B64
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C0BB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelAttached$freerdp
                                    • API String ID: 3987305115-2646891115
                                    • Opcode ID: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction ID: eb20bd82911d1183cd7e70c81e8a35291a9eb5a34f22a8d37e83f4edac7710d7
                                    • Opcode Fuzzy Hash: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction Fuzzy Hash: 60211971A00209EFDB00DF98C885FAEBBF8FF48354F104569E948E7252D771AA509FA0
                                    Function 0093E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943227
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                    • API String ID: 689400697-2657764935
                                    • Opcode ID: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction ID: 687582f5948835eda31ab68a6278577f4e92f6222bb5aa76e8f14934a0ae7036
                                    • Opcode Fuzzy Hash: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction Fuzzy Hash: E71187323982057BDF115E65EC0BFAB3BA9EF94714F004095FA14660E1DDA2CA20DB74
                                    Function 0093E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094384E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                    • API String ID: 689400697-2008077614
                                    • Opcode ID: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction ID: b048e1936a8ca34311e4ba9efddaabcb94576ba861845b2a86800b1759eb0c06
                                    • Opcode Fuzzy Hash: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction Fuzzy Hash: 8D1187323842047BDF115F65EC06FAB3FA9EF95B14F004095FA04A61E1DD66DA20DB64
                                    Function 0093E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009432F9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                    • API String ID: 689400697-1172745827
                                    • Opcode ID: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction ID: d8b4a1f6f838c42f25635a7358de6d375bc8d858633bbc7820536aabc55b646b
                                    • Opcode Fuzzy Hash: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction Fuzzy Hash: 671157323882057BDF111E65EC07F6B3FADEF95754F004095FA04661E1DE62D960DB64
                                    Function 0093E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944481
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                    • API String ID: 689400697-3834539683
                                    • Opcode ID: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction ID: dd8b8ee7cb089f47787be9e34e1516ba9f4cce3d95e03f527b992c4e011149b5
                                    • Opcode Fuzzy Hash: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction Fuzzy Hash: 5311A3353C42047BEE211A66AC07F6B3BACEB81B10F1044A5FA00A71E1DDA5DE50DAB5
                                    Function 0093E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009440BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                    • API String ID: 689400697-247170817
                                    • Opcode ID: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction ID: 4ac8d426ac9f85e0b640da6d2b38242e0facfc880450a35e3c3e77f9c77ecf5c
                                    • Opcode Fuzzy Hash: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction Fuzzy Hash: 9E11C4323C82057BDA112A66EC07F2B3AACEFE5B10F004495FA00A70E1DD55CD50D661
                                    Function 0093E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944544
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                    • API String ID: 689400697-1495805676
                                    • Opcode ID: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction ID: b6aecd7349adf5bf6eddaeb10b74a65e5617c7fbb3e400437ee5983be6d3e4d5
                                    • Opcode Fuzzy Hash: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction Fuzzy Hash: 5A11A7713C83047BDF116A66EC0BF673BACEB81B50F004095FA00A71E1DD91D910D669
                                    Function 0093E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094417E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                    • API String ID: 689400697-1164902870
                                    • Opcode ID: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction ID: 8f80b9bbd00c311b3ac68980c252a9adf8e0fe0a44643ba257e40bca0abe96be
                                    • Opcode Fuzzy Hash: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction Fuzzy Hash: 8E11A7353C83057BDA215A66AC07F673EACEFD5B10F0004A5F900A71E1DDA1DA50D774
                                    Function 0093E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009433CB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                    • API String ID: 689400697-3640258815
                                    • Opcode ID: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction ID: 4003ff50f4a277aa2f4aed69e4879d1d7a857388fad3482a641c3734b7b1243e
                                    • Opcode Fuzzy Hash: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction Fuzzy Hash: AE1194313C42047ADE211A65AC0BF6B3AADEF91B24F004495FA00A70E1DD659A50D774
                                    Function 0093E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943548
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                    • API String ID: 689400697-3257054040
                                    • Opcode ID: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction ID: 4837b383b614fcd19f7b009b90ff38e726ddf1845a9199ab89610a07d2211d34
                                    • Opcode Fuzzy Hash: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction Fuzzy Hash: 3E11A7313C43057BEB215A65EC0BF6B3AACEB81B54F004495F904A71E1DD55DA10DB65
                                    Function 0093E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094360B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                    • API String ID: 689400697-848437295
                                    • Opcode ID: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction ID: 54442880d850abc711d1cffb15fcbbeef861293494649afba4e837930ac7fc40
                                    • Opcode Fuzzy Hash: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction Fuzzy Hash: 6B1191313C43057ADA215A66AC0BF7B3BACEB91B24F004095F904A71E1DEA59A50DAA4
                                    Function 00911A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • ncrush_context_reset.GETSCREEN-941605629-X86(00000000,00000000), ref: 00911B36
                                    Strings
                                    • com.freerdp.codec, xrefs: 00911AF1
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 00911B19
                                    • ncrush_context_new, xrefs: 00911B14
                                    • ncrush_context_new: failed to initialize tables, xrefs: 00911B0F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ncrush_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                    • API String ID: 2838332675-904927664
                                    • Opcode ID: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction ID: 1ba2a4d8631383a8042c435f8079f271a8dd0993764107c3d5f1d58fa16ae474
                                    • Opcode Fuzzy Hash: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction Fuzzy Hash: 5F1108B234470A3AE704AB15EC42FE773ACEB80760F004119F518972C1EFB2AD908BB0
                                    Function 0093E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094378E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                    • API String ID: 689400697-3754301720
                                    • Opcode ID: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction ID: c6aea201acea0a92b952e585c1385d25df6d189ff9677526c364ed029e586df9
                                    • Opcode Fuzzy Hash: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction Fuzzy Hash: 3911C6713C43057AEA111766EC4BF7B3BACEB91B60F004095FA04A71E1DD66DA50D764
                                    Function 0093E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009436CE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                    • API String ID: 689400697-3413647607
                                    • Opcode ID: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction ID: 5324a257bcc8c61541e7a06650878ca7b6241e7fd1e45be43216d8b162926e89
                                    • Opcode Fuzzy Hash: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction Fuzzy Hash: 6611A3B13C43447AEA111676EC4BF3B3BACEB91B10F004095F900A71E1DEA59A10D765
                                    Function 0093E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943F3E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                    • API String ID: 689400697-3211427146
                                    • Opcode ID: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction ID: e6a49e54f89a2b70012ff9870f80cc9b9d0efec5885cf17faeb05dcadd2d7002
                                    • Opcode Fuzzy Hash: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction Fuzzy Hash: 3C118F353C82057BEA112B76AC07F2B3AADEF95B20F0080D5F900A61E1DDA28A108660
                                    Function 0093E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943E7E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                    • API String ID: 689400697-2578917824
                                    • Opcode ID: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction ID: 0dd7bd44bd0a65d5f6ce0a61ee69bc0fe087fc565a6e4cdd865ad43f7279024a
                                    • Opcode Fuzzy Hash: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction Fuzzy Hash: E311A3323C82047BEA215A76EC07F3B3AACEB95B24F004095F904A71E1DD629A10C6A4
                                    Function 0093E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094316A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                    • API String ID: 689400697-3351603741
                                    • Opcode ID: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction ID: 7c2dc5d8424235c90117d6c54b2d35ff2e6b7f892ae71290dde8c8b1ae7ce61d
                                    • Opcode Fuzzy Hash: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction Fuzzy Hash: 571186313CC2047ADE212666AC4BF6B3EACEB95B10F004495FA10A71D1DE92DA10C674
                                    Function 0093E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009430AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                    • API String ID: 689400697-2261828479
                                    • Opcode ID: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction ID: 603a29285d2be7846efbc55d6ea6e13e30b9ea87754e13cd059e3413f91950fa
                                    • Opcode Fuzzy Hash: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction Fuzzy Hash: 371182313CC3047AEE211666EC0BF7B3AACEB95B24F004495F904A71E1DD91DE50C6B4
                                    Function 0093E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943FFE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                    • API String ID: 689400697-2156878011
                                    • Opcode ID: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction ID: bfba532d9ddf2464ba0e415bfd2874d37d940418ab2622f78c27f184d8c709f8
                                    • Opcode Fuzzy Hash: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction Fuzzy Hash: 5E1173353C83057BEB212666AC0BF2B3BACEFD1B14F004095FA04AB1E1DD96D95086A4
                                    Function 0093E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943920
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                    • API String ID: 689400697-2845897268
                                    • Opcode ID: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction ID: 6721db2a15ad8fc80937245fba9064e80e947d81bd5d981f8b2b4f71fa859367
                                    • Opcode Fuzzy Hash: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction Fuzzy Hash: EF11C2313C8204BAEA251736AC0BF7B3AACEBD1B64F0040A5F900A70E1DDA18E10C6A4
                                    Function 0093E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009439DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                    • API String ID: 689400697-1972714555
                                    • Opcode ID: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction ID: b8a29783b7eeb3051e7e4f364520fd6559cff261c2979a6a0072f754fc95fba5
                                    • Opcode Fuzzy Hash: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction Fuzzy Hash: BD1182353C82047BEA216676EC0BF7B3BACEFD1B64F0044A5F900A71E1DE959A10C6A4
                                    Function 0093E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942FF0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                    • API String ID: 689400697-1149382491
                                    • Opcode ID: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction ID: 30702d8a0b1d6ee5852479955fac12e06265ffdf79af9bdf2164d06a0aeee027
                                    • Opcode Fuzzy Hash: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction Fuzzy Hash: 56115E353882047BEA255A66EC0BF6B3BACAF81B64F0040D5FA04A71E1DD919E50D6B4
                                    Function 0093E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                    • API String ID: 689400697-255015424
                                    • Opcode ID: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction ID: 8b2a90f4994bb95b06b48d9bad930e51a9e9ee0c6035d6caeaf9054a832e9056
                                    • Opcode Fuzzy Hash: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction Fuzzy Hash: B911A0353CC3053AEA216766AC0BF6B3AACFB91B20F4000D5FA04A70E1DD919D50C6B5
                                    Function 0091954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009195B5
                                    Strings
                                    • SmartScaling requested but compiled without libcairo support!, xrefs: 009195E6
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 009195F0
                                    • com.freerdp.color, xrefs: 009195C8
                                    • freerdp_image_scale, xrefs: 009195EB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                    • API String ID: 1523062921-212429655
                                    • Opcode ID: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction ID: a2bb4ca6fa92f7552b0b5c7134c6a17c68973793be97e528b12869f62d7f358c
                                    • Opcode Fuzzy Hash: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction Fuzzy Hash: F9216A7274020DBBDF15EF54DC52FEA3BAAEB58700F044119FD19AA190E671E991DB80
                                    Function 0093E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944241
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                    • API String ID: 689400697-954186549
                                    • Opcode ID: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction ID: 8ab195d688232da72a15c4bf26c0ab4737d1365fa3e87fac20cf473ac47c796a
                                    • Opcode Fuzzy Hash: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction Fuzzy Hash: 291182613C82057BEA212666BC0BF373AACEB91B50F0000A6F910A71D1DDD59E50C6A4
                                    Function 0093E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943B54
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                    • API String ID: 689400697-1791514552
                                    • Opcode ID: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction ID: 8f712852d1acd26c19c8e572125c569ee435462c15d7e8646496ebee4e6d0d0a
                                    • Opcode Fuzzy Hash: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction Fuzzy Hash: CB11A1313C83047BEA211666AC0BF7B3AACEB91B60F0040E5F900EB1E1DD959E10C6B4
                                    Function 0093E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943C0E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                    • API String ID: 689400697-4242683877
                                    • Opcode ID: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction ID: 887912cf9307299392ae23d5f1725a213ee2b3d5dfe54b8adae43f09a39fa4f2
                                    • Opcode Fuzzy Hash: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction Fuzzy Hash: 031182213C82057AEA112A36AD4BF673AACEBD1B51F008095F900AB1E1DD95DB50C6A4
                                    Function 0093E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094348E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                    • API String ID: 689400697-3116451197
                                    • Opcode ID: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction ID: 7151f3adf17784770e83c67796cac1541225b968330d13070af57facef64b71e
                                    • Opcode Fuzzy Hash: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction Fuzzy Hash: 9611A5353C83047AEA212636AC0BF673AACEB91B50F008095FA04A71E1DD95DE50C6B4
                                    Function 0093E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943A9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                    • API String ID: 689400697-4185332897
                                    • Opcode ID: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction ID: 3c313dc3ac48107fd8f7f55d8ad763e38ea769cd67165269f263a42a036aa71c
                                    • Opcode Fuzzy Hash: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction Fuzzy Hash: 9011A5313C83047AEA215766AD0BF773AACEBD1B54F0040A5F904A71E1DD959A10C6B5
                                    Function 0093783A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ~mV$audin$rdpsnd
                                    • API String ID: 0-2049411877
                                    • Opcode ID: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction ID: b7a3f1dc2fcab78ba47db59b5b3a1515b3fcdcb596164e01ef37c23feb6db751
                                    • Opcode Fuzzy Hash: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction Fuzzy Hash: 7D116071A09A1AEBDB34CFB488807AAF3F8FB04B51F14422AE45893140DB306950CFD1
                                    Function 009C65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C65CB
                                    Strings
                                    • com.freerdp.codec, xrefs: 009C660B
                                    • yuv_process_work_callback, xrefs: 009C662E
                                    • error when decoding lines, xrefs: 009C6629
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 009C6633
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: primitives_get
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                    • API String ID: 2017034601-2620645302
                                    • Opcode ID: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction ID: 55838f15e5b7e9edf265caef9d6506f0886716b3487919998ebcd95c22564c4f
                                    • Opcode Fuzzy Hash: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction Fuzzy Hash: DB0192B2A0030ABFD714DF54DC42F5AB7A8FF48714F00459AF9099A2C2EA71E940CBA4
                                    Function 009C1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %zd;NAME=%s%zd;PASS=%s
                                    • API String ID: 4218353326-3114484625
                                    • Opcode ID: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction ID: 8da01bfbe33f44697a20e03e5bbb32f2d7cc5eb965e72dffc92b7e6b86061fa5
                                    • Opcode Fuzzy Hash: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction Fuzzy Hash: 51012D75E00208BBDF01AFA4CC82B9DBBB8EF04304F01886DF90696242E6759B50DB85
                                    Function 00919EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919F06
                                    • region16_extents.GETSCREEN-941605629-X86(?,?), ref: 00919F12
                                    • region16_n_rects.GETSCREEN-941605629-X86(?,?,?), ref: 00919F1D
                                    • region16_n_rects.GETSCREEN-941605629-X86(?), ref: 00919F7D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_extentsregion16_n_rects
                                    • String ID:
                                    • API String ID: 2062899502-0
                                    • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction ID: dbe08a14cda45b775ec98a62ad6c8455fd5a905ad65117dd52a681ad563040f8
                                    • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction Fuzzy Hash: 98511B75A0012AABCB14DF99C8409EEF7F5FF58750B51816AE859E7350E334AD80CBA1
                                    Function 009C408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strncpy
                                    • String ID:
                                    • API String ID: 2961919466-0
                                    • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction ID: bad2d96f90b45955fde5ed5ba453edbc87561fded4697cd871ff5088a2b24138
                                    • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction Fuzzy Hash: 861184B9900606AFDB315E50D845B96F7FCEF14308F04492AF59943512F331A958C7E2
                                    Function 008C6AF2 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 299COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_free.GETSCREEN-941605629-X86(00000000), ref: 008C7326
                                      • Part of subcall function 008C7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 008C7FCC
                                      • Part of subcall function 008C7F9B: freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000680,?), ref: 008C7FFC
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(00000000,00000086,?), ref: 008C6D8C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                    • String ID: ~mV$C:\Windows\System32\mstscax.dll
                                    • API String ID: 2334115954-2273468794
                                    • Opcode ID: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction ID: 1380eb10b847e7b4de4ba7b834a33637cf1b10ec1b657125f458d28021143da9
                                    • Opcode Fuzzy Hash: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction Fuzzy Hash: F3E1B4B1504B009EE324DF38D885B93BBE4FF08321F51992EE5AEC7391D7B1A5848B58
                                    Function 009C49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_print.GETSCREEN-941605629-X86(?,?,?), ref: 009C4A72
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_print
                                    • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                    • API String ID: 2744001552-3527835062
                                    • Opcode ID: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction ID: 9a314bc1ec2f7912368e018ee85ccfb2371be1dc6ab3fc0e32e31ad3c3c0b3ea
                                    • Opcode Fuzzy Hash: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction Fuzzy Hash: A311E9727C031637DB11AD159C46FAF3B5CBFA5B60F40040AFD14651C1E7A1DA4086BA
                                    Function 008F4029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008F403A
                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4060
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 008F4076
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreatePointer_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 4211031630-2916857029
                                    • Opcode ID: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction ID: 98862c76c4a64712265125e054efc63e465d9f901f3bcc1bcbd1d64a871dd7ad
                                    • Opcode Fuzzy Hash: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction Fuzzy Hash: EA01A235101110BBDB212B66DC4AEA77F2DEF86774F148215FA18990E2D732C862D7A0
                                    Function 009C4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?), ref: 009C4737
                                    Strings
                                    • audio_format_print, xrefs: 009C4743
                                    • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 009C473E
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 009C4748
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string
                                    • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                    • API String ID: 2866491501-3564663344
                                    • Opcode ID: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction ID: 3007d91b9cf68b480e0fb73c8a8e5417e0eac60ccca317133ce62d0e6ea869b4
                                    • Opcode Fuzzy Hash: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction Fuzzy Hash: 00F03AB6140208BADB411F51DC02F76376EEB48B14F24848AFD1C8C1E2E677E9A2E764
                                    Function 008B2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?), ref: 008B2725
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 008B2745
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 008B2734
                                    • freerdp_abort_connect, xrefs: 008B2739
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                    • API String ID: 3690923134-629580617
                                    • Opcode ID: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction ID: 756444b15e491840d84b0c363f568dfae2d117cb027a613073a4807e0f6f807b
                                    • Opcode Fuzzy Hash: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction Fuzzy Hash: 2AE04835240215FAEA312D58DC02FD5B7A4FF11B90F140819B584F5291EE6169509589
                                    Function 009C632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C633F
                                    • primitives_flags.GETSCREEN-941605629-X86(00000000), ref: 009C6353
                                    • TpWaitForWork.NTDLL(00000000,00000000), ref: 009C64A9
                                    • TpReleaseWork.NTDLL(00000000), ref: 009C64B2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                    • String ID:
                                    • API String ID: 704174238-0
                                    • Opcode ID: 6fae2e431b35d71bab7324b65277a15b753b52fbec2949c02d73060433700971
                                    • Instruction ID: 8423a48d097877b11e7fc9de70363f6e0533e6de2dee72fd32e86cbe86a1aecc
                                    • Opcode Fuzzy Hash: 6fae2e431b35d71bab7324b65277a15b753b52fbec2949c02d73060433700971
                                    • Instruction Fuzzy Hash: 4D6119B5A0060ADFCB08CF68D981A9EBBF5FF48310B14856AE819E7351D730E951CF91
                                    Function 0091C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_SetRgn.GETSCREEN-941605629-X86(?,?,?,?,00000000,00000001,?,?), ref: 0091C324
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_
                                    • String ID:
                                    • API String ID: 2273374161-0
                                    • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction ID: aee28cc5ccf41747b50cb6c0dbe8a0769ad2479a82f79652b34566ee92de18fe
                                    • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction Fuzzy Hash: 2831B9B1A00209EFCB10DF98C985AEEB7F9FF48310F14806AE915E7211D334E985CBA1
                                    Function 00945C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 00945C16
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C34
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C54
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C9A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Leave$Enter
                                    • String ID:
                                    • API String ID: 2978645861-0
                                    • Opcode ID: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction ID: 33f7aab79843fbd523cdf436352725df290e2e1145c0f03cdb31d95edb14749c
                                    • Opcode Fuzzy Hash: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction Fuzzy Hash: A521AC31210B05EFDB248F98C9C0B6AB7F8FB95322F124529F8C2A7252D770AD81DB50
                                    Function 0099B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 009AF42C: GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                      • Part of subcall function 009AF42C: SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                    • CloseHandle.KERNEL32(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B711
                                    • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B727
                                    • RtlExitUserThread.NTDLL(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B730
                                    • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0099B76E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                    • String ID:
                                    • API String ID: 1062721995-0
                                    • Opcode ID: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction ID: 721a3f6bf69051d1b4c7b058edb06068184d1c69afd0f992557d910c6859ee9a
                                    • Opcode Fuzzy Hash: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction Fuzzy Hash: BB11B671501204BBCB209FA9EE09FAA7BECDFC1760F148225F915D76A1DB74DD41CAA0
                                    Function 00919BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,00000000), ref: 00919BDC
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919BEC
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919BF7
                                      • Part of subcall function 009197FD: rectangles_intersection.GETSCREEN-941605629-X86(?,?,?), ref: 0091980C
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919C1A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                    • String ID:
                                    • API String ID: 3854534691-0
                                    • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction ID: a26f26767f6e540c1cad97a559c1fd0923c0e64b511a609bb9cc78caf380a113
                                    • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction Fuzzy Hash: 9501C43331421DAAAB249A55D8A2AFB63DDDF81764F14401AF8DC96040EB35EEC1C1E4
                                    Function 00931F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_new.GETSCREEN-941605629-X86 ref: 00931F56
                                    • freerdp_context_new.GETSCREEN-941605629-X86(00000000,00000000,?,?), ref: 00931FA4
                                    • freerdp_register_addin_provider.GETSCREEN-941605629-X86(?,00000000), ref: 00931FC7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                    • String ID:
                                    • API String ID: 3731710698-0
                                    • Opcode ID: 5be5bd57be5dbf5eece138e1340dd711680b7b98ff3d594aa41d0c14be4d6773
                                    • Instruction ID: e1eb2a65991abc23ab27902e0612d5ced3f5a1fe782962144a2dcb34c495ddef
                                    • Opcode Fuzzy Hash: 5be5bd57be5dbf5eece138e1340dd711680b7b98ff3d594aa41d0c14be4d6773
                                    • Instruction Fuzzy Hash: 7E119E31604B02ABC725AB6AD801B96BBA9FF94320F10441DF85887361EB71E850CBA1
                                    Function 009C621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID:
                                    • API String ID: 733272558-0
                                    • Opcode ID: f9bfd293d50d9658b4a192b63f08b5d3fc8ac9060039a7e83c718fe4fda1f98b
                                    • Instruction ID: 1fad9e371693e47671e7e192eddbc3f7d21cdb2b88d484cfe7c8ed96900ee513
                                    • Opcode Fuzzy Hash: f9bfd293d50d9658b4a192b63f08b5d3fc8ac9060039a7e83c718fe4fda1f98b
                                    • Instruction Fuzzy Hash: EAE04F31401B147FCE727B64CD02F5BB7DABF527157040414F44696532C761AC51DBC2
                                    Function 0091D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-3916222277
                                    • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction ID: 581fed10761d278462d32a89a313a8e68e4953deab1a57d2abe6b0c459b0052c
                                    • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction Fuzzy Hash: EB51A67310110EBBCF02DE94CD41EEB7BAEBF48344B064256FE1A95021E732E965DBA1
                                    Function 009468CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094697B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpin
                                    • String ID: %s: unknown handler type %u$WLog_Appender_New
                                    • API String ID: 2593887523-3466059274
                                    • Opcode ID: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction ID: 793ef64c232cf61c373ad968dabcfb13b4af3b2df36f2ebfdc1f3faccd852a0c
                                    • Opcode Fuzzy Hash: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction Fuzzy Hash: 33116FF310C2127696363A7C9C4AF7F5B6CEBC3F30B140819F405A6141DEB8D8016163
                                    Function 008B3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%s-client.%s$DeviceServiceEntry
                                    • API String ID: 0-2733899524
                                    • Opcode ID: ac2930f6cf1b3d765cd2316d03b42e03eec00f6763eac25565c2cde183e7d0fa
                                    • Instruction ID: 44efaec087a37b613e87c21db29c7001be37172d707e2d3a7cafdf484c38c41f
                                    • Opcode Fuzzy Hash: ac2930f6cf1b3d765cd2316d03b42e03eec00f6763eac25565c2cde183e7d0fa
                                    • Instruction Fuzzy Hash: FB113D72A00619ABAB119E9D8882AEF77BCFF94B50F14401AFD14D6342D771DE418B91
                                    Function 0098FC8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0098FCDC
                                    • ___raise_securityfailure.LIBCMT ref: 0098FDC4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                    • String ID: ~mV
                                    • API String ID: 3761405300-3743065008
                                    • Opcode ID: a0ce32ec8115f0c617f22978df464e4f73159ea5d58b1963554675616466e861
                                    • Instruction ID: 12b7b69273ac0bdde4b3a7f4fd384d715b4c4cb154c21c533ba45d5eb9440bdb
                                    • Opcode Fuzzy Hash: a0ce32ec8115f0c617f22978df464e4f73159ea5d58b1963554675616466e861
                                    • Instruction Fuzzy Hash: F621E6B45403049BDB40DF19F955B483BE8FB48710F62D22AE584873A5EBB15588CF89
                                    Function 008B5453 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 008B54B0
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 008B54D5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_extents
                                    • String ID: ~mV
                                    • API String ID: 1435106277-3743065008
                                    • Opcode ID: 006fedfcd55c826d2b868a51dab7227f51537b4aaff7e70a8778a65b5325ecfb
                                    • Instruction ID: 8072fc39664e764653b74d420b5c193ac672bff9286b8fd1119378b0a1edefdd
                                    • Opcode Fuzzy Hash: 006fedfcd55c826d2b868a51dab7227f51537b4aaff7e70a8778a65b5325ecfb
                                    • Instruction Fuzzy Hash: 14117375A0021DDBCB24DF68DD81AD9B7F4FB48310F1101A9DA48E7341DA71AE848F90
                                    Function 0093EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0093E987), ref: 0093EBF6
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0093E987), ref: 0093EC1A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILTER
                                    • API String ID: 1431749950-2006202657
                                    • Opcode ID: fa7d175cf6e9fc41e5d575c2236705ece60c1c263f7fe261ccb9aa829202d459
                                    • Instruction ID: 3fec0e709d2c3bcfc6025df241d567c9e0c8bb6f7be00c33bffba8ca5f039c87
                                    • Opcode Fuzzy Hash: fa7d175cf6e9fc41e5d575c2236705ece60c1c263f7fe261ccb9aa829202d459
                                    • Instruction Fuzzy Hash: 41F02B332152153B4A122765BC49E2F7FBDEAC57F8311002AF408C3150EE754C81CBE5
                                    Function 0093BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: .msrcIncident$.rdp
                                    • API String ID: 4218353326-1437571178
                                    • Opcode ID: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction ID: f07e7c7f1c68fbe5b57b3f94243d901e38104666f4676f69934f89d0ee7849ed
                                    • Opcode Fuzzy Hash: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction Fuzzy Hash: F5F04C72A1491A6B8D34A57DDC02E277788EA42374B241B2AF67AC31D0DF35DC108ED0
                                    Function 00944BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BCC
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BEC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WINPR_NATIVE_SSPI
                                    • API String ID: 1431749950-1020623567
                                    • Opcode ID: b15470025ef50b33c3414e84d33bb954990202a08d76082ac689463c457bdd35
                                    • Instruction ID: b882acdbe92ef9bd373d47b47473bc123626f93fc9e752451f07ca53644d108c
                                    • Opcode Fuzzy Hash: b15470025ef50b33c3414e84d33bb954990202a08d76082ac689463c457bdd35
                                    • Instruction Fuzzy Hash: 86F027376AA13226D93521687C45F6F4EA8DBC2F32B260519F405D3082C950488399E1
                                    Function 0090A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • rfx_context_new.GETSCREEN-941605629-X86(?), ref: 0090A2ED
                                      • Part of subcall function 008FE4DD: GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                      • Part of subcall function 008FE4DD: GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                      • Part of subcall function 008FE4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • progressive_context_free.GETSCREEN-941605629-X86(00000000), ref: 0090A36D
                                    Strings
                                    • com.freerdp.codec.progressive, xrefs: 0090A2CA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                    • String ID: com.freerdp.codec.progressive
                                    • API String ID: 2699998398-3622116780
                                    • Opcode ID: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction ID: 6b1d29391764bc9a3df84ea5430f2b138f2f82a8e1090d3d8a057c610b73b72c
                                    • Opcode Fuzzy Hash: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction Fuzzy Hash: 2CF08932A05B022EE2247B799C02F5F7BDCEFC2B70F14442EF649A65C1EA70944187A6
                                    Function 0092001C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                    Download Yara Rule
                                    APIs
                                    • graphics_register_bitmap.GETSCREEN-941605629-X86(?,?,?), ref: 00920077
                                    • graphics_register_glyph.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 009200B8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: graphics_register_bitmapgraphics_register_glyph
                                    • String ID: ~mV
                                    • API String ID: 1787964235-3743065008
                                    • Opcode ID: 522cc55cc82f5187d94ed47fcafcce330cacf75b026ddc36c898a3c0dcedc52a
                                    • Instruction ID: f9bb96f2538205f42da97fadd34b12bfc37f6202cba2b8c82b2466105b7cdcd6
                                    • Opcode Fuzzy Hash: 522cc55cc82f5187d94ed47fcafcce330cacf75b026ddc36c898a3c0dcedc52a
                                    • Instruction Fuzzy Hash: 8611DBB0A0431D9BDB30EF64C9296DDBBF8FB05308F5041A9D458A7202DBB05A898F85
                                    Function 008AF215 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 008AF221
                                      • Part of subcall function 009923CE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,00990FFB,?,?,?,?,00990FFB,?,00AF0BD8), ref: 0099242E
                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 008AF241
                                      • Part of subcall function 008191A0: ___std_exception_copy.LIBVCRUNTIME ref: 008191D3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: std::invalid_argument::invalid_argument$DispatcherExceptionUser___std_exception_copy
                                    • String ID: bad function call
                                    • API String ID: 1082284150-3612616537
                                    • Opcode ID: 0be7135af72983b2673347f6797eb19c0a0316d3b5ad2fffa68ee2b2bb834234
                                    • Instruction ID: c4308ed96ddc33f37f22735c9389d78c70b6c383883b05a6956a62b40f517065
                                    • Opcode Fuzzy Hash: 0be7135af72983b2673347f6797eb19c0a0316d3b5ad2fffa68ee2b2bb834234
                                    • Instruction Fuzzy Hash: 0DF0BD79C0420CBBDF04FBE8E856D8DB76CAA44700F904461BE14A2592EB75A61986D1
                                    Function 008F1ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_get_key_for_name.GETSCREEN-941605629-X86(?), ref: 008F1EEF
                                    • freerdp_settings_get_type_for_key.GETSCREEN-941605629-X86(00000000), ref: 008F1F51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                    • String ID: TRUE
                                    • API String ID: 1888880752-3412697401
                                    • Opcode ID: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction ID: 56860d286779eccbdba50569e3e1004151d1605e965b2dc86ae87e97d2d470fe
                                    • Opcode Fuzzy Hash: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction Fuzzy Hash: F9E0E53230021CBB9E155ABEDC86DBB325CFB85BA1B014065F704E6141BB60E91045A0
                                    Function 008F1493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 9811ad0e0ba20ffb0cfc0b1a8cfc5ff5f05194969582fa173b05ce65b5fe96e0
                                    • Instruction ID: 22d6c54afc185ab337739a79b4da8272e632066f334204f5f48733732755bf45
                                    • Opcode Fuzzy Hash: 9811ad0e0ba20ffb0cfc0b1a8cfc5ff5f05194969582fa173b05ce65b5fe96e0
                                    • Instruction Fuzzy Hash: 34F0E2B240021ABBCF116FA4DC43EAB7A9DFF55394B060520FE0492212E736DD21C7E5
                                    Function 008F15BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 1ed0ff3484f063397632955cfaf55da888dfa6b6fb52e8f177eeda9e11dd93b8
                                    • Instruction ID: cd4d545b7d61e29f43a69f0f1e0d323813bc28cd40525783a99ae42c553bc90f
                                    • Opcode Fuzzy Hash: 1ed0ff3484f063397632955cfaf55da888dfa6b6fb52e8f177eeda9e11dd93b8
                                    • Instruction Fuzzy Hash: 8EF082B1400219BBDF116F658C87E9B7B5DFF55394B064520FD0492212E736DE21C7E0
                                    Function 008C7F9B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 008C7FCC
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000680,?), ref: 008C7FFC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ComputerNamefreerdp_settings_set_string
                                    • String ID: ~mV
                                    • API String ID: 1627475788-3743065008
                                    • Opcode ID: 12034196cef0edc64bf5eb6301a014f3349569936d9b9e70d9bbdbaca6be8d04
                                    • Instruction ID: 8161437dcd4486634bb7692e12c510d4273b5dc4953fabec8fcdfa0ace16b333
                                    • Opcode Fuzzy Hash: 12034196cef0edc64bf5eb6301a014f3349569936d9b9e70d9bbdbaca6be8d04
                                    • Instruction Fuzzy Hash: FAF03C70A1412D9BDB109B649C41BEAB7F8AB18744F0001EAE585EA180EAB0AEC89B55
                                    Function 0094717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,00947163), ref: 00947190
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,00947163), ref: 009471B1
                                      • Part of subcall function 00947310: LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                      • Part of subcall function 00947310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                    • String ID: WTSAPI_LIBRARY
                                    • API String ID: 3590464466-1122459656
                                    • Opcode ID: 76b19ac0b0d7ed050296083c322379cacd910ebbc23827f6f0b4e735134e4d2d
                                    • Instruction ID: 1e339f983606ef080ca03f5e97ab75c097d9bc8f98914d957f7828117d48cd4b
                                    • Opcode Fuzzy Hash: 76b19ac0b0d7ed050296083c322379cacd910ebbc23827f6f0b4e735134e4d2d
                                    • Instruction Fuzzy Hash: 60E09B3215E5263ED53127D8BC5AF5F9B5CDBC5B75F210519F401A70C49F60588181E6
                                    Function 00947310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                    • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitWtsApi
                                    • API String ID: 2574300362-3428673357
                                    • Opcode ID: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction ID: 70aeca8830329790fe53f48c1c03e0f15435140fe0fd5dcd134788a9b0524c82
                                    • Opcode Fuzzy Hash: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction Fuzzy Hash: E7D012316AC6096B9F10AFFABC05926BBDCA7406403044866A819D7150EF71C950E551
                                    Function 009AF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,0099B650,00AF0388,0000000C), ref: 009AF430
                                    • SetLastError.KERNEL32(00000000), ref: 009AF4D2
                                    • GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                    • SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                      • Part of subcall function 009AF066: RtlFreeHeap.NTDLL(00000000,00000000,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF07C
                                      • Part of subcall function 009AF066: GetLastError.KERNEL32(?,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF087
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.4455237415.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000000.00000002.4455205629.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000B6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000018BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001944000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.0000000001953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4455237415.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.4473810410.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLast$FreeHeap
                                    • String ID:
                                    • API String ID: 3197834085-0
                                    • Opcode ID: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction ID: 1eee97cffb49e4f63dd9129b61362a57dc34bac9da4a4a89ef630f573c7e5e9f
                                    • Opcode Fuzzy Hash: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction Fuzzy Hash: E241C435A4D2117FDA103BFCADAAFAB668C9F96374B100770F610971E1EF649D058290

                                    Execution Graph

                                    Execution Coverage:0.4%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:0%
                                    Total number of Nodes:57
                                    Total number of Limit Nodes:4
                                    execution_graph 12891 1a229e0 12893 1a229f8 12891->12893 12892 1a22b03 LoadLibraryA 12892->12893 12893->12892 12895 1a22b48 VirtualProtect VirtualProtect 12893->12895 12896 1a22b2c GetProcAddress 12893->12896 12897 1a22bc0 12895->12897 12896->12893 12898 1a22b42 ExitProcess 12896->12898 12899 99b62b 12900 99b637 12899->12900 12901 99b64b 12900->12901 12902 99b63e GetLastError RtlExitUserThread 12900->12902 12905 9af42c GetLastError 12901->12905 12902->12901 12904 99b650 12906 9af442 12905->12906 12916 9af44c SetLastError 12906->12916 12932 9af717 12906->12932 12909 9af4dc 12909->12904 12910 9af479 12911 9af4b9 12910->12911 12912 9af481 12910->12912 12940 9af25a 12911->12940 12936 9af066 12912->12936 12913 9af4e1 12919 9af717 RtlAllocateHeap 12913->12919 12920 9af4fe 12913->12920 12916->12909 12916->12913 12918 9af066 __aligned_free 2 API calls 12918->12916 12924 9af522 12919->12924 12922 9af57d GetLastError 12920->12922 12931 9af503 12920->12931 12921 9af52a 12928 9af066 __aligned_free 2 API calls 12921->12928 12923 9af593 12922->12923 12927 9af622 SetLastError 12923->12927 12924->12921 12925 9af55e 12924->12925 12926 9af25a 2 API calls 12925->12926 12929 9af569 12926->12929 12927->12904 12928->12920 12930 9af066 __aligned_free 2 API calls 12929->12930 12930->12931 12931->12904 12935 9af730 12932->12935 12933 9af74f RtlAllocateHeap 12934 9af764 12933->12934 12933->12935 12934->12910 12935->12933 12935->12934 12937 9af071 HeapFree 12936->12937 12939 9af093 __aligned_free 12936->12939 12938 9af086 GetLastError 12937->12938 12937->12939 12938->12939 12939->12916 12945 9af0ee 12940->12945 12946 9af0fa 12945->12946 12957 99f2a5 RtlEnterCriticalSection 12946->12957 12948 9af104 12958 9af134 12948->12958 12951 9af200 12952 9af20c 12951->12952 12962 99f2a5 RtlEnterCriticalSection 12952->12962 12954 9af216 12963 9af24e 12954->12963 12957->12948 12961 99f2ed RtlLeaveCriticalSection 12958->12961 12960 9af122 12960->12951 12961->12960 12962->12954 12966 99f2ed RtlLeaveCriticalSection 12963->12966 12965 9af23c 12965->12918 12966->12965

                                    Executed Functions

                                    Function 01A229E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 1a229e0-1a229f0 1 1a22a02-1a22a07 0->1 2 1a22a09 1->2 3 1a22a0b 2->3 4 1a229f8-1a229fd 2->4 5 1a22a10-1a22a12 3->5 6 1a229fe-1a22a00 4->6 7 1a22a14-1a22a19 5->7 8 1a22a1b-1a22a1f 5->8 6->1 6->2 7->8 9 1a22a21 8->9 10 1a22a2c-1a22a2f 8->10 11 1a22a23-1a22a2a 9->11 12 1a22a4b-1a22a50 9->12 13 1a22a31-1a22a36 10->13 14 1a22a38-1a22a3a 10->14 11->10 11->12 15 1a22a52-1a22a5b 12->15 16 1a22a63-1a22a65 12->16 13->14 14->5 19 1a22ad2-1a22ad5 15->19 20 1a22a5d-1a22a61 15->20 17 1a22a67-1a22a6c 16->17 18 1a22a6e 16->18 17->18 22 1a22a70-1a22a73 18->22 23 1a22a3c-1a22a3e 18->23 21 1a22ada 19->21 20->18 24 1a22adc-1a22ade 21->24 25 1a22a75-1a22a7a 22->25 26 1a22a7c 22->26 27 1a22a40-1a22a45 23->27 28 1a22a47-1a22a49 23->28 29 1a22ae0-1a22ae3 24->29 30 1a22af7 24->30 25->26 26->23 31 1a22a7e-1a22a80 26->31 27->28 32 1a22a9d-1a22aac 28->32 29->24 33 1a22ae5-1a22af5 29->33 34 1a22afd-1a22b01 30->34 35 1a22a82-1a22a87 31->35 36 1a22a89-1a22a8d 31->36 37 1a22aae-1a22ab5 32->37 38 1a22abc-1a22ac9 32->38 33->21 40 1a22b03-1a22b19 LoadLibraryA 34->40 41 1a22b48-1a22b4b 34->41 35->36 36->31 42 1a22a8f 36->42 37->37 43 1a22ab7 37->43 38->38 39 1a22acb-1a22acd 38->39 39->6 45 1a22b1a-1a22b1f 40->45 44 1a22b4e-1a22b55 41->44 46 1a22a91-1a22a98 42->46 47 1a22a9a 42->47 43->6 48 1a22b57-1a22b59 44->48 49 1a22b79-1a22bbd VirtualProtect * 2 44->49 45->34 50 1a22b21-1a22b23 45->50 46->31 46->47 47->32 51 1a22b5b-1a22b6a 48->51 52 1a22b6c-1a22b77 48->52 55 1a22bc0-1a22bc1 49->55 53 1a22b25-1a22b2b 50->53 54 1a22b2c-1a22b39 GetProcAddress 50->54 51->44 52->51 53->54 56 1a22b42 ExitProcess 54->56 57 1a22b3b-1a22b40 54->57 58 1a22bc5-1a22bc9 55->58 57->45 58->58 59 1a22bcb 58->59
                                    APIs
                                    • LoadLibraryA.KERNEL32(?), ref: 01A22B13
                                    • GetProcAddress.KERNELBASE(?,019FCFF9), ref: 01A22B31
                                    • ExitProcess.KERNEL32(?,019FCFF9), ref: 01A22B42
                                    • VirtualProtect.KERNELBASE(002D0000,00001000,00000004,?,00000000), ref: 01A22B90
                                    • VirtualProtect.KERNELBASE(002D0000,00001000), ref: 01A22BA5
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                    • String ID:
                                    • API String ID: 1996367037-0
                                    • Opcode ID: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction ID: be29c2174ffe7544937d72a3112bbd0ba001cc5a42c24fc44e68134560e3ac71
                                    • Opcode Fuzzy Hash: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction Fuzzy Hash: EF51F472A507225AD7318EBCCCC0774BBA5EB45230B5C073ADAE2DB6C6E7A458068760
                                    Function 0099B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetLastError.KERNEL32(00AF0388,0000000C), ref: 0099B63E
                                    • RtlExitUserThread.NTDLL(00000000), ref: 0099B645
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitLastThreadUser
                                    • String ID:
                                    • API String ID: 1750398979-0
                                    • Opcode ID: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction ID: 05963f88b7a16fd2dfc2522daf8275ae33fa3a17c366f650bee3415995dc072d
                                    • Opcode Fuzzy Hash: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction Fuzzy Hash: 9EF0C871940204AFDF10AFB4D90AB6E7775FF84710F104155F00197262CB346941DFA1

                                    Non-executed Functions

                                    Function 0093E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009443BE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                    • API String ID: 689400697-3976766517
                                    • Opcode ID: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction ID: 343f2e26b8ac709d4e87701eb2b70399a12e0979d4f41f944bce9d385257261c
                                    • Opcode Fuzzy Hash: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction Fuzzy Hash: 581191313C82057BEB216E66EC07F6B3AACEB81B50F0004A5F900A70E1DDA59A10DAA4
                                    Function 0093E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009442FB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                    • API String ID: 689400697-3301108232
                                    • Opcode ID: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction ID: 4ad498c404c95604263d475349eba517935530950f0f3ab872caa95e6a094709
                                    • Opcode Fuzzy Hash: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction Fuzzy Hash: 7E1194313C83057BDA215A66ED47F6B3AACEBC5B50F000495FA00A71E1DD96DE10D6A4
                                    Function 008E5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_fingerprint.GETSCREEN-941605629-X86(?), ref: 008E5E1C
                                      • Part of subcall function 008E576E: crypto_cert_fingerprint_by_hash.GETSCREEN-941605629-X86(?,sha256), ref: 008E5779
                                    • crypto_cert_issuer.GETSCREEN-941605629-X86(?), ref: 008E5E30
                                    • crypto_cert_subject.GETSCREEN-941605629-X86(?,?), ref: 008E5E3A
                                    • certificate_data_new.GETSCREEN-941605629-X86(?,?,00000000,00000000,00000000,?,?), ref: 008E5E4A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                    • String ID:
                                    • API String ID: 1865246629-0
                                    • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction ID: c04658d280f9daed0f6bcbf9dc62e9c71040a234a6e564548503094c203a38cb
                                    • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction Fuzzy Hash: 15E01A75500648BACF112F6ADC06CAF7EADEF867E8B144124B9189A121DA718E1096A1
                                    Function 00947449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 593 947449-94745b LoadLibraryA 594 94745d 593->594 595 94745e-9478e4 GetProcAddress * 63 call 95001b 593->595
                                    APIs
                                    • LoadLibraryA.KERNEL32(wtsapi32.dll,00947168), ref: 0094744E
                                    • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0094746B
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0094747D
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0094748F
                                    • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 009474A1
                                    • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 009474B3
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 009474C5
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 009474D7
                                    • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 009474E9
                                    • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 009474FB
                                    • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0094750D
                                    • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0094751F
                                    • GetProcAddress.KERNEL32(WTSCloseServer), ref: 00947531
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 00947543
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 00947555
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 00947567
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 00947579
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0094758B
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0094759D
                                    • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 009475AF
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 009475C1
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 009475D3
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 009475E5
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 009475F7
                                    • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 00947609
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                    • API String ID: 2238633743-2998606599
                                    • Opcode ID: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction ID: 01890786a5cc9c84123f1660955e1ce2065128ce0f8d144bce487c53b416ef49
                                    • Opcode Fuzzy Hash: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction Fuzzy Hash: 7BB129B4ED9314BADF119F76AD4A8663EA5F7097703008C9AE80477270DFB64268DE90
                                    Function 009314E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 700 9314e3-9314fb 701 931501-931509 700->701 702 9316dd 700->702 701->702 704 93150f-931523 freerdp_error_info 701->704 703 9316df-9316e3 702->703 705 9316e4-9316f0 704->705 706 931529-93152f 704->706 708 9316f2-9316f9 call 93e717 705->708 709 9316fe-93170a call 93e9a3 705->709 706->702 707 931535-93153c 706->707 710 93154e-93155a call 93e9a3 707->710 711 93153e-931549 call 93e717 707->711 708->709 720 931710-931736 call 93ed82 709->720 721 93158e-931595 709->721 723 931589 710->723 724 93155c-931586 freerdp_get_error_info_string call 93ed82 710->724 711->710 720->721 721->702 725 93159b-9315a3 721->725 723->721 724->723 728 9315b3-9315ba 725->728 729 9315a5-9315ad 725->729 731 9315c8-9315d4 call 93e9a3 728->731 732 9315bc-9315c3 call 93e717 728->732 729->702 729->728 737 931600-931609 freerdp_reconnect 731->737 738 9315d6-9315fd call 93ed82 731->738 732->731 740 93173b-93173e 737->740 741 93160f-93161c freerdp_get_last_error 737->741 738->737 740->703 743 93166b 741->743 744 93161e-931625 741->744 745 93166d-931671 743->745 746 931633-93163f call 93e9a3 744->746 747 931627-93162e call 93e717 744->747 748 931673-93167a 745->748 749 93167c-931688 Sleep 745->749 755 931641-931664 call 93ed82 746->755 756 931667 746->756 747->746 748->702 748->749 749->745 753 93168a-93168e 749->753 753->725 758 931694-93169b 753->758 755->756 756->743 760 9316a9-9316b5 call 93e9a3 758->760 761 93169d-9316a4 call 93e717 758->761 760->702 767 9316b7-9316da call 93ed82 760->767 761->760 767->702
                                    APIs
                                    • freerdp_error_info.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931519
                                    • freerdp_get_error_info_string.GETSCREEN-941605629-X86(00000000,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093155D
                                    • freerdp_reconnect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931601
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931611
                                    • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093167E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                    • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                    • API String ID: 968149013-2963753137
                                    • Opcode ID: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction ID: 0ae16ba41c324963bd10ffdf1a04a4162996fa99853b354ac10486811896f3e6
                                    • Opcode Fuzzy Hash: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction Fuzzy Hash: AD51D675B80305BBEB207B65EC43FAA27ACAB50B54F14443AF901EB1E2EB7099408F55
                                    Function 008FA89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • gdi_get_pixel_format.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FA8B3
                                    • gdi_free.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FAA40
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_freegdi_get_pixel_format
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                    • API String ID: 1251975138-534786182
                                    • Opcode ID: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction ID: 6731901582a6301185719cb33873c23558d4847fba7641c96c5b99e6c1c01256
                                    • Opcode Fuzzy Hash: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction Fuzzy Hash: 4D4150B5200706AFD715BF38DC42B6A77A5FF44320F148429FA58DB292EF72A851CB52
                                    Function 00936C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 826 936c86-936ca5 call 9a35f0 829 936ca7-936caa 826->829 830 936cdf-936cef call 9a35f0 826->830 831 936d43 829->831 832 936cb0-936cc5 829->832 839 936da3-936db3 call 9a35f0 830->839 840 936cf5-936cfa 830->840 836 936d45-936d49 831->836 834 936cc7 832->834 835 936cca-936cdd call 93706d 832->835 834->835 835->836 847 936db9-936dbe 839->847 848 936e3d-936e4d call 9a35f0 839->848 840->831 843 936cfc-936d0b 840->843 845 936d11-936d20 call 995feb 843->845 846 937066-937068 843->846 845->831 854 936d22-936d3a call 995ff6 845->854 846->836 847->831 850 936dc0-936de0 call 995feb 847->850 856 936e53-936e58 848->856 857 936faf-936fbf call 9a35f0 848->857 850->831 860 936de6-936def 850->860 866 936d4a-936d4d 854->866 867 936d3c-936d3d call 995f15 854->867 856->831 862 936e5e-936e7e call 995feb 856->862 857->831 873 936fc5-936fca 857->873 864 936df1-936dfc call 9a3680 860->864 865 936e19-936e26 freerdp_device_collection_add 860->865 862->831 880 936e84-936e89 862->880 885 936e16 864->885 886 936dfe-936e0f call 995ff6 864->886 865->846 876 936e2c-936e32 call 995f15 865->876 874 936d73 866->874 875 936d4f-936d60 call 995ff6 866->875 879 936d42 867->879 873->831 881 936fd0-936ff0 call 995feb 873->881 877 936d75-936d82 freerdp_device_collection_add 874->877 875->877 897 936d62-936d6a call 995f15 875->897 891 936e37-936e38 876->891 877->846 884 936d88-936da1 call 995f15 * 3 877->884 879->831 887 936f5f-936f62 880->887 888 936e8f-936ea5 call 995ff6 880->888 881->831 903 936ff6-936fff 881->903 884->831 885->865 886->865 907 936e11 886->907 895 936f65-936f78 freerdp_device_collection_add 887->895 888->867 908 936eab-936eae 888->908 898 936d6b-936d71 call 995f15 891->898 895->846 902 936f7e-936faa call 995f15 * 5 895->902 897->898 898->879 902->831 910 937001-937017 call 995ff6 903->910 911 93703d-93704d freerdp_device_collection_add 903->911 907->867 908->887 916 936eb4-936eca call 995ff6 908->916 910->867 928 93701d-937020 910->928 911->846 914 93704f-937061 call 995f15 * 2 911->914 914->846 930 936ede-936ee1 916->930 931 936ecc-936ed9 call 995f15 916->931 928->911 933 937022-937033 call 995ff6 928->933 930->887 934 936ee3-936ef9 call 995ff6 930->934 931->891 933->911 945 937035 933->945 947 936efb-936f12 call 995f15 * 2 934->947 948 936f18-936f1b 934->948 945->911 947->948 948->895 951 936f1d-936f2e call 995ff6 948->951 951->895 957 936f30-936f5a call 995f15 * 4 951->957 957->831
                                    APIs
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,?), ref: 00936D79
                                    • _strlen.LIBCMT ref: 00936DF4
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936E1D
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936F6F
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00937044
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_device_collection_add$_strlen
                                    • String ID: drive$parallel$printer$serial$smartcard
                                    • API String ID: 2230162058-807955808
                                    • Opcode ID: a862b92b1c99d0e25375171c214af895efa5c5787c3ed8231d69c8a2341a0c7c
                                    • Instruction ID: cd88d004155b4c449fd57c8f12a564ff4e06dc6ae07178283b6a7863356fed87
                                    • Opcode Fuzzy Hash: a862b92b1c99d0e25375171c214af895efa5c5787c3ed8231d69c8a2341a0c7c
                                    • Instruction Fuzzy Hash: 69B1DF32604602ABDF16AF1CDC41B6E7BA5FF45320B158469F8189F292EF32DD518F90
                                    Function 008C0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 966 8c0e1f-8c0e32 967 8c0e34-8c0e3b 966->967 968 8c0e82-8c0e8f call 8c1585 966->968 970 8c0e4d-8c0e59 call 93e9a3 967->970 971 8c0e3d-8c0e48 call 93e717 967->971 977 8c0ee4-8c0f8c call 9929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 968->977 978 8c0e91-8c0e98 968->978 979 8c0fdf-8c0fe2 970->979 980 8c0e5f-8c0e7d 970->980 971->970 992 8c0ede 977->992 997 8c0f92-8c0f99 977->997 982 8c0eaa-8c0eb6 call 93e9a3 978->982 983 8c0e9a-8c0ea5 call 93e717 978->983 984 8c0ee0-8c0ee3 979->984 985 8c0fd7-8c0fdc call 93ed82 980->985 982->992 993 8c0eb8-8c0edb call 93ed82 982->993 983->982 985->979 992->984 993->992 999 8c0fab-8c0fb7 call 93e9a3 997->999 1000 8c0f9b-8c0fa6 call 93e717 997->1000 999->979 1005 8c0fb9-8c0fd1 999->1005 1000->999 1005->985
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0F64
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0F79
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                    • API String ID: 3168844106-1571615648
                                    • Opcode ID: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction ID: f0082c08295352f182a68c739b2fbdb6a6ec42f0bdf33fa01cd042b995023f97
                                    • Opcode Fuzzy Hash: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction Fuzzy Hash: D3415A71A84309ABEB149F68DC46FA977B4FB48754F108419F618EB2D1DB70E9408F98
                                    Function 008F42E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1049 8f42e5-8f43dd call 9a3680 call 94010e CreateFileA GetFileSize call 995f30 1059 8f4507-8f4514 CloseHandle 1049->1059 1060 8f43e3-8f43f4 ReadFile 1049->1060 1061 8f43fa-8f43fd 1060->1061 1062 8f4500-8f4506 call 995f15 1060->1062 1061->1062 1064 8f4403-8f4408 1061->1064 1062->1059 1064->1062 1066 8f440e-8f448f SetFilePointer SetEndOfFile 1064->1066 1066->1062 1068 8f4515-8f451e 1066->1068 1069 8f469c-8f46b0 call 94536b 1068->1069 1072 8f4523-8f452c call 9a3680 1069->1072 1073 8f47b3-8f47d8 call 93e9a3 1069->1073 1072->1069 1078 8f4532-8f454e call 8f484b 1072->1078 1073->1062 1081 8f47de-8f47ed call 995fd8 * 2 call 9a3e39 1073->1081 1078->1069 1084 8f4554-8f4624 call 8f4878 call 9a35f0 call 8b8b2e 1078->1084 1084->1062 1097 8f462a-8f463c call 995f30 1084->1097 1097->1069 1097->1073
                                    APIs
                                    • _strlen.LIBCMT ref: 008F42FA
                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4320
                                    • GetFileSize.KERNEL32(00000000,?), ref: 008F433A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreateSize_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 2645226956-2916857029
                                    • Opcode ID: 8f6d23ec63e22563abe6dffc4652d3a97194a88457edaf93e0b79e678dce1b27
                                    • Instruction ID: 9db898e1064cd5029083c85e12b2ce03a9a3fc3e8dc85a42484c4198fec2f7a8
                                    • Opcode Fuzzy Hash: 8f6d23ec63e22563abe6dffc4652d3a97194a88457edaf93e0b79e678dce1b27
                                    • Instruction Fuzzy Hash: 7A5161B1904219AFEB11ABB4DC45ABF77BCFF59724F10412BFA01E6191EB309D408B64
                                    Function 008C0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1100 8c0c4d-8c0c61 1101 8c0cb1-8c0cbf call 8c155c 1100->1101 1102 8c0c63-8c0c6a 1100->1102 1110 8c0d15-8c0dc4 call 9929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1101->1110 1111 8c0cc1-8c0cc8 1101->1111 1104 8c0c7c-8c0c88 call 93e9a3 1102->1104 1105 8c0c6c-8c0c77 call 93e717 1102->1105 1113 8c0c8e-8c0cac 1104->1113 1114 8c0e17-8c0e1a 1104->1114 1105->1104 1128 8c0d0e 1110->1128 1130 8c0dca-8c0dd1 1110->1130 1116 8c0cda-8c0ce6 call 93e9a3 1111->1116 1117 8c0cca-8c0cd5 call 93e717 1111->1117 1118 8c0e0f-8c0e14 call 93ed82 1113->1118 1119 8c0d10-8c0d14 1114->1119 1116->1128 1129 8c0ce8-8c0d0b call 93ed82 1116->1129 1117->1116 1118->1114 1128->1119 1129->1128 1132 8c0de3-8c0def call 93e9a3 1130->1132 1133 8c0dd3-8c0dde call 93e717 1130->1133 1132->1114 1139 8c0df1-8c0e09 1132->1139 1133->1132 1139->1118
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0D92
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0DB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                    • API String ID: 3168844106-4217659166
                                    • Opcode ID: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction ID: 8565790384e5fed5b9d6ceb7bbf63195b971b3dc4a69720169146947dc6a25fb
                                    • Opcode Fuzzy Hash: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction Fuzzy Hash: 69516C71A40305ABDB109F65ED46FA97BB4FB48754F108429FA08EB291EB74E900CF54
                                    Function 009C5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1140 9c5e43-9c5e57 1141 9c5e5e-9c5e64 1140->1141 1142 9c5e59-9c5e5b 1140->1142 1143 9c5e6d-9c5e73 1141->1143 1144 9c5e66-9c5e6b 1141->1144 1142->1141 1146 9c5e76-9c5ea2 call 9aaa7a call 9aaa94 1143->1146 1144->1143 1145 9c5ee5-9c5ee7 1144->1145 1148 9c5ee9-9c5eec 1145->1148 1159 9c5f3e 1146->1159 1160 9c5ea8-9c5ec8 call 9929c0 1146->1160 1149 9c5eee-9c5ef0 1148->1149 1150 9c5f0a-9c5f18 call 93e9a3 1148->1150 1149->1150 1152 9c5ef2-9c5ef5 1149->1152 1161 9c5f1a-9c5f3c call 93ed82 1150->1161 1162 9c5f40-9c5f6e call 9aaa7a * 4 1150->1162 1152->1150 1155 9c5ef7-9c5efe 1152->1155 1155->1148 1158 9c5f00-9c5f03 1155->1158 1158->1162 1163 9c5f05-9c5f08 1158->1163 1159->1162 1160->1146 1171 9c5eca-9c5ee2 call 9aaa7a call 9aaa94 1160->1171 1161->1162 1167 9c5f71-9c5f75 1162->1167 1163->1167 1171->1145
                                    APIs
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 009C5F24
                                    • avc444_ensure_buffer, xrefs: 009C5F1F
                                    • YUV buffer not initialized! check your decoder settings, xrefs: 009C5F1A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                    • API String ID: 733272558-18228272
                                    • Opcode ID: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction ID: a6e15c08fef856697b28219784dd2e474c47cc3c5bd4e9be78b09697b4e1b793
                                    • Opcode Fuzzy Hash: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction Fuzzy Hash: F8419A71A00B06AFDB249F25C882B5AB7E5FB45314F14883EF586CA661D371F990CB82
                                    Function 009C3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1182 9c3b76-9c3b91 freerdp_settings_set_bool 1183 9c3b97-9c3b9e 1182->1183 1184 9c3d20 1182->1184 1183->1184 1185 9c3ba4-9c3ba8 1183->1185 1186 9c3d22-9c3d26 1184->1186 1185->1184 1187 9c3bae-9c3bc1 freerdp_settings_set_string 1185->1187 1187->1184 1188 9c3bc7-9c3bcb 1187->1188 1189 9c3bcd-9c3bd0 1188->1189 1190 9c3bd2 1188->1190 1191 9c3bd5-9c3be5 freerdp_settings_set_string 1189->1191 1190->1191 1191->1184 1192 9c3beb-9c3bef 1191->1192 1193 9c3c0a-9c3c1c freerdp_settings_set_string 1192->1193 1194 9c3bf1-9c3c04 freerdp_settings_set_string 1192->1194 1193->1184 1195 9c3c22-9c3c35 freerdp_settings_set_string 1193->1195 1194->1184 1194->1193 1195->1184 1196 9c3c3b-9c3c4e freerdp_settings_set_string 1195->1196 1196->1184 1197 9c3c54-9c3c58 1196->1197 1198 9c3c5a-9c3c6a freerdp_settings_set_string 1197->1198 1199 9c3c70-9c3c8c freerdp_settings_set_uint32 1197->1199 1198->1184 1198->1199 1199->1184 1200 9c3c92-9c3ca4 freerdp_target_net_addresses_free 1199->1200 1201 9c3d1b-9c3d1e 1200->1201 1202 9c3ca6-9c3cd0 call 995feb * 2 1200->1202 1201->1186 1202->1184 1207 9c3cd2-9c3cd4 1202->1207 1207->1184 1208 9c3cd6-9c3cde 1207->1208 1208->1201 1209 9c3ce0-9c3d10 call 995ff6 1208->1209 1209->1184 1212 9c3d12-9c3d19 1209->1212 1212->1201 1212->1209
                                    APIs
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,00000400,00000001), ref: 009C3B87
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000401,00000000), ref: 009C3BB7
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000404,?), ref: 009C3BDB
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000402,00000000), ref: 009C3BFA
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000014,?), ref: 009C3C12
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,000006C1,?), ref: 009C3C2B
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000403,?), ref: 009C3C44
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000015,00000000), ref: 009C3C60
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,00000013,?), ref: 009C3C82
                                    • freerdp_target_net_addresses_free.GETSCREEN-941605629-X86(?), ref: 009C3C93
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                    • String ID:
                                    • API String ID: 949014189-0
                                    • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction ID: 5e7fa2fdeaa10955a72c758e7e2d670652118f1795242c6590350bc158e46c8c
                                    • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction Fuzzy Hash: F5418371A00A16BBE7215F39DC45F9A7398FF05310F04C029FA06966D2E773EA61CB96
                                    Function 00971612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00945CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,00971701,00000001), ref: 00945CF9
                                    • zgfx_context_new.GETSCREEN-941605629-X86(00000000), ref: 00971874
                                      • Part of subcall function 009C693A: zgfx_context_reset.GETSCREEN-941605629-X86(00000000,00000000,00000000,?,00971879,00000000), ref: 009C6964
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                    • API String ID: 3732774510-3243565116
                                    • Opcode ID: 49051416b43992debb303e43d2ff0887be333a0885452c221ecb0c6432260e03
                                    • Instruction ID: 39b129f77322450d156c06d0cf39d3f34d61db2c9cbfd9d292a9eb69b726fca1
                                    • Opcode Fuzzy Hash: 49051416b43992debb303e43d2ff0887be333a0885452c221ecb0c6432260e03
                                    • Instruction Fuzzy Hash: 4571EB72A887027FD3249F299C42B9677E8FF59724F104529F5499BAC2DBB4E440CF84
                                    Function 008FE4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00946B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,008FE59B,00000001,00006060,00000010), ref: 00946B3E
                                    • GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                    • GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 008FE6DC
                                    • CreateThreadpool.KERNEL32(00000000), ref: 008FE6E2
                                    Strings
                                    • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 008FE605
                                    • com.freerdp.codec.rfx, xrefs: 008FE530
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                    • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                    • API String ID: 3882483829-2530424157
                                    • Opcode ID: a603b9d7d9709af83a0ccca068e3b0f11948883704ae846dbdf472fc7dfd79fe
                                    • Instruction ID: 3aef38b37b1e84aa6498f4bdbee37917d84adf5e9e78688e4adffa4368bab0a3
                                    • Opcode Fuzzy Hash: a603b9d7d9709af83a0ccca068e3b0f11948883704ae846dbdf472fc7dfd79fe
                                    • Instruction Fuzzy Hash: BD41AFB1A00719AFEB20AFB8DC85B66B7E8FF45304F10447EF649D6252DB70E9548B50
                                    Function 0093E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8B2
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8D6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                    • API String ID: 1431749950-225596728
                                    • Opcode ID: 02052e2d89f6ae9eb05474eb336878d3a7180566055ce22e3607bdc67c41700b
                                    • Instruction ID: d0768d85262d8f9b9e4a70d6ee11c2371d0708746a696899ce8a45174e21902b
                                    • Opcode Fuzzy Hash: 02052e2d89f6ae9eb05474eb336878d3a7180566055ce22e3607bdc67c41700b
                                    • Instruction Fuzzy Hash: 9021C83235835679AE557369BC4BF3B179CDFC2BB4B20052AF405A60C2EE909C418BA1
                                    Function 008B3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 008C48D9
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 008C498F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_set_last_error_ex
                                    • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                    • API String ID: 270715978-29603548
                                    • Opcode ID: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction ID: 2dda067885571cce08f1c51629fb2b466f5129645566d50e4a3feda198c9029d
                                    • Opcode Fuzzy Hash: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction Fuzzy Hash: 4E21F972A40315B6D7106B58DC02FEB7F78FB51B14F10906AF90CEB2D2E6B09680CBA1
                                    Function 009C58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C58FA
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000001,00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C5902
                                    • audio_format_compatible.GETSCREEN-941605629-X86(009C5425,?,?,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C594D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string$audio_format_compatible
                                    • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                    • API String ID: 204136587-155179076
                                    • Opcode ID: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction ID: 81f5b1bba8379f57279ad716c0e207b1c42a8eda9b6b1b2649ff24ab49c1ebc7
                                    • Opcode Fuzzy Hash: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction Fuzzy Hash: 5121C9B1B443057AE7146BA4AC83FBA33ACDB50724F51041FF645EA2C1E9B1A981866A
                                    Function 00944B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(secur32.dll,?,00944AEC), ref: 00944B18
                                    • LoadLibraryA.KERNEL32(security.dll,?,00944AEC), ref: 00944B28
                                    • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 00944B42
                                    • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 00944B51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                    • API String ID: 2574300362-4081094439
                                    • Opcode ID: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction ID: 2010c1b7fac7c6f4984db987f25739ce7e1cb5b1511fbaf3aa8074a52d3ac849
                                    • Opcode Fuzzy Hash: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction Fuzzy Hash: A0F01972DA9726678B11ABBDBC04E6E6AECEE847503064597D804D3110EFB0C8418FA1
                                    Function 008D501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_read_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D502A
                                    • ber_read_length.GETSCREEN-941605629-X86(?,?), ref: 008D503F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_read_lengthber_read_universal_tag
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                    • API String ID: 3186670568-2454464461
                                    • Opcode ID: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction ID: 9771df8a3274ea0fea1c14afcfd07d627a17d5f8fd49db3699dbfa6412fda48d
                                    • Opcode Fuzzy Hash: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction Fuzzy Hash: 6E4125B1B44F116BDB208F24CC42B2937E5FBA1725F14866BE559CB3C5EA34DA00CB60
                                    Function 00919C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,?), ref: 00919C6E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_rects
                                    • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                    • API String ID: 844131241-2640574824
                                    • Opcode ID: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction ID: 1bbcc0dacf8359dd107ca2fa9ee667a76c41a09c1020a2011d667daf9fd8570c
                                    • Opcode Fuzzy Hash: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction Fuzzy Hash: 5F31BF76780306BAF620BB65AC93FB637DCEB59B11F100425F954EB1C1FEA19D8087A1
                                    Function 008B2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C14
                                    • clearChannelError.GETSCREEN-941605629-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C1B
                                      • Part of subcall function 008B26E1: ResetEvent.KERNEL32(?), ref: 008B270A
                                      • Part of subcall function 008C8142: ResetEvent.KERNEL32(?,?,008B2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008C814E
                                    Strings
                                    • freerdp, xrefs: 008B3062
                                    • ConnectionResult, xrefs: 008B3077
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 008B2BFC
                                    • freerdp_connect, xrefs: 008B2C01
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                    • API String ID: 3632380314-3564821047
                                    • Opcode ID: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction ID: c813ff696e37b02b52812fb96a3596cb93c0c0c0818a20b24347dbfc41194bad
                                    • Opcode Fuzzy Hash: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction Fuzzy Hash: 09316D75600605AFEB14EF79D885BEAB7F8FF18350F140179E808E7391EB719A508B50
                                    Function 008D53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5415
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000001,?,00000002,00000000), ref: 008D541D
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5440
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000002,?,00000002,00000000), ref: 008D5448
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_write_lengthber_write_universal_tag
                                    • String ID:
                                    • API String ID: 1889070510-0
                                    • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction ID: 0067f79c901b216a141f70fede5b06ed2b49d0fe35da5dda4549c32518eb49af
                                    • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction Fuzzy Hash: 9921FB70101F44AFDB126B09DD52BAB7766FF11B01F00455BF94A9F782C621BA41CBA7
                                    Function 008DCB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB79
                                    • brush_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB86
                                    • pointer_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB94
                                    • bitmap_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBA2
                                    • offscreen_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBB0
                                    • palette_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBBE
                                    • nine_grid_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBCC
                                    • cache_free.GETSCREEN-941605629-X86(00000000), ref: 008DCBDE
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                    • String ID:
                                    • API String ID: 2332728789-0
                                    • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction ID: 6ee5cac63c32ace225eecfbcb44f2f60bda2553ea5fe761cb457ec2c9e17e28a
                                    • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction Fuzzy Hash: 34018436148B0B5AE7256EB99842D3B67E8FF42B70710463FE481D6B81EF20D401C672
                                    Function 008FEFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_init.GETSCREEN-941605629-X86(?), ref: 008FF58A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_init
                                    • String ID:
                                    • API String ID: 4140821900-0
                                    • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction ID: 9167258e75f8a1d82103209f33e43f90cd9b3296c114be7d65fe1906ea9d95a5
                                    • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction Fuzzy Hash: 31514CB2D0021D9BDB18DFA5C881AEEBBF9FF48304F14452AF619E7241E7359945CB60
                                    Function 008FAA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CreateCompatibleDC.GETSCREEN-941605629-X86(?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?,?,?,?,?,008FA899), ref: 008FAAE7
                                    • gdi_CreateCompatibleBitmap.GETSCREEN-941605629-X86(?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB0E
                                    • gdi_CreateBitmapEx.GETSCREEN-941605629-X86(?,?,?,?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB2A
                                    • gdi_SelectObject.GETSCREEN-941605629-X86(?,?), ref: 008FAB60
                                    • gdi_CreateRectRgn.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000), ref: 008FABA5
                                    • gdi_DeleteObject.GETSCREEN-941605629-X86(?), ref: 008FAC39
                                    • gdi_DeleteDC.GETSCREEN-941605629-X86(?), ref: 008FAC48
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                    • String ID:
                                    • API String ID: 412453062-0
                                    • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction ID: 722f303549af0a5b36e4b3c4f4afc7871c2c3cec97e3460b7a11ee6e12813f98
                                    • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction Fuzzy Hash: 485108B92007099FC729DF29C885EA6B7E1FF5C320B05456DE98A8B762E771E841CF40
                                    Function 0094EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,00946939,?,?,?,?,00946A0A,?), ref: 0094EABD
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EAE7
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB14
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB37
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                    • API String ID: 1431749950-2760771567
                                    • Opcode ID: 741d2df3ff382356938fbf865928b2390945d8700ea13d8b43a6f7e36e768eda
                                    • Instruction ID: fc4c0e72271cbff368cbc4fe9cb681207bc7b7fc105c2eebe4c61662fbecf514
                                    • Opcode Fuzzy Hash: 741d2df3ff382356938fbf865928b2390945d8700ea13d8b43a6f7e36e768eda
                                    • Instruction Fuzzy Hash: 5131D571905B16BF9B255FA69C89E6F7BACFF817B83100019F40593680DB709D50C7E1
                                    Function 00338EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,Function_00068C90,00338EC0,00000000), ref: 00338F0A
                                    • GetLastError.KERNEL32 ref: 00338F38
                                    • TlsGetValue.KERNEL32 ref: 00338F46
                                    • SetLastError.KERNEL32(00000000), ref: 00338F4F
                                    • RtlAcquireSRWLockExclusive.NTDLL(00B71284), ref: 00338F61
                                    • RtlReleaseSRWLockExclusive.NTDLL(00B71284), ref: 00338F73
                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,0031B080), ref: 00338FB5
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                    • String ID:
                                    • API String ID: 389898287-0
                                    • Opcode ID: a0b191f6423be71c481b38f40161cb3cd41391c8c72ce84410aea7798011daa9
                                    • Instruction ID: 13212bdafb4b25feae6b34a114b3e64fdb72b638411769ab64e0e4a0ef963654
                                    • Opcode Fuzzy Hash: a0b191f6423be71c481b38f40161cb3cd41391c8c72ce84410aea7798011daa9
                                    • Instruction Fuzzy Hash: 2221D134650305AFDB016FACFC89BAE7BA9FB44711F010421F909D72A1EF7199909BB1
                                    Function 0094F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0094F673
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F68A
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F6AB
                                    • closesocket.WS2_32(?), ref: 0094F6E6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$closesocketsocket
                                    • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                    • API String ID: 65193492-3368084233
                                    • Opcode ID: c192d224525b2115d9b140efe372065946abd1a60211b31471f673133c92cc0d
                                    • Instruction ID: d9e0eb1496f092aad389b6394bcc444f7e690d667ebd7759c50171b0a9abea42
                                    • Opcode Fuzzy Hash: c192d224525b2115d9b140efe372065946abd1a60211b31471f673133c92cc0d
                                    • Instruction Fuzzy Hash: 9921D131154B076BD3305F659C29F177BE4FB80768F21092DF1429AAE1DBB1A4418750
                                    Function 0095001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(winsta.dll,?,009478D9,00BF7120), ref: 00950023
                                    • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0095003C
                                    • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 00950052
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                    • API String ID: 2238633743-2382846951
                                    • Opcode ID: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction ID: fb29f60d676437bf14e7bf645aa4915a726107801921e73f020557d68173f9bf
                                    • Opcode Fuzzy Hash: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction Fuzzy Hash: 560192705593009FD714DF729D0DBA53BE4BB85316F0644B9D909CB262EBB09048DF10
                                    Function 008DCB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_free.GETSCREEN-941605629-X86(?), ref: 008DCB1E
                                    • brush_cache_free.GETSCREEN-941605629-X86(?,?), ref: 008DCB26
                                    • pointer_cache_free.GETSCREEN-941605629-X86(?,?,?), ref: 008DCB2E
                                    • bitmap_cache_free.GETSCREEN-941605629-X86(?,?,?,?), ref: 008DCB36
                                    • offscreen_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 008DCB3E
                                    • palette_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?), ref: 008DCB46
                                    • nine_grid_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?,?), ref: 008DCB4E
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                    • String ID:
                                    • API String ID: 637575458-0
                                    • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction ID: 942c526e9a41e56c46184c417a70a51a0d3712e80741303537c91e8b895e0357
                                    • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction Fuzzy Hash: 1AE09B31411A14ABCE323F69DC03D1EBB65FF007603014639F595A1573CB22AC609B83
                                    Function 0091DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0091E040
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E04F
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0091E062
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E0A3
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?), ref: 0091E0C8
                                    • gdi_RectToCRgn.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0091E147
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-0
                                    • Opcode ID: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction ID: c970457fd17f9f929ef4652aac787311bb3c6759ada2ece3a1346dae2589b3da
                                    • Opcode Fuzzy Hash: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction Fuzzy Hash: 1751C471E0521DEFCF14DF98C9809EEBBB9FF88710B14441AE915A7250D770AA81CFA0
                                    Function 008F1D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,000007C0,?), ref: 008F1DA2
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000001), ref: 008F1DCC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1DE8
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1DFC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1E19
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1E2D
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                    • String ID:
                                    • API String ID: 4272850885-0
                                    • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction ID: 9ce53094d298ca4a5f871c21e8af4c31daf3666aa8d82bf4215be8f2160f422d
                                    • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction Fuzzy Hash: 85118262B8520EF5FD6020798C86F7B175CFF61B54F140525FF08E51C1F995AA0084A7
                                    Function 00918AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 00918C2B
                                    Strings
                                    • freerdp_image_copy_from_icon_data, xrefs: 00918DBA
                                    • com.freerdp.color, xrefs: 00918D98
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 00918DBF
                                    • 1bpp and 4bpp icons are not supported, xrefs: 00918DB5
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                    • API String ID: 1523062921-332027372
                                    • Opcode ID: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction ID: ff1207c7c8ae53c65d8ed5413b23e59d5ef2468ed3a2aa385dffdc15578e0b34
                                    • Opcode Fuzzy Hash: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction Fuzzy Hash: 3251C4B6B0021DAADF149F14DC41BFA77A8EB58300F0481A9FE14A21D1DB709EC1DF64
                                    Function 00938423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: kbd-lang-list$kbd-list$monitor-list
                                    • API String ID: 0-1393584692
                                    • Opcode ID: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction ID: 09dc973c295c32f3d5a0352183e99183002f3fe8866e71cca4cb017f38c64773
                                    • Opcode Fuzzy Hash: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction Fuzzy Hash: 3F318932A11319AACF209B68DD46EDBB7ECEB44754F0405A5F914A71E2DB70DA408ED0
                                    Function 00909962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 00909AFA
                                    • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 00909AF0
                                    • interleaved_compress, xrefs: 00909AF5
                                    • com.freerdp.codec, xrefs: 00909AD0
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                    • API String ID: 0-4054760794
                                    • Opcode ID: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction ID: 9165c68135b529b37d0ecef290e420466dd3894ecc6cc57898b7752dd8a14bbf
                                    • Opcode Fuzzy Hash: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction Fuzzy Hash: C8216F72700209BFEF255E6AEC46FAB3B6CEF45768F084118F904561E2E671EC50DB50
                                    Function 0093E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                    • API String ID: 689400697-743139187
                                    • Opcode ID: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction ID: 363503faa4baa5d66f5b29c30e31861b0026d4e30115a22a58fe4078149e44ea
                                    • Opcode Fuzzy Hash: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction Fuzzy Hash: 20219632384244BBDF125F65EC06FAB3F69EF95B54F044095FA04660E1CE62D960DB60
                                    Function 0093E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943DA3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                    • API String ID: 689400697-1744466472
                                    • Opcode ID: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction ID: f44026e69fc8d8f4018d3a6fbe322531fbf31c138842e4c9648239eb13a55b57
                                    • Opcode Fuzzy Hash: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction Fuzzy Hash: 43217832384208BBDF125E65EC06FAB3F6DFF89B54F004095FA04660E1DE66DA60DB60
                                    Function 008C11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C11FA
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C1248
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelDetached$freerdp
                                    • API String ID: 3987305115-436519898
                                    • Opcode ID: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction ID: 35e5e51394404870ed931a03d5759ee0d19c5efeb272739f3de3b3dcea02f132
                                    • Opcode Fuzzy Hash: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction Fuzzy Hash: 7C212B75A00209AFDF10DF98C885FAEBBF9FF09344F108469E944E7252D771AA509BA0
                                    Function 008C0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C0B64
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C0BB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelAttached$freerdp
                                    • API String ID: 3987305115-2646891115
                                    • Opcode ID: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction ID: eb20bd82911d1183cd7e70c81e8a35291a9eb5a34f22a8d37e83f4edac7710d7
                                    • Opcode Fuzzy Hash: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction Fuzzy Hash: 60211971A00209EFDB00DF98C885FAEBBF8FF48354F104569E948E7252D771AA509FA0
                                    Function 0093E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943227
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                    • API String ID: 689400697-2657764935
                                    • Opcode ID: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction ID: 687582f5948835eda31ab68a6278577f4e92f6222bb5aa76e8f14934a0ae7036
                                    • Opcode Fuzzy Hash: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction Fuzzy Hash: E71187323982057BDF115E65EC0BFAB3BA9EF94714F004095FA14660E1DDA2CA20DB74
                                    Function 0093E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094384E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                    • API String ID: 689400697-2008077614
                                    • Opcode ID: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction ID: b048e1936a8ca34311e4ba9efddaabcb94576ba861845b2a86800b1759eb0c06
                                    • Opcode Fuzzy Hash: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction Fuzzy Hash: 8D1187323842047BDF115F65EC06FAB3FA9EF95B14F004095FA04A61E1DD66DA20DB64
                                    Function 0093E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009432F9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                    • API String ID: 689400697-1172745827
                                    • Opcode ID: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction ID: d8b4a1f6f838c42f25635a7358de6d375bc8d858633bbc7820536aabc55b646b
                                    • Opcode Fuzzy Hash: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction Fuzzy Hash: 671157323882057BDF111E65EC07F6B3FADEF95754F004095FA04661E1DE62D960DB64
                                    Function 0093E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944481
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                    • API String ID: 689400697-3834539683
                                    • Opcode ID: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction ID: dd8b8ee7cb089f47787be9e34e1516ba9f4cce3d95e03f527b992c4e011149b5
                                    • Opcode Fuzzy Hash: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction Fuzzy Hash: 5311A3353C42047BEE211A66AC07F6B3BACEB81B10F1044A5FA00A71E1DDA5DE50DAB5
                                    Function 0093E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009440BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                    • API String ID: 689400697-247170817
                                    • Opcode ID: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction ID: 4ac8d426ac9f85e0b640da6d2b38242e0facfc880450a35e3c3e77f9c77ecf5c
                                    • Opcode Fuzzy Hash: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction Fuzzy Hash: 9E11C4323C82057BDA112A66EC07F2B3AACEFE5B10F004495FA00A70E1DD55CD50D661
                                    Function 0093E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944544
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                    • API String ID: 689400697-1495805676
                                    • Opcode ID: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction ID: b6aecd7349adf5bf6eddaeb10b74a65e5617c7fbb3e400437ee5983be6d3e4d5
                                    • Opcode Fuzzy Hash: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction Fuzzy Hash: 5A11A7713C83047BDF116A66EC0BF673BACEB81B50F004095FA00A71E1DD91D910D669
                                    Function 0093E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094417E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                    • API String ID: 689400697-1164902870
                                    • Opcode ID: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction ID: 8f80b9bbd00c311b3ac68980c252a9adf8e0fe0a44643ba257e40bca0abe96be
                                    • Opcode Fuzzy Hash: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction Fuzzy Hash: 8E11A7353C83057BDA215A66AC07F673EACEFD5B10F0004A5F900A71E1DDA1DA50D774
                                    Function 0093E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009433CB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                    • API String ID: 689400697-3640258815
                                    • Opcode ID: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction ID: 4003ff50f4a277aa2f4aed69e4879d1d7a857388fad3482a641c3734b7b1243e
                                    • Opcode Fuzzy Hash: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction Fuzzy Hash: AE1194313C42047ADE211A65AC0BF6B3AADEF91B24F004495FA00A70E1DD659A50D774
                                    Function 0093E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943548
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                    • API String ID: 689400697-3257054040
                                    • Opcode ID: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction ID: 4837b383b614fcd19f7b009b90ff38e726ddf1845a9199ab89610a07d2211d34
                                    • Opcode Fuzzy Hash: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction Fuzzy Hash: 3E11A7313C43057BEB215A65EC0BF6B3AACEB81B54F004495F904A71E1DD55DA10DB65
                                    Function 0093E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094360B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                    • API String ID: 689400697-848437295
                                    • Opcode ID: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction ID: 54442880d850abc711d1cffb15fcbbeef861293494649afba4e837930ac7fc40
                                    • Opcode Fuzzy Hash: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction Fuzzy Hash: 6B1191313C43057ADA215A66AC0BF7B3BACEB91B24F004095F904A71E1DEA59A50DAA4
                                    Function 00911A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • ncrush_context_reset.GETSCREEN-941605629-X86(00000000,00000000), ref: 00911B36
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 00911B19
                                    • ncrush_context_new, xrefs: 00911B14
                                    • com.freerdp.codec, xrefs: 00911AF1
                                    • ncrush_context_new: failed to initialize tables, xrefs: 00911B0F
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ncrush_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                    • API String ID: 2838332675-904927664
                                    • Opcode ID: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction ID: 1ba2a4d8631383a8042c435f8079f271a8dd0993764107c3d5f1d58fa16ae474
                                    • Opcode Fuzzy Hash: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction Fuzzy Hash: 5F1108B234470A3AE704AB15EC42FE773ACEB80760F004119F518972C1EFB2AD908BB0
                                    Function 0093E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094378E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                    • API String ID: 689400697-3754301720
                                    • Opcode ID: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction ID: c6aea201acea0a92b952e585c1385d25df6d189ff9677526c364ed029e586df9
                                    • Opcode Fuzzy Hash: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction Fuzzy Hash: 3911C6713C43057AEA111766EC4BF7B3BACEB91B60F004095FA04A71E1DD66DA50D764
                                    Function 0093E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009436CE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                    • API String ID: 689400697-3413647607
                                    • Opcode ID: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction ID: 5324a257bcc8c61541e7a06650878ca7b6241e7fd1e45be43216d8b162926e89
                                    • Opcode Fuzzy Hash: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction Fuzzy Hash: 6611A3B13C43447AEA111676EC4BF3B3BACEB91B10F004095F900A71E1DEA59A10D765
                                    Function 0093E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943F3E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                    • API String ID: 689400697-3211427146
                                    • Opcode ID: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction ID: e6a49e54f89a2b70012ff9870f80cc9b9d0efec5885cf17faeb05dcadd2d7002
                                    • Opcode Fuzzy Hash: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction Fuzzy Hash: 3C118F353C82057BEA112B76AC07F2B3AADEF95B20F0080D5F900A61E1DDA28A108660
                                    Function 0093E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943E7E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                    • API String ID: 689400697-2578917824
                                    • Opcode ID: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction ID: 0dd7bd44bd0a65d5f6ce0a61ee69bc0fe087fc565a6e4cdd865ad43f7279024a
                                    • Opcode Fuzzy Hash: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction Fuzzy Hash: E311A3323C82047BEA215A76EC07F3B3AACEB95B24F004095F904A71E1DD629A10C6A4
                                    Function 0093E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094316A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                    • API String ID: 689400697-3351603741
                                    • Opcode ID: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction ID: 7c2dc5d8424235c90117d6c54b2d35ff2e6b7f892ae71290dde8c8b1ae7ce61d
                                    • Opcode Fuzzy Hash: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction Fuzzy Hash: 571186313CC2047ADE212666AC4BF6B3EACEB95B10F004495FA10A71D1DE92DA10C674
                                    Function 0093E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009430AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                    • API String ID: 689400697-2261828479
                                    • Opcode ID: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction ID: 603a29285d2be7846efbc55d6ea6e13e30b9ea87754e13cd059e3413f91950fa
                                    • Opcode Fuzzy Hash: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction Fuzzy Hash: 371182313CC3047AEE211666EC0BF7B3AACEB95B24F004495F904A71E1DD91DE50C6B4
                                    Function 0093E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943FFE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                    • API String ID: 689400697-2156878011
                                    • Opcode ID: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction ID: bfba532d9ddf2464ba0e415bfd2874d37d940418ab2622f78c27f184d8c709f8
                                    • Opcode Fuzzy Hash: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction Fuzzy Hash: 5E1173353C83057BEB212666AC0BF2B3BACEFD1B14F004095FA04AB1E1DD96D95086A4
                                    Function 0093E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943920
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                    • API String ID: 689400697-2845897268
                                    • Opcode ID: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction ID: 6721db2a15ad8fc80937245fba9064e80e947d81bd5d981f8b2b4f71fa859367
                                    • Opcode Fuzzy Hash: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction Fuzzy Hash: EF11C2313C8204BAEA251736AC0BF7B3AACEBD1B64F0040A5F900A70E1DDA18E10C6A4
                                    Function 0093E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009439DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                    • API String ID: 689400697-1972714555
                                    • Opcode ID: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction ID: b8a29783b7eeb3051e7e4f364520fd6559cff261c2979a6a0072f754fc95fba5
                                    • Opcode Fuzzy Hash: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction Fuzzy Hash: BD1182353C82047BEA216676EC0BF7B3BACEFD1B64F0044A5F900A71E1DE959A10C6A4
                                    Function 0093E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942FF0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                    • API String ID: 689400697-1149382491
                                    • Opcode ID: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction ID: 30702d8a0b1d6ee5852479955fac12e06265ffdf79af9bdf2164d06a0aeee027
                                    • Opcode Fuzzy Hash: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction Fuzzy Hash: 56115E353882047BEA255A66EC0BF6B3BACAF81B64F0040D5FA04A71E1DD919E50D6B4
                                    Function 0093E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                    • API String ID: 689400697-255015424
                                    • Opcode ID: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction ID: 8b2a90f4994bb95b06b48d9bad930e51a9e9ee0c6035d6caeaf9054a832e9056
                                    • Opcode Fuzzy Hash: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction Fuzzy Hash: B911A0353CC3053AEA216766AC0BF6B3AACFB91B20F4000D5FA04A70E1DD919D50C6B5
                                    Function 0091954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009195B5
                                    Strings
                                    • SmartScaling requested but compiled without libcairo support!, xrefs: 009195E6
                                    • com.freerdp.color, xrefs: 009195C8
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 009195F0
                                    • freerdp_image_scale, xrefs: 009195EB
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                    • API String ID: 1523062921-212429655
                                    • Opcode ID: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction ID: a2bb4ca6fa92f7552b0b5c7134c6a17c68973793be97e528b12869f62d7f358c
                                    • Opcode Fuzzy Hash: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction Fuzzy Hash: F9216A7274020DBBDF15EF54DC52FEA3BAAEB58700F044119FD19AA190E671E991DB80
                                    Function 0093E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944241
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                    • API String ID: 689400697-954186549
                                    • Opcode ID: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction ID: 8ab195d688232da72a15c4bf26c0ab4737d1365fa3e87fac20cf473ac47c796a
                                    • Opcode Fuzzy Hash: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction Fuzzy Hash: 291182613C82057BEA212666BC0BF373AACEB91B50F0000A6F910A71D1DDD59E50C6A4
                                    Function 0093E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943B54
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                    • API String ID: 689400697-1791514552
                                    • Opcode ID: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction ID: 8f712852d1acd26c19c8e572125c569ee435462c15d7e8646496ebee4e6d0d0a
                                    • Opcode Fuzzy Hash: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction Fuzzy Hash: CB11A1313C83047BEA211666AC0BF7B3AACEB91B60F0040E5F900EB1E1DD959E10C6B4
                                    Function 0093E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943C0E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                    • API String ID: 689400697-4242683877
                                    • Opcode ID: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction ID: 887912cf9307299392ae23d5f1725a213ee2b3d5dfe54b8adae43f09a39fa4f2
                                    • Opcode Fuzzy Hash: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction Fuzzy Hash: 031182213C82057AEA112A36AD4BF673AACEBD1B51F008095F900AB1E1DD95DB50C6A4
                                    Function 0093E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094348E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                    • API String ID: 689400697-3116451197
                                    • Opcode ID: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction ID: 7151f3adf17784770e83c67796cac1541225b968330d13070af57facef64b71e
                                    • Opcode Fuzzy Hash: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction Fuzzy Hash: 9611A5353C83047AEA212636AC0BF673AACEB91B50F008095FA04A71E1DD95DE50C6B4
                                    Function 0093E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943A9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                    • API String ID: 689400697-4185332897
                                    • Opcode ID: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction ID: 3c313dc3ac48107fd8f7f55d8ad763e38ea769cd67165269f263a42a036aa71c
                                    • Opcode Fuzzy Hash: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction Fuzzy Hash: 9011A5313C83047AEA215766AD0BF773AACEBD1B54F0040A5F904A71E1DD959A10C6B5
                                    Function 009C65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C65CB
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 009C6633
                                    • error when decoding lines, xrefs: 009C6629
                                    • com.freerdp.codec, xrefs: 009C660B
                                    • yuv_process_work_callback, xrefs: 009C662E
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: primitives_get
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                    • API String ID: 2017034601-2620645302
                                    • Opcode ID: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction ID: 55838f15e5b7e9edf265caef9d6506f0886716b3487919998ebcd95c22564c4f
                                    • Opcode Fuzzy Hash: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction Fuzzy Hash: DB0192B2A0030ABFD714DF54DC42F5AB7A8FF48714F00459AF9099A2C2EA71E940CBA4
                                    Function 009C1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %zd;NAME=%s%zd;PASS=%s
                                    • API String ID: 4218353326-3114484625
                                    • Opcode ID: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction ID: 8da01bfbe33f44697a20e03e5bbb32f2d7cc5eb965e72dffc92b7e6b86061fa5
                                    • Opcode Fuzzy Hash: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction Fuzzy Hash: 51012D75E00208BBDF01AFA4CC82B9DBBB8EF04304F01886DF90696242E6759B50DB85
                                    Function 00919EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919F06
                                    • region16_extents.GETSCREEN-941605629-X86(?,?), ref: 00919F12
                                    • region16_n_rects.GETSCREEN-941605629-X86(?,?,?), ref: 00919F1D
                                    • region16_n_rects.GETSCREEN-941605629-X86(?), ref: 00919F7D
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_extentsregion16_n_rects
                                    • String ID:
                                    • API String ID: 2062899502-0
                                    • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction ID: dbe08a14cda45b775ec98a62ad6c8455fd5a905ad65117dd52a681ad563040f8
                                    • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction Fuzzy Hash: 98511B75A0012AABCB14DF99C8409EEF7F5FF58750B51816AE859E7350E334AD80CBA1
                                    Function 009C408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strncpy
                                    • String ID:
                                    • API String ID: 2961919466-0
                                    • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction ID: bad2d96f90b45955fde5ed5ba453edbc87561fded4697cd871ff5088a2b24138
                                    • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction Fuzzy Hash: 861184B9900606AFDB315E50D845B96F7FCEF14308F04492AF59943512F331A958C7E2
                                    Function 00338E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,00338C90,00338EC0,00000000), ref: 00338E6A
                                    • GetLastError.KERNEL32 ref: 00338E7F
                                    • TlsGetValue.KERNEL32 ref: 00338E8D
                                    • SetLastError.KERNEL32(00000000), ref: 00338E96
                                    • TlsAlloc.KERNEL32 ref: 00338EC3
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLastOnce$AllocExecuteInitValue
                                    • String ID:
                                    • API String ID: 2822033501-0
                                    • Opcode ID: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction ID: ea0a9fc2c0fbd6f6c58edc85f36a6f88222f7e74e071cabfac7dcefcb1587e26
                                    • Opcode Fuzzy Hash: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction Fuzzy Hash: 8201D6356553089FCB019FBCEC49A6ABBB8FB48720F010526F919D3261EF3099508F70
                                    Function 0031A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                    • API String ID: 4218353326-3992632484
                                    • Opcode ID: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction ID: 9e9e32d2ba7154ac36df14caad16b4458c06a26f8703b5684fe149ef803e3893
                                    • Opcode Fuzzy Hash: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction Fuzzy Hash: EB414872F4071A16EB256B648C41BFE7329BBD9345F154224FD44D6282FB709AC1C2D2
                                    Function 009C49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_print.GETSCREEN-941605629-X86(?,?,?), ref: 009C4A72
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_print
                                    • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                    • API String ID: 2744001552-3527835062
                                    • Opcode ID: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction ID: 9a314bc1ec2f7912368e018ee85ccfb2371be1dc6ab3fc0e32e31ad3c3c0b3ea
                                    • Opcode Fuzzy Hash: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction Fuzzy Hash: A311E9727C031637DB11AD159C46FAF3B5CBFA5B60F40040AFD14651C1E7A1DA4086BA
                                    Function 0093783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: audin$rdpsnd
                                    • API String ID: 0-930729200
                                    • Opcode ID: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction ID: b7a3f1dc2fcab78ba47db59b5b3a1515b3fcdcb596164e01ef37c23feb6db751
                                    • Opcode Fuzzy Hash: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction Fuzzy Hash: 7D116071A09A1AEBDB34CFB488807AAF3F8FB04B51F14422AE45893140DB306950CFD1
                                    Function 008F4029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008F403A
                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4060
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 008F4076
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreatePointer_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 4211031630-2916857029
                                    • Opcode ID: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction ID: 98862c76c4a64712265125e054efc63e465d9f901f3bcc1bcbd1d64a871dd7ad
                                    • Opcode Fuzzy Hash: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction Fuzzy Hash: EA01A235101110BBDB212B66DC4AEA77F2DEF86774F148215FA18990E2D732C862D7A0
                                    Function 009C4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?), ref: 009C4737
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 009C4748
                                    • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 009C473E
                                    • audio_format_print, xrefs: 009C4743
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string
                                    • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                    • API String ID: 2866491501-3564663344
                                    • Opcode ID: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction ID: 3007d91b9cf68b480e0fb73c8a8e5417e0eac60ccca317133ce62d0e6ea869b4
                                    • Opcode Fuzzy Hash: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction Fuzzy Hash: 00F03AB6140208BADB411F51DC02F76376EEB48B14F24848AFD1C8C1E2E677E9A2E764
                                    Function 008B2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?), ref: 008B2725
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 008B2745
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 008B2734
                                    • freerdp_abort_connect, xrefs: 008B2739
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                    • API String ID: 3690923134-629580617
                                    • Opcode ID: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction ID: 756444b15e491840d84b0c363f568dfae2d117cb027a613073a4807e0f6f807b
                                    • Opcode Fuzzy Hash: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction Fuzzy Hash: 2AE04835240215FAEA312D58DC02FD5B7A4FF11B90F140819B584F5291EE6169509589
                                    Function 009C632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C633F
                                    • primitives_flags.GETSCREEN-941605629-X86(00000000), ref: 009C6353
                                    • TpWaitForWork.NTDLL(00000000,00000000), ref: 009C64A9
                                    • TpReleaseWork.NTDLL(00000000), ref: 009C64B2
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                    • String ID:
                                    • API String ID: 704174238-0
                                    • Opcode ID: 19f2e8746672e2e7502b880dca3575608e01c1cd4cc6442b3b5da2e2d7279051
                                    • Instruction ID: 8423a48d097877b11e7fc9de70363f6e0533e6de2dee72fd32e86cbe86a1aecc
                                    • Opcode Fuzzy Hash: 19f2e8746672e2e7502b880dca3575608e01c1cd4cc6442b3b5da2e2d7279051
                                    • Instruction Fuzzy Hash: 4D6119B5A0060ADFCB08CF68D981A9EBBF5FF48310B14856AE819E7351D730E951CF91
                                    Function 0091C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_SetRgn.GETSCREEN-941605629-X86(?,?,?,?,00000000,00000001,?,?), ref: 0091C324
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_
                                    • String ID:
                                    • API String ID: 2273374161-0
                                    • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction ID: aee28cc5ccf41747b50cb6c0dbe8a0769ad2479a82f79652b34566ee92de18fe
                                    • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction Fuzzy Hash: 2831B9B1A00209EFCB10DF98C985AEEB7F9FF48310F14806AE915E7211D334E985CBA1
                                    Function 00945C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 00945C16
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C34
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C54
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C9A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Leave$Enter
                                    • String ID:
                                    • API String ID: 2978645861-0
                                    • Opcode ID: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction ID: 33f7aab79843fbd523cdf436352725df290e2e1145c0f03cdb31d95edb14749c
                                    • Opcode Fuzzy Hash: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction Fuzzy Hash: A521AC31210B05EFDB248F98C9C0B6AB7F8FB95322F124529F8C2A7252D770AD81DB50
                                    Function 0099B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 009AF42C: GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                      • Part of subcall function 009AF42C: SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                    • CloseHandle.KERNEL32(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B711
                                    • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B727
                                    • RtlExitUserThread.NTDLL(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B730
                                    • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0099B76E
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                    • String ID:
                                    • API String ID: 1062721995-0
                                    • Opcode ID: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction ID: 721a3f6bf69051d1b4c7b058edb06068184d1c69afd0f992557d910c6859ee9a
                                    • Opcode Fuzzy Hash: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction Fuzzy Hash: BB11B671501204BBCB209FA9EE09FAA7BECDFC1760F148225F915D76A1DB74DD41CAA0
                                    Function 00919BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,00000000), ref: 00919BDC
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919BEC
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919BF7
                                      • Part of subcall function 009197FD: rectangles_intersection.GETSCREEN-941605629-X86(?,?,?), ref: 0091980C
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919C1A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                    • String ID:
                                    • API String ID: 3854534691-0
                                    • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction ID: a26f26767f6e540c1cad97a559c1fd0923c0e64b511a609bb9cc78caf380a113
                                    • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction Fuzzy Hash: 9501C43331421DAAAB249A55D8A2AFB63DDDF81764F14401AF8DC96040EB35EEC1C1E4
                                    Function 00931F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_new.GETSCREEN-941605629-X86 ref: 00931F56
                                    • freerdp_context_new.GETSCREEN-941605629-X86(00000000,00000000,?,?), ref: 00931FA4
                                    • freerdp_register_addin_provider.GETSCREEN-941605629-X86(?,00000000), ref: 00931FC7
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                    • String ID:
                                    • API String ID: 3731710698-0
                                    • Opcode ID: cb325e3383218591cc3d0b958015ac2585c1ee6ca776069cf8c5ad3d8083c4cd
                                    • Instruction ID: e1eb2a65991abc23ab27902e0612d5ced3f5a1fe782962144a2dcb34c495ddef
                                    • Opcode Fuzzy Hash: cb325e3383218591cc3d0b958015ac2585c1ee6ca776069cf8c5ad3d8083c4cd
                                    • Instruction Fuzzy Hash: 7E119E31604B02ABC725AB6AD801B96BBA9FF94320F10441DF85887361EB71E850CBA1
                                    Function 009C621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID:
                                    • API String ID: 733272558-0
                                    • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction ID: 1fad9e371693e47671e7e192eddbc3f7d21cdb2b88d484cfe7c8ed96900ee513
                                    • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction Fuzzy Hash: EAE04F31401B147FCE727B64CD02F5BB7DABF527157040414F44696532C761AC51DBC2
                                    Function 008C6AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_free.GETSCREEN-941605629-X86(00000000), ref: 008C7326
                                      • Part of subcall function 008C7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 008C7FCC
                                      • Part of subcall function 008C7F9B: freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000680,?), ref: 008C7FFC
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(00000000,00000086,?), ref: 008C6D8C
                                    Strings
                                    • C:\Windows\System32\mstscax.dll, xrefs: 008C6F3F
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                    • String ID: C:\Windows\System32\mstscax.dll
                                    • API String ID: 2334115954-183970058
                                    • Opcode ID: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction ID: 1380eb10b847e7b4de4ba7b834a33637cf1b10ec1b657125f458d28021143da9
                                    • Opcode Fuzzy Hash: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction Fuzzy Hash: F3E1B4B1504B009EE324DF38D885B93BBE4FF08321F51992EE5AEC7391D7B1A5848B58
                                    Function 0091D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-3916222277
                                    • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction ID: 581fed10761d278462d32a89a313a8e68e4953deab1a57d2abe6b0c459b0052c
                                    • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction Fuzzy Hash: EB51A67310110EBBCF02DE94CD41EEB7BAEBF48344B064256FE1A95021E732E965DBA1
                                    Function 009468CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094697B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpin
                                    • String ID: %s: unknown handler type %u$WLog_Appender_New
                                    • API String ID: 2593887523-3466059274
                                    • Opcode ID: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction ID: 793ef64c232cf61c373ad968dabcfb13b4af3b2df36f2ebfdc1f3faccd852a0c
                                    • Opcode Fuzzy Hash: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction Fuzzy Hash: 33116FF310C2127696363A7C9C4AF7F5B6CEBC3F30B140819F405A6141DEB8D8016163
                                    Function 008B3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%s-client.%s$DeviceServiceEntry
                                    • API String ID: 0-2733899524
                                    • Opcode ID: 16f26d9e470ea2005d8d3c6982a744d05e371434606e3741977366cca302c4ee
                                    • Instruction ID: 44efaec087a37b613e87c21db29c7001be37172d707e2d3a7cafdf484c38c41f
                                    • Opcode Fuzzy Hash: 16f26d9e470ea2005d8d3c6982a744d05e371434606e3741977366cca302c4ee
                                    • Instruction Fuzzy Hash: FB113D72A00619ABAB119E9D8882AEF77BCFF94B50F14401AFD14D6342D771DE418B91
                                    Function 0093EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0093E987), ref: 0093EBF6
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0093E987), ref: 0093EC1A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILTER
                                    • API String ID: 1431749950-2006202657
                                    • Opcode ID: 9826f41ab7f88173ae4a6e12089ff08403d983b4a536c5574d370b9fd56858f3
                                    • Instruction ID: 3fec0e709d2c3bcfc6025df241d567c9e0c8bb6f7be00c33bffba8ca5f039c87
                                    • Opcode Fuzzy Hash: 9826f41ab7f88173ae4a6e12089ff08403d983b4a536c5574d370b9fd56858f3
                                    • Instruction Fuzzy Hash: 41F02B332152153B4A122765BC49E2F7FBDEAC57F8311002AF408C3150EE754C81CBE5
                                    Function 0093BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: .msrcIncident$.rdp
                                    • API String ID: 4218353326-1437571178
                                    • Opcode ID: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction ID: f07e7c7f1c68fbe5b57b3f94243d901e38104666f4676f69934f89d0ee7849ed
                                    • Opcode Fuzzy Hash: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction Fuzzy Hash: F5F04C72A1491A6B8D34A57DDC02E277788EA42374B241B2AF67AC31D0DF35DC108ED0
                                    Function 00944BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BCC
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BEC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WINPR_NATIVE_SSPI
                                    • API String ID: 1431749950-1020623567
                                    • Opcode ID: 95cf7400b15f35da6915a752897a6478e602c6c78384ee34f893bc138197bea2
                                    • Instruction ID: b882acdbe92ef9bd373d47b47473bc123626f93fc9e752451f07ca53644d108c
                                    • Opcode Fuzzy Hash: 95cf7400b15f35da6915a752897a6478e602c6c78384ee34f893bc138197bea2
                                    • Instruction Fuzzy Hash: 86F027376AA13226D93521687C45F6F4EA8DBC2F32B260519F405D3082C950488399E1
                                    Function 0090A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • rfx_context_new.GETSCREEN-941605629-X86(?), ref: 0090A2ED
                                      • Part of subcall function 008FE4DD: GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                      • Part of subcall function 008FE4DD: GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                      • Part of subcall function 008FE4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • progressive_context_free.GETSCREEN-941605629-X86(00000000), ref: 0090A36D
                                    Strings
                                    • com.freerdp.codec.progressive, xrefs: 0090A2CA
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                    • String ID: com.freerdp.codec.progressive
                                    • API String ID: 2699998398-3622116780
                                    • Opcode ID: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction ID: 6b1d29391764bc9a3df84ea5430f2b138f2f82a8e1090d3d8a057c610b73b72c
                                    • Opcode Fuzzy Hash: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction Fuzzy Hash: 2CF08932A05B022EE2247B799C02F5F7BDCEFC2B70F14442EF649A65C1EA70944187A6
                                    Function 008F1ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_get_key_for_name.GETSCREEN-941605629-X86(?), ref: 008F1EEF
                                    • freerdp_settings_get_type_for_key.GETSCREEN-941605629-X86(00000000), ref: 008F1F51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                    • String ID: TRUE
                                    • API String ID: 1888880752-3412697401
                                    • Opcode ID: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction ID: 56860d286779eccbdba50569e3e1004151d1605e965b2dc86ae87e97d2d470fe
                                    • Opcode Fuzzy Hash: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction Fuzzy Hash: F9E0E53230021CBB9E155ABEDC86DBB325CFB85BA1B014065F704E6141BB60E91045A0
                                    Function 008F1493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 5999650e91b3a1efb5c779c9d56166d187f27a66c063b99ce46156e53567bc29
                                    • Instruction ID: 22d6c54afc185ab337739a79b4da8272e632066f334204f5f48733732755bf45
                                    • Opcode Fuzzy Hash: 5999650e91b3a1efb5c779c9d56166d187f27a66c063b99ce46156e53567bc29
                                    • Instruction Fuzzy Hash: 34F0E2B240021ABBCF116FA4DC43EAB7A9DFF55394B060520FE0492212E736DD21C7E5
                                    Function 008F15BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 6e42d489a58ffda148a11e195ec058515265f8e7d8d538b0e1a505668e371e9b
                                    • Instruction ID: cd4d545b7d61e29f43a69f0f1e0d323813bc28cd40525783a99ae42c553bc90f
                                    • Opcode Fuzzy Hash: 6e42d489a58ffda148a11e195ec058515265f8e7d8d538b0e1a505668e371e9b
                                    • Instruction Fuzzy Hash: 8EF082B1400219BBDF116F658C87E9B7B5DFF55394B064520FD0492212E736DE21C7E0
                                    Function 0094717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,00947163), ref: 00947190
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,00947163), ref: 009471B1
                                      • Part of subcall function 00947310: LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                      • Part of subcall function 00947310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                    • String ID: WTSAPI_LIBRARY
                                    • API String ID: 3590464466-1122459656
                                    • Opcode ID: f7e56416aedcb550153e6e7f8f9ae2e686b7889392659290db278ba731e93b4b
                                    • Instruction ID: 1e339f983606ef080ca03f5e97ab75c097d9bc8f98914d957f7828117d48cd4b
                                    • Opcode Fuzzy Hash: f7e56416aedcb550153e6e7f8f9ae2e686b7889392659290db278ba731e93b4b
                                    • Instruction Fuzzy Hash: 60E09B3215E5263ED53127D8BC5AF5F9B5CDBC5B75F210519F401A70C49F60588181E6
                                    Function 00947310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                    • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitWtsApi
                                    • API String ID: 2574300362-3428673357
                                    • Opcode ID: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction ID: 70aeca8830329790fe53f48c1c03e0f15435140fe0fd5dcd134788a9b0524c82
                                    • Opcode Fuzzy Hash: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction Fuzzy Hash: E7D012316AC6096B9F10AFFABC05926BBDCA7406403044866A819D7150EF71C950E551
                                    Function 009AF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,0099B650,00AF0388,0000000C), ref: 009AF430
                                    • SetLastError.KERNEL32(00000000), ref: 009AF4D2
                                    • GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                    • SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                      • Part of subcall function 009AF066: HeapFree.KERNEL32(00000000,00000000,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF07C
                                      • Part of subcall function 009AF066: GetLastError.KERNEL32(?,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF087
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.4456977692.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000001.00000002.4456935472.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4456977692.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000001.00000002.4473808596.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLast$FreeHeap
                                    • String ID:
                                    • API String ID: 3197834085-0
                                    • Opcode ID: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction ID: 1eee97cffb49e4f63dd9129b61362a57dc34bac9da4a4a89ef630f573c7e5e9f
                                    • Opcode Fuzzy Hash: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction Fuzzy Hash: E241C435A4D2117FDA103BFCADAAFAB668C9F96374B100770F610971E1EF649D058290

                                    Execution Graph

                                    Execution Coverage:0.6%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:0%
                                    Total number of Nodes:196
                                    Total number of Limit Nodes:7
                                    execution_graph 13587 25629e0 13591 25629f8 13587->13591 13588 2562b03 LoadLibraryA 13588->13591 13590 2562b48 VirtualProtect VirtualProtect 13594 2562bc0 13590->13594 13591->13588 13591->13590 13592 2562b2c GetProcAddress 13591->13592 13592->13591 13593 2562b42 ExitProcess 13592->13593 13595 14db62b 13596 14db637 13595->13596 13597 14db63e GetLastError RtlExitUserThread 13596->13597 13598 14db64b 13596->13598 13597->13598 13601 14ef42c GetLastError 13598->13601 13600 14db650 13602 14ef442 13601->13602 13612 14ef44c SetLastError 13602->13612 13628 14ef717 13602->13628 13605 14ef4dc 13605->13600 13606 14ef479 13607 14ef4b9 13606->13607 13609 14ef481 13606->13609 13637 14ef25a 13607->13637 13608 14ef4e1 13616 14ef717 3 API calls 13608->13616 13617 14ef4fe 13608->13617 13633 14ef066 13609->13633 13612->13605 13612->13608 13614 14ef503 13614->13600 13615 14ef066 ___free_lconv_mon 2 API calls 13615->13612 13620 14ef522 13616->13620 13617->13614 13618 14ef57d GetLastError 13617->13618 13619 14ef593 13618->13619 13625 14ef622 SetLastError 13619->13625 13621 14ef55e 13620->13621 13622 14ef52a 13620->13622 13624 14ef25a 4 API calls 13621->13624 13623 14ef066 ___free_lconv_mon 2 API calls 13622->13623 13623->13617 13626 14ef569 13624->13626 13625->13600 13627 14ef066 ___free_lconv_mon 2 API calls 13626->13627 13627->13614 13632 14ef724 13628->13632 13629 14ef74f RtlAllocateHeap 13630 14ef762 13629->13630 13629->13632 13630->13606 13632->13629 13632->13630 13642 14ebfcd 13632->13642 13634 14ef071 HeapFree 13633->13634 13636 14ef093 ___free_lconv_mon 13633->13636 13635 14ef086 GetLastError 13634->13635 13634->13636 13635->13636 13636->13612 13656 14ef0ee 13637->13656 13645 14ebff9 13642->13645 13646 14ec005 13645->13646 13651 14df2a5 RtlEnterCriticalSection 13646->13651 13648 14ec010 13652 14ec047 13648->13652 13651->13648 13655 14df2ed RtlLeaveCriticalSection 13652->13655 13654 14ebfd8 13654->13632 13655->13654 13657 14ef0fa 13656->13657 13670 14df2a5 RtlEnterCriticalSection 13657->13670 13659 14ef104 13671 14ef134 13659->13671 13662 14ef200 13663 14ef20c 13662->13663 13675 14df2a5 RtlEnterCriticalSection 13663->13675 13665 14ef216 13676 14ef3e1 13665->13676 13667 14ef22e 13680 14ef24e 13667->13680 13670->13659 13674 14df2ed RtlLeaveCriticalSection 13671->13674 13673 14ef122 13673->13662 13674->13673 13675->13665 13677 14ef417 13676->13677 13678 14ef3f0 13676->13678 13677->13667 13678->13677 13683 14fbdf2 13678->13683 13797 14df2ed RtlLeaveCriticalSection 13680->13797 13682 14ef23c 13682->13615 13684 14fbe72 13683->13684 13690 14fbe08 13683->13690 13685 14fbec0 13684->13685 13687 14ef066 ___free_lconv_mon 2 API calls 13684->13687 13751 14fbf63 13685->13751 13689 14fbe94 13687->13689 13688 14fbe3b 13691 14fbe5d 13688->13691 13699 14ef066 ___free_lconv_mon 2 API calls 13688->13699 13692 14ef066 ___free_lconv_mon 2 API calls 13689->13692 13690->13684 13690->13688 13694 14ef066 ___free_lconv_mon 2 API calls 13690->13694 13693 14ef066 ___free_lconv_mon 2 API calls 13691->13693 13695 14fbea7 13692->13695 13696 14fbe67 13693->13696 13698 14fbe30 13694->13698 13700 14ef066 ___free_lconv_mon 2 API calls 13695->13700 13701 14ef066 ___free_lconv_mon 2 API calls 13696->13701 13697 14fbf2e 13702 14ef066 ___free_lconv_mon 2 API calls 13697->13702 13711 14fb237 13698->13711 13704 14fbe52 13699->13704 13705 14fbeb5 13700->13705 13701->13684 13706 14fbf34 13702->13706 13739 14fb696 13704->13739 13709 14ef066 ___free_lconv_mon 2 API calls 13705->13709 13706->13677 13707 14fbece 13707->13697 13710 14ef066 HeapFree GetLastError ___free_lconv_mon 13707->13710 13709->13685 13710->13707 13712 14fb248 13711->13712 13738 14fb331 13711->13738 13713 14fb259 13712->13713 13715 14ef066 ___free_lconv_mon 2 API calls 13712->13715 13714 14fb26b 13713->13714 13716 14ef066 ___free_lconv_mon 2 API calls 13713->13716 13717 14fb27d 13714->13717 13718 14ef066 ___free_lconv_mon 2 API calls 13714->13718 13715->13713 13716->13714 13719 14fb28f 13717->13719 13720 14ef066 ___free_lconv_mon 2 API calls 13717->13720 13718->13717 13721 14fb2a1 13719->13721 13723 14ef066 ___free_lconv_mon 2 API calls 13719->13723 13720->13719 13722 14fb2b3 13721->13722 13724 14ef066 ___free_lconv_mon 2 API calls 13721->13724 13725 14fb2c5 13722->13725 13726 14ef066 ___free_lconv_mon 2 API calls 13722->13726 13723->13721 13724->13722 13727 14fb2d7 13725->13727 13728 14ef066 ___free_lconv_mon 2 API calls 13725->13728 13726->13725 13729 14fb2e9 13727->13729 13731 14ef066 ___free_lconv_mon 2 API calls 13727->13731 13728->13727 13730 14fb2fb 13729->13730 13732 14ef066 ___free_lconv_mon 2 API calls 13729->13732 13733 14fb30d 13730->13733 13734 14ef066 ___free_lconv_mon 2 API calls 13730->13734 13731->13729 13732->13730 13735 14fb31f 13733->13735 13736 14ef066 ___free_lconv_mon 2 API calls 13733->13736 13734->13733 13737 14ef066 ___free_lconv_mon 2 API calls 13735->13737 13735->13738 13736->13735 13737->13738 13738->13688 13740 14fb6a3 13739->13740 13750 14fb6fb 13739->13750 13741 14fb6b3 13740->13741 13742 14ef066 ___free_lconv_mon 2 API calls 13740->13742 13743 14ef066 ___free_lconv_mon 2 API calls 13741->13743 13746 14fb6c5 13741->13746 13742->13741 13743->13746 13744 14ef066 ___free_lconv_mon 2 API calls 13745 14fb6d7 13744->13745 13747 14ef066 ___free_lconv_mon 2 API calls 13745->13747 13748 14fb6e9 13745->13748 13746->13744 13746->13745 13747->13748 13749 14ef066 ___free_lconv_mon 2 API calls 13748->13749 13748->13750 13749->13750 13750->13691 13752 14fbf8f 13751->13752 13753 14fbf70 13751->13753 13752->13707 13753->13752 13757 14fbbbd 13753->13757 13756 14ef066 ___free_lconv_mon 2 API calls 13756->13752 13758 14fbc9b 13757->13758 13759 14fbbce 13757->13759 13758->13756 13793 14fb91c 13759->13793 13762 14fb91c 2 API calls 13763 14fbbe1 13762->13763 13764 14fb91c 2 API calls 13763->13764 13765 14fbbec 13764->13765 13766 14fb91c 2 API calls 13765->13766 13767 14fbbf7 13766->13767 13768 14fb91c 2 API calls 13767->13768 13769 14fbc05 13768->13769 13770 14ef066 ___free_lconv_mon 2 API calls 13769->13770 13771 14fbc10 13770->13771 13772 14ef066 ___free_lconv_mon 2 API calls 13771->13772 13773 14fbc1b 13772->13773 13774 14ef066 ___free_lconv_mon 2 API calls 13773->13774 13775 14fbc26 13774->13775 13776 14fb91c 2 API calls 13775->13776 13777 14fbc34 13776->13777 13778 14fb91c 2 API calls 13777->13778 13779 14fbc42 13778->13779 13780 14fb91c 2 API calls 13779->13780 13781 14fbc53 13780->13781 13782 14fb91c 2 API calls 13781->13782 13783 14fbc61 13782->13783 13784 14fb91c 2 API calls 13783->13784 13785 14fbc6f 13784->13785 13786 14ef066 ___free_lconv_mon 2 API calls 13785->13786 13787 14fbc7a 13786->13787 13788 14ef066 ___free_lconv_mon 2 API calls 13787->13788 13789 14fbc85 13788->13789 13790 14ef066 ___free_lconv_mon 2 API calls 13789->13790 13791 14fbc90 13790->13791 13792 14ef066 ___free_lconv_mon 2 API calls 13791->13792 13792->13758 13796 14fb92e 13793->13796 13794 14fb93d 13794->13762 13795 14ef066 ___free_lconv_mon 2 API calls 13795->13796 13796->13794 13796->13795 13797->13682 13798 14db6e0 13802 14db6eb 13798->13802 13799 14db72d RtlExitUserThread 13800 14ef717 3 API calls 13799->13800 13801 14db748 13800->13801 13804 14ef066 ___free_lconv_mon 2 API calls 13801->13804 13802->13799 13803 14db717 13802->13803 13805 14db710 CloseHandle 13802->13805 13803->13799 13807 14db723 FreeLibraryAndExitThread 13803->13807 13806 14db755 13804->13806 13805->13803 13808 14db75c GetModuleHandleExW 13806->13808 13809 14db779 13806->13809 13807->13799 13808->13809 13812 14db6a9 13809->13812 13813 14db6d9 13812->13813 13814 14db6b5 13812->13814 13815 14db6bb CloseHandle 13814->13815 13816 14db6c4 13814->13816 13815->13816 13817 14db6ca FreeLibrary 13816->13817 13818 14db6d3 13816->13818 13817->13818 13819 14ef066 ___free_lconv_mon 2 API calls 13818->13819 13819->13813

                                    Executed Functions

                                    Function 025629E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 25629e0-25629f0 1 2562a02-2562a07 0->1 2 2562a09 1->2 3 2562a0b 2->3 4 25629f8-25629fd 2->4 6 2562a10-2562a12 3->6 5 25629fe-2562a00 4->5 5->1 5->2 7 2562a14-2562a19 6->7 8 2562a1b-2562a1f 6->8 7->8 9 2562a21 8->9 10 2562a2c-2562a2f 8->10 11 2562a23-2562a2a 9->11 12 2562a4b-2562a50 9->12 13 2562a31-2562a36 10->13 14 2562a38-2562a3a 10->14 11->10 11->12 15 2562a52-2562a5b 12->15 16 2562a63-2562a65 12->16 13->14 14->6 17 2562ad2-2562ad5 15->17 18 2562a5d-2562a61 15->18 19 2562a67-2562a6c 16->19 20 2562a6e 16->20 21 2562ada 17->21 18->20 19->20 22 2562a70-2562a73 20->22 23 2562a3c-2562a3e 20->23 24 2562adc-2562ade 21->24 25 2562a75-2562a7a 22->25 26 2562a7c 22->26 27 2562a47-2562a49 23->27 28 2562a40-2562a45 23->28 30 2562af7 24->30 31 2562ae0-2562ae3 24->31 25->26 26->23 32 2562a7e-2562a80 26->32 29 2562a9d-2562aac 27->29 28->27 33 2562aae-2562ab5 29->33 34 2562abc-2562ac9 29->34 36 2562afd-2562b01 30->36 31->24 35 2562ae5-2562af5 31->35 37 2562a82-2562a87 32->37 38 2562a89-2562a8d 32->38 33->33 39 2562ab7 33->39 34->34 40 2562acb-2562acd 34->40 35->21 41 2562b03-2562b19 LoadLibraryA 36->41 42 2562b48-2562b4b 36->42 37->38 38->32 43 2562a8f 38->43 39->5 40->5 45 2562b1a-2562b1f 41->45 44 2562b4e-2562b55 42->44 46 2562a91-2562a98 43->46 47 2562a9a 43->47 48 2562b57-2562b59 44->48 49 2562b79-2562bbd VirtualProtect * 2 44->49 45->36 50 2562b21-2562b23 45->50 46->32 46->47 47->29 51 2562b6c-2562b77 48->51 52 2562b5b-2562b6a 48->52 57 2562bc0-2562bc1 49->57 53 2562b25-2562b2b 50->53 54 2562b2c-2562b39 GetProcAddress 50->54 51->52 52->44 53->54 55 2562b42 ExitProcess 54->55 56 2562b3b-2562b40 54->56 56->45 58 2562bc5-2562bc9 57->58 58->58 59 2562bcb 58->59
                                    APIs
                                    • LoadLibraryA.KERNEL32(?), ref: 02562B13
                                    • GetProcAddress.KERNELBASE(?,0253CFF9), ref: 02562B31
                                    • ExitProcess.KERNEL32(?,0253CFF9), ref: 02562B42
                                    • VirtualProtect.KERNELBASE(00E10000,00001000,00000004,?,00000000), ref: 02562B90
                                    • VirtualProtect.KERNELBASE(00E10000,00001000), ref: 02562BA5
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                    • String ID:
                                    • API String ID: 1996367037-0
                                    • Opcode ID: 43292a993aa87410e8a3ec07eae7606e1686dd3d3673e410c5253a32eadaa490
                                    • Instruction ID: 6a04049a4f85fe9ead693ac1fac2ba1cb6c81d21b61336a4c310097d708f3fc1
                                    • Opcode Fuzzy Hash: 43292a993aa87410e8a3ec07eae7606e1686dd3d3673e410c5253a32eadaa490
                                    • Instruction Fuzzy Hash: D0510472A107125AE7308EB8CCC8774BB95FB41224F180B38DDE2DB3D6E7E558468768
                                    Function 014DB6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 014EF42C: GetLastError.KERNEL32(00000000,?,014D5FDD,014EF0E3,?,?,0147F77A,0000000C,?,?,?,?,013F27D2,?,?,?), ref: 014EF581
                                      • Part of subcall function 014EF42C: SetLastError.KERNEL32(00000000,00000006), ref: 014EF623
                                    • CloseHandle.KERNEL32(?,?,?,014DB817,?,?,014DB689,00000000), ref: 014DB711
                                    • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,014DB817,?,?,014DB689,00000000), ref: 014DB727
                                    • RtlExitUserThread.NTDLL(?,?,?,014DB817,?,?,014DB689,00000000), ref: 014DB730
                                    • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 014DB76E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                    • String ID:
                                    • API String ID: 1062721995-0
                                    • Opcode ID: e2d4e78a35847a6a24b05464680c5a3e14a44256aefd5d39bfc00a56d0647bf0
                                    • Instruction ID: 52744ece3c9aa124d4621616055e7e8e6548b4c4bd021b6bfe219a84b638ecf5
                                    • Opcode Fuzzy Hash: e2d4e78a35847a6a24b05464680c5a3e14a44256aefd5d39bfc00a56d0647bf0
                                    • Instruction Fuzzy Hash: AB1193B1501204ABDB219B6ADC18E5B7FE8DF91760F1B811AFA25D73A0DB70D905C7A0
                                    Function 014DB62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetLastError.KERNEL32(01630388,0000000C), ref: 014DB63E
                                    • RtlExitUserThread.NTDLL(00000000), ref: 014DB645
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ErrorExitLastThreadUser
                                    • String ID:
                                    • API String ID: 1750398979-0
                                    • Opcode ID: 47e41f39e71b7ee0a8d1e74dcdd9eff82a8d855ba5b6385cfe3f4470f60cfbf5
                                    • Instruction ID: cadfb292de260cb4192b3e8aa3c3ff5d7d2f8b53e33962ca1c24fa497ae4ef96
                                    • Opcode Fuzzy Hash: 47e41f39e71b7ee0a8d1e74dcdd9eff82a8d855ba5b6385cfe3f4470f60cfbf5
                                    • Instruction Fuzzy Hash: F8F02270A00206DFEF11AFB1C409E6E3B70EF61700F12004EF4129B2A0CB305944DBA1
                                    Function 014EF717 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 101 14ef717-14ef722 102 14ef724-14ef72e 101->102 103 14ef730-14ef736 101->103 102->103 104 14ef764-14ef76f call 14d5fd8 102->104 105 14ef74f-14ef760 RtlAllocateHeap 103->105 106 14ef738-14ef739 103->106 110 14ef771-14ef773 104->110 107 14ef73b-14ef742 call 14ee7a5 105->107 108 14ef762 105->108 106->105 107->104 114 14ef744-14ef74d call 14ebfcd 107->114 108->110 114->104 114->105
                                    APIs
                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 014EF758
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 27cc41c6160fd07a5a06a42070208b22c2a41599b24d6561b802557281dffd5c
                                    • Instruction ID: 9372abd8a200e6325be3a7263c0a5cf162efecfa0df78cac74e56cdf36a5dcb9
                                    • Opcode Fuzzy Hash: 27cc41c6160fd07a5a06a42070208b22c2a41599b24d6561b802557281dffd5c
                                    • Instruction Fuzzy Hash: 63F0E0315C162567AB216E2A590CB6B3BC49F51773B158417AD14EB1B4CB30D445C7D0

                                    Non-executed Functions

                                    Function 0147E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014842FB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                    • API String ID: 689400697-3301108232
                                    • Opcode ID: 50f3197ecdd211cba0c6e2d267f17463424cf93e514461b738840ab94ebfe43c
                                    • Instruction ID: 16657e5ad452ba1a5c622e866a1ed5eba70d1eb36e22cebb56fad9648c74fa14
                                    • Opcode Fuzzy Hash: 50f3197ecdd211cba0c6e2d267f17463424cf93e514461b738840ab94ebfe43c
                                    • Instruction Fuzzy Hash: 541108763803077BE6356A5BEC42F6F3E5CF7A5A20F04405AFA00AD1E0D971CA50D760
                                    Function 0147E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014843BE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                    • API String ID: 689400697-3976766517
                                    • Opcode ID: 0ab8e92fe17e05a8bc9d591b18224148a545db6fb6de362e21b048e87226d53a
                                    • Instruction ID: d8fb83c5069fa21f97b44d585c2c4439104b1e4c8a03509ef9f56c947b55e589
                                    • Opcode Fuzzy Hash: 0ab8e92fe17e05a8bc9d591b18224148a545db6fb6de362e21b048e87226d53a
                                    • Instruction Fuzzy Hash: 6511B6763802077AE6316E5FAC02F6B7E6CEBA1A21F04406AFA00AE1E0D9719910D760
                                    Function 01425E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_fingerprint.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01425E1C
                                      • Part of subcall function 0142576E: crypto_cert_fingerprint_by_hash.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,sha256), ref: 01425779
                                    • crypto_cert_issuer.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01425E30
                                    • crypto_cert_subject.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 01425E3A
                                    • certificate_data_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,00000000,00000000,00000000,?,?), ref: 01425E4A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                    • String ID:
                                    • API String ID: 1865246629-0
                                    • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction ID: 6981999e3ce3274421fd87cd60796bde5e4c19ed3c1ff47154f89a8bb0e3648d
                                    • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction Fuzzy Hash: 14E0DF35000219BF8F112F2ADC04CDF3EADEFE52E0B44812AFC089A230DA31CD91D6A0
                                    Function 01487449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 647 1487449-148745b LoadLibraryA 648 148745d 647->648 649 148745e-14878e4 GetProcAddress * 63 call 149001b 647->649
                                    APIs
                                    • LoadLibraryA.KERNEL32(wtsapi32.dll,01487168), ref: 0148744E
                                    • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0148746B
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0148747D
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0148748F
                                    • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 014874A1
                                    • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 014874B3
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 014874C5
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 014874D7
                                    • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 014874E9
                                    • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 014874FB
                                    • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0148750D
                                    • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0148751F
                                    • GetProcAddress.KERNEL32(WTSCloseServer), ref: 01487531
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 01487543
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 01487555
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 01487567
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 01487579
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0148758B
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0148759D
                                    • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 014875AF
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 014875C1
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 014875D3
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 014875E5
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 014875F7
                                    • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 01487609
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                    • API String ID: 2238633743-2998606599
                                    • Opcode ID: 3305680530a424058c1092945db57931bc3ba7aafc1c6bf44acd0998e329674d
                                    • Instruction ID: 1681729c2839fa93d553656ab2a21220ddaa27dba8d83b4ff316433892d3a374
                                    • Opcode Fuzzy Hash: 3305680530a424058c1092945db57931bc3ba7aafc1c6bf44acd0998e329674d
                                    • Instruction Fuzzy Hash: 29B139F6D45319AACF39AF76AC4A8463FA3F785676340C81AE8045A218D7F94090FFD1
                                    Function 014714E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 754 14714e3-14714fb 755 1471501-1471509 754->755 756 14716dd 754->756 755->756 758 147150f-1471523 freerdp_error_info 755->758 757 14716df-14716e3 756->757 759 14716e4-14716f0 758->759 760 1471529-147152f 758->760 761 14716f2-14716f9 call 147e717 759->761 762 14716fe-147170a call 147e9a3 759->762 760->756 763 1471535-147153c 760->763 761->762 774 1471710-1471736 call 147ed82 762->774 775 147158e-1471595 762->775 766 147154e-147155a call 147e9a3 763->766 767 147153e-1471549 call 147e717 763->767 776 147155c-1471586 freerdp_get_error_info_string call 147ed82 766->776 777 1471589 766->777 767->766 774->775 775->756 778 147159b-14715a3 775->778 776->777 777->775 781 14715a5-14715ad 778->781 782 14715b3-14715ba 778->782 781->756 781->782 785 14715bc-14715c3 call 147e717 782->785 786 14715c8-14715d4 call 147e9a3 782->786 785->786 791 14715d6-14715fd call 147ed82 786->791 792 1471600-1471609 freerdp_reconnect 786->792 791->792 794 147160f-147161c freerdp_get_last_error 792->794 795 147173b-147173e 792->795 797 147161e-1471625 794->797 798 147166b 794->798 795->757 800 1471627-147162e call 147e717 797->800 801 1471633-147163f call 147e9a3 797->801 799 147166d-1471671 798->799 802 1471673-147167a 799->802 803 147167c-1471688 Sleep 799->803 800->801 811 1471667 801->811 812 1471641-1471664 call 147ed82 801->812 802->756 802->803 803->799 806 147168a-147168e 803->806 806->778 810 1471694-147169b 806->810 813 147169d-14716a4 call 147e717 810->813 814 14716a9-14716b5 call 147e9a3 810->814 811->798 812->811 813->814 814->756 821 14716b7-14716da call 147ed82 814->821 821->756
                                    APIs
                                    • freerdp_error_info.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,014714DF,?,00000000), ref: 01471519
                                    • freerdp_get_error_info_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,?,?,?,?,?,?,014714DF,?,00000000), ref: 0147155D
                                    • freerdp_reconnect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,014714DF,?,00000000), ref: 01471601
                                    • freerdp_get_last_error.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,014714DF,?,00000000), ref: 01471611
                                    • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,014714DF,?,00000000), ref: 0147167E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                    • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                    • API String ID: 968149013-2963753137
                                    • Opcode ID: 7585f52e9c4b0f4f736ae3e30be8b5e7fb3dbb48b850d562a1782a1b0cf6343c
                                    • Instruction ID: 3b21c04d60fe78a1d9617a1405012704880098543cbc4b13d236ee5016d44afb
                                    • Opcode Fuzzy Hash: 7585f52e9c4b0f4f736ae3e30be8b5e7fb3dbb48b850d562a1782a1b0cf6343c
                                    • Instruction Fuzzy Hash: 1A51EC717403027BEF256E6AEC86FEB6BA8AB20F21F14415FF604FE1D1EA74C6814654
                                    Function 0143A89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • gdi_get_pixel_format.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,0143A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0143A8B3
                                    • gdi_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,0143A899,?,?,00000000,00000000,Function_006DAA7A), ref: 0143AA40
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: gdi_freegdi_get_pixel_format
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                    • API String ID: 1251975138-534786182
                                    • Opcode ID: 35a3652800ab34cd1038f06e985ca2bd91c57dc363f75bc469fbe504ca2433d9
                                    • Instruction ID: 3d5752e74b82cb6f2aa66625c086144f61b8da7b524c04681bd0258e990cfdd3
                                    • Opcode Fuzzy Hash: 35a3652800ab34cd1038f06e985ca2bd91c57dc363f75bc469fbe504ca2433d9
                                    • Instruction Fuzzy Hash: 2C4193712407036FDB15BF76DC41B9A7BA5BFA8210F24842FE598DB2B1EF31A8518B50
                                    Function 01476C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 880 1476c86-1476ca5 call 14e35f0 883 1476ca7-1476caa 880->883 884 1476cdf-1476cef call 14e35f0 880->884 886 1476d43 883->886 887 1476cb0-1476cc5 883->887 892 1476cf5-1476cfa 884->892 893 1476da3-1476db3 call 14e35f0 884->893 891 1476d45-1476d49 886->891 889 1476cc7 887->889 890 1476cca-1476cdd call 147706d 887->890 889->890 890->891 892->886 895 1476cfc-1476d0b 892->895 902 1476e3d-1476e4d call 14e35f0 893->902 903 1476db9-1476dbe 893->903 898 1477066-1477068 895->898 899 1476d11-1476d20 call 14d5feb 895->899 898->891 899->886 907 1476d22-1476d3a call 14d5ff6 899->907 912 1476e53-1476e58 902->912 913 1476faf-1476fbf call 14e35f0 902->913 903->886 905 1476dc0-1476de0 call 14d5feb 903->905 905->886 915 1476de6-1476def 905->915 918 1476d3c-1476d3d call 14d5f15 907->918 919 1476d4a-1476d4d 907->919 912->886 916 1476e5e-1476e7e call 14d5feb 912->916 913->886 930 1476fc5-1476fca 913->930 920 1476df1-1476dfc call 14e3680 915->920 921 1476e19-1476e26 freerdp_device_collection_add 915->921 916->886 937 1476e84-1476e89 916->937 935 1476d42 918->935 924 1476d73 919->924 925 1476d4f-1476d60 call 14d5ff6 919->925 942 1476e16 920->942 943 1476dfe-1476e0f call 14d5ff6 920->943 921->898 926 1476e2c-1476e32 call 14d5f15 921->926 934 1476d75-1476d82 freerdp_device_collection_add 924->934 925->934 948 1476d62-1476d6a call 14d5f15 925->948 940 1476e37-1476e38 926->940 930->886 931 1476fd0-1476ff0 call 14d5feb 930->931 931->886 955 1476ff6-1476fff 931->955 934->898 941 1476d88-1476da1 call 14d5f15 * 3 934->941 935->886 944 1476f5f-1476f62 937->944 945 1476e8f-1476ea5 call 14d5ff6 937->945 949 1476d6b-1476d71 call 14d5f15 940->949 941->886 942->921 943->921 960 1476e11 943->960 946 1476f65-1476f78 freerdp_device_collection_add 944->946 945->918 961 1476eab-1476eae 945->961 946->898 954 1476f7e-1476faa call 14d5f15 * 5 946->954 948->949 949->935 954->886 963 1477001-1477017 call 14d5ff6 955->963 964 147703d-147704d freerdp_device_collection_add 955->964 960->918 961->944 968 1476eb4-1476eca call 14d5ff6 961->968 963->918 982 147701d-1477020 963->982 964->898 971 147704f-1477061 call 14d5f15 * 2 964->971 984 1476ede-1476ee1 968->984 985 1476ecc-1476ed9 call 14d5f15 968->985 971->898 982->964 987 1477022-1477033 call 14d5ff6 982->987 984->944 991 1476ee3-1476ef9 call 14d5ff6 984->991 985->940 987->964 999 1477035 987->999 1001 1476efb-1476f12 call 14d5f15 * 2 991->1001 1002 1476f18-1476f1b 991->1002 999->964 1001->1002 1002->946 1003 1476f1d-1476f2e call 14d5ff6 1002->1003 1003->946 1011 1476f30-1476f5a call 14d5f15 * 4 1003->1011 1011->886
                                    APIs
                                    • freerdp_device_collection_add.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 01476D79
                                    • _strlen.LIBCMT ref: 01476DF4
                                    • freerdp_device_collection_add.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000), ref: 01476E1D
                                    • freerdp_device_collection_add.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000), ref: 01476F6F
                                    • freerdp_device_collection_add.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000), ref: 01477044
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_device_collection_add$_strlen
                                    • String ID: drive$parallel$printer$serial$smartcard
                                    • API String ID: 2230162058-807955808
                                    • Opcode ID: a837e9a1c2df24168c8a6aaaff97f8f74430399ee12573f4dd7ca585d8a59128
                                    • Instruction ID: 66e0f001eaf1b892aa3c65abcab741b6394e743547a9ec573a1a0718966b1289
                                    • Opcode Fuzzy Hash: a837e9a1c2df24168c8a6aaaff97f8f74430399ee12573f4dd7ca585d8a59128
                                    • Instruction Fuzzy Hash: 1FB1B2715046039BEF15AF1AC86099E7BB2FF24254B1580AFEC089F272EF71D9528F90
                                    Function 01400E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1020 1400e1f-1400e32 1021 1400e82-1400e8f call 1401585 1020->1021 1022 1400e34-1400e3b 1020->1022 1029 1400e91-1400e98 1021->1029 1030 1400ee4-1400f8c call 14d29c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1021->1030 1024 1400e4d-1400e59 call 147e9a3 1022->1024 1025 1400e3d-1400e48 call 147e717 1022->1025 1035 1400fdf-1400fe2 1024->1035 1036 1400e5f-1400e7d 1024->1036 1025->1024 1033 1400eaa-1400eb6 call 147e9a3 1029->1033 1034 1400e9a-1400ea5 call 147e717 1029->1034 1048 1400ede 1030->1048 1050 1400f92-1400f99 1030->1050 1047 1400eb8-1400edb call 147ed82 1033->1047 1033->1048 1034->1033 1041 1400ee0-1400ee3 1035->1041 1042 1400fd7-1400fdc call 147ed82 1036->1042 1042->1035 1047->1048 1048->1041 1052 1400fab-1400fb7 call 147e9a3 1050->1052 1053 1400f9b-1400fa6 call 147e717 1050->1053 1052->1035 1059 1400fb9-1400fd1 1052->1059 1053->1052 1059->1042
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 01400F64
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 01400F79
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                    • API String ID: 3168844106-1571615648
                                    • Opcode ID: a4bfe732087eef001262da01f03c36387e14e229019f48bc8d46b6244c549405
                                    • Instruction ID: 4ab6c6dcefc572f985a53402d23625b7dd780968014fab8d747b0598304da92c
                                    • Opcode Fuzzy Hash: a4bfe732087eef001262da01f03c36387e14e229019f48bc8d46b6244c549405
                                    • Instruction Fuzzy Hash: D741D471A44306ABDB25EF6ADC81BDA77E4FB18764F00402EF614FB2D0D770A9418B94
                                    Function 01406AF2 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 449COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1103 1406af2-1406b18 call 14d5feb 1106 1406b1e-1406cdf call 14d5feb 1103->1106 1107 140732f-140733c call 14cfc8d 1103->1107 1112 1407325-140732e freerdp_settings_free 1106->1112 1113 1406ce5-1406d0e call 14d5feb 1106->1113 1112->1107 1113->1112 1116 1406d14-1406d37 call 14d5feb 1113->1116 1116->1112 1119 1406d3d-1406d46 call 1407f9b 1116->1119 1119->1112 1122 1406d4c-1406d60 call 14d5feb 1119->1122 1122->1112 1125 1406d66-1406d7a call 14d5feb 1122->1125 1125->1112 1128 1406d80-1406d96 freerdp_settings_set_string 1125->1128 1128->1112 1129 1406d9c-1406e06 call 14d5feb 1128->1129 1129->1112 1132 1406e0c-1406e9a call 14d5feb 1129->1132 1132->1112 1135 1406ea0-1406eb2 call 14d5feb 1132->1135 1135->1112 1138 1406eb8-1406fea call 14d5ff6 1135->1138 1138->1112 1141 1406ff0-14070ce call 14d5feb 1138->1141 1141->1112 1144 14070d4-14070e6 call 14d5feb 1141->1144 1144->1112 1147 14070ec-1407101 call 14d5feb 1144->1147 1147->1112 1150 1407107-1407124 call 14d5feb 1147->1150 1150->1112 1153 140712a-1407147 call 14d5feb 1150->1153 1153->1112 1156 140714d-140716a call 14d5feb 1153->1156 1156->1112 1159 1407170-1407181 freerdp_settings_set_bool 1156->1159 1159->1112 1160 1407187-1407199 freerdp_settings_set_uint32 1159->1160 1160->1112 1161 140719f-14071b1 freerdp_settings_set_uint32 1160->1161 1161->1112 1162 14071b7-14071c9 freerdp_settings_set_uint32 1161->1162 1162->1112 1163 14071cf-14071e4 freerdp_settings_set_uint32 1162->1163 1163->1112 1164 14071ea-14071ff freerdp_settings_set_uint32 1163->1164 1164->1112 1165 1407205-14072b6 call 1408011 1164->1165 1165->1112
                                    APIs
                                    • freerdp_settings_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 01407326
                                      • Part of subcall function 01407F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 01407FCC
                                      • Part of subcall function 01407F9B: freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000680,?), ref: 01407FFC
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000086,?), ref: 01406D8C
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00001446,00000001), ref: 01407177
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00001447,00000003), ref: 0140718F
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00001448,00000005), ref: 014071A7
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00001449,00000002), ref: 014071BF
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,0000144A,00002328), ref: 014071DA
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,0000144D,00003A98), ref: 014071F5
                                    Strings
                                    • C:\Windows\System32\mstscax.dll, xrefs: 01406F3F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_uint32$freerdp_settings_set_string$ComputerNamefreerdp_settings_freefreerdp_settings_set_bool
                                    • String ID: C:\Windows\System32\mstscax.dll
                                    • API String ID: 2536960967-183970058
                                    • Opcode ID: a8969124d5124f9fe79e9e0fbd96431f56f8b09698c4f7b42c3e4d8e814a6d73
                                    • Instruction ID: 733c271aae7bc2b8582a5d6603a803a0bad298e615ec7fc0778b20f2af424146
                                    • Opcode Fuzzy Hash: a8969124d5124f9fe79e9e0fbd96431f56f8b09698c4f7b42c3e4d8e814a6d73
                                    • Instruction Fuzzy Hash: 19120CB1504B019EE325DF39D895B93BBE4FF18311F50492EE6AE8B390DBB1A540CB49
                                    Function 014342E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 014342FA
                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 01434320
                                    • GetFileSize.KERNEL32(00000000,?), ref: 0143433A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: File$CreateSize_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 2645226956-2916857029
                                    • Opcode ID: 9b835ed8c997ef4474389d8af43f1952cb9754e92d7578612936858427ff5d1a
                                    • Instruction ID: 0783a89ccaa1972d5d661b69985a2062449afdafbca3c0c2347c0b8180e5e98c
                                    • Opcode Fuzzy Hash: 9b835ed8c997ef4474389d8af43f1952cb9754e92d7578612936858427ff5d1a
                                    • Instruction Fuzzy Hash: 145153B1D00215AEEF119FB5DC449FF77BCEF59620F14416BF911EA2A0EB7099009764
                                    Function 01400C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 01400D92
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 01400DB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                    • API String ID: 3168844106-4217659166
                                    • Opcode ID: b13dd4f13aa60267f9c45a69553307a16cc506802e245602f3002318c08b66a1
                                    • Instruction ID: 839292faab171872c9dac646d24cc5db5c4230de6fd9ddd9ca91862cbf79ec4a
                                    • Opcode Fuzzy Hash: b13dd4f13aa60267f9c45a69553307a16cc506802e245602f3002318c08b66a1
                                    • Instruction Fuzzy Hash: AC51C271A40306ABDB25DF6AEC85F9A77A4EB54760F10402EF604FB2A1D770A900CB68
                                    Function 01505E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • YUV buffer not initialized! check your decoder settings, xrefs: 01505F1A
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 01505F24
                                    • avc444_ensure_buffer, xrefs: 01505F1F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                    • API String ID: 733272558-18228272
                                    • Opcode ID: eea21d82c8bcd7d3f6753bd657dc1fdc8cb7e6fe693c2cbed75e2a9665ce75e0
                                    • Instruction ID: 80a1b73ebc4593f2f5db15f592577367759cc6e1281b771190377b41fbc9b47b
                                    • Opcode Fuzzy Hash: eea21d82c8bcd7d3f6753bd657dc1fdc8cb7e6fe693c2cbed75e2a9665ce75e0
                                    • Instruction Fuzzy Hash: 6C41C871610306AFDB219F6ACC81A5ABBE5FF20214F14483EF6868F670E675E951CF40
                                    Function 01503B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000400,00000001), ref: 01503B87
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000401,00000000), ref: 01503BB7
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000404,?), ref: 01503BDB
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000402,00000000), ref: 01503BFA
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000014,?), ref: 01503C12
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000006C1,?), ref: 01503C2B
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000403,?), ref: 01503C44
                                    • freerdp_settings_set_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000015,00000000), ref: 01503C60
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000013,?), ref: 01503C82
                                    • freerdp_target_net_addresses_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01503C93
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                    • String ID:
                                    • API String ID: 949014189-0
                                    • Opcode ID: 6cef6dd10707ff90aaa457e2c58685527288738f0f1d639d76a365eb69d9ad72
                                    • Instruction ID: 12cb12a561993610c5288319fea4b2bc53102fca3d6caaaa08ab8fd420ceecd7
                                    • Opcode Fuzzy Hash: 6cef6dd10707ff90aaa457e2c58685527288738f0f1d639d76a365eb69d9ad72
                                    • Instruction Fuzzy Hash: B941B072600A06BFF7625FB9CC44F9A7BA4BF25394F040029EB059A5E0E772F060CB94
                                    Function 014B1612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 01485CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,014B1701,00000001), ref: 01485CF9
                                    • zgfx_context_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 014B1874
                                      • Part of subcall function 0150693A: zgfx_context_reset.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000,00000000,?,014B1879,00000000), ref: 01506964
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                    • API String ID: 3732774510-3243565116
                                    • Opcode ID: eac6c502a2c8daa2611212d37677da74ce5959bef950f53a12c887bd83ebdb17
                                    • Instruction ID: a6aef80ca0f136a1ad7154e765fb5470da6927fd1a85d55acccea44c2899b6e3
                                    • Opcode Fuzzy Hash: eac6c502a2c8daa2611212d37677da74ce5959bef950f53a12c887bd83ebdb17
                                    • Instruction Fuzzy Hash: C971F9756847036BE3249B2AAC91F9677E4FF25B24F10052FF605AF6A1EF70A401CB94
                                    Function 0143E4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 01486B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,0143E59B,00000001,00006060,00000010), ref: 01486B3E
                                    • GetVersionExA.KERNEL32(?), ref: 0143E5CD
                                    • GetNativeSystemInfo.KERNEL32(?), ref: 0143E5E7
                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0143E612
                                    • primitives_get.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE ref: 0143E6DC
                                    • CreateThreadpool.KERNEL32(00000000), ref: 0143E6E2
                                    Strings
                                    • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 0143E605
                                    • com.freerdp.codec.rfx, xrefs: 0143E530
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                    • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                    • API String ID: 3882483829-2530424157
                                    • Opcode ID: bbd85093fae2d6fed3be5f62db49374f327b41c4dce6ac1622e558cd7b24bf4b
                                    • Instruction ID: 65a593da1ddaad5dc30ec680db9baa40ced18f8c87be91a2b77a2e7e3182a579
                                    • Opcode Fuzzy Hash: bbd85093fae2d6fed3be5f62db49374f327b41c4dce6ac1622e558cd7b24bf4b
                                    • Instruction Fuzzy Hash: EB41C3B1A00706AFEB24AF75D884B9ABBF8FF58604F10446FE509AA261DB30D8448F51
                                    Function 0147E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0147E8B2
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0147E8D6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                    • API String ID: 1431749950-225596728
                                    • Opcode ID: b03f9430dbe17043f1e40b0d222ba97aebb097a2625115bf30ef257bbb00c4c6
                                    • Instruction ID: 6b91aebc9525c1701a26dc172b881f971908c284fc399576e94ffe4668ed0c36
                                    • Opcode Fuzzy Hash: b03f9430dbe17043f1e40b0d222ba97aebb097a2625115bf30ef257bbb00c4c6
                                    • Instruction Fuzzy Hash: 492128B324435779BA74736BAC5AEBB0B58DB72934710066FF005BD1E0EEB0940243B1
                                    Function 013F3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 014048D9
                                    • freerdp_set_last_error_ex.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 0140498F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_set_last_error_ex
                                    • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                    • API String ID: 270715978-29603548
                                    • Opcode ID: 39718af54b986c535ace3c5bc375064cbb9afc8cb76cff5500119ecf413f8839
                                    • Instruction ID: db77d0d0aac1aa3f643b42f8881b8bc6797b776b62ac79d8b53e139d724aa82a
                                    • Opcode Fuzzy Hash: 39718af54b986c535ace3c5bc375064cbb9afc8cb76cff5500119ecf413f8839
                                    • Instruction Fuzzy Hash: DA21CC72A40301B6D7116EAEDC41FDB7B68BB55B14F04417BFB087E2D1EAB05640CAB5
                                    Function 015058B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,?,?,01505425,?,?,?,?,00000000,?), ref: 015058FA
                                    • audio_format_get_tag_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000001,00000000,?,?,01505425,?,?,?,?,00000000,?), ref: 01505902
                                    • audio_format_compatible.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(01505425,?,?,?,?,01505425,?,?,?,?,00000000,?), ref: 0150594D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string$audio_format_compatible
                                    • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                    • API String ID: 204136587-155179076
                                    • Opcode ID: 7e83096b5cea2835feb0d250b23e14173f7e1ce0e1e18f8371a2b5c7618806ea
                                    • Instruction ID: b266973ffd6f94295f62bc4f51e8acd44266b91514b0c638a8987dea6c10ad74
                                    • Opcode Fuzzy Hash: 7e83096b5cea2835feb0d250b23e14173f7e1ce0e1e18f8371a2b5c7618806ea
                                    • Instruction Fuzzy Hash: 5C210AA53543026AE7226ABDEC42F7B339CAB65634F14041FF705EE1C4FAA19840C6A8
                                    Function 01484B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(secur32.dll,?,01484AEC), ref: 01484B18
                                    • LoadLibraryA.KERNEL32(security.dll,?,01484AEC), ref: 01484B28
                                    • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 01484B42
                                    • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 01484B51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                    • API String ID: 2574300362-4081094439
                                    • Opcode ID: 2977ed3f1f9feb64e1efde8018ed1744139220ec31ac07c883e4ca0c4c2785db
                                    • Instruction ID: eadf027a461267c9dd8ca60a67d4bfbca5fc27e03c3ea16531b3ee05c15796d4
                                    • Opcode Fuzzy Hash: 2977ed3f1f9feb64e1efde8018ed1744139220ec31ac07c883e4ca0c4c2785db
                                    • Instruction Fuzzy Hash: 65F0AEB7D50327578736BBBEBC00A5BBEE8BA88A643064167D800D7308F770C4014F91
                                    Function 014D2270 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163COMMON
                                    Download Yara Rule
                                    APIs
                                    • _ValidateLocalCookies.LIBCMT ref: 014D22A7
                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 014D22AF
                                    • _ValidateLocalCookies.LIBCMT ref: 014D2338
                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 014D2363
                                    • _ValidateLocalCookies.LIBCMT ref: 014D23B8
                                    • RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,00000001), ref: 014D242E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CookiesLocalValidate$CurrentExceptionImageNonwritableRaise___except_validate_context_record
                                    • String ID: csm
                                    • API String ID: 1472526817-1018135373
                                    • Opcode ID: cbb8e7c0bb221bd9c413234667ca5cd25bf0cb31e288fd6c42c7ac644f70773a
                                    • Instruction ID: e1f60fc40d3f1755d144409e700eaa2aec92f9450ed733f37fc80faab0982947
                                    • Opcode Fuzzy Hash: cbb8e7c0bb221bd9c413234667ca5cd25bf0cb31e288fd6c42c7ac644f70773a
                                    • Instruction Fuzzy Hash: A651A334A00209ABCF11DF6DC890E9EBFB5BF45314F14816AED19AB361DB71EA05CB91
                                    Function 0141501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_read_universal_tag.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000002,00000000), ref: 0141502A
                                    • ber_read_length.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 0141503F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ber_read_lengthber_read_universal_tag
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                    • API String ID: 3186670568-2454464461
                                    • Opcode ID: a84a689e5a187532997d6fcdc70961637ca4f8c68e0fa9a313e0a4ebc6af63aa
                                    • Instruction ID: 8fe77f3930125782dbe95cf36b08803212be19d907d3cfc02982aa516e06a979
                                    • Opcode Fuzzy Hash: a84a689e5a187532997d6fcdc70961637ca4f8c68e0fa9a313e0a4ebc6af63aa
                                    • Instruction Fuzzy Hash: 86413CB1B043025FDB218E29CC81BEA3BE5ABE3621F04856FE5959E39DE634D501CB60
                                    Function 01459C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 01459C6E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: region16_rects
                                    • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                    • API String ID: 844131241-2640574824
                                    • Opcode ID: 04c81ae90f4e8bf0bac3b18c6e92a1ea64eb6af5a2411493f50fec3f049717ce
                                    • Instruction ID: a3155377e656dff6cec5901ab50dcbbfa20b11b3fc3a8ef04bbd165b625aa9d8
                                    • Opcode Fuzzy Hash: 04c81ae90f4e8bf0bac3b18c6e92a1ea64eb6af5a2411493f50fec3f049717ce
                                    • Instruction Fuzzy Hash: 673197B278030279F7345B9AEC43FA62699E724F25F20011FFD04A91D1FAB5AA418760
                                    Function 013F2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013F2C14
                                    • clearChannelError.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 013F2C1B
                                      • Part of subcall function 013F26E1: ResetEvent.KERNEL32(?), ref: 013F270A
                                      • Part of subcall function 01408142: ResetEvent.KERNEL32(?,?,013F2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 0140814E
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013F2BFC
                                    • freerdp, xrefs: 013F3062
                                    • freerdp_connect, xrefs: 013F2C01
                                    • ConnectionResult, xrefs: 013F3077
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                    • API String ID: 3632380314-3564821047
                                    • Opcode ID: 29919caa20490e7fa5df0ea2ea2603a1b62cc5f803241818f57c16912b5fa1fd
                                    • Instruction ID: 15df3ee17430fa8834b5b14bb2ccc2cfd9a70b1fc3a22f1fa347d60008acf1f8
                                    • Opcode Fuzzy Hash: 29919caa20490e7fa5df0ea2ea2603a1b62cc5f803241818f57c16912b5fa1fd
                                    • Instruction Fuzzy Hash: FF318F71A00606AFEB14DF7AD884BAABBE4BF18354F10006EEA05DB2A1DB71D954CB50
                                    Function 014153FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_write_universal_tag.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000002,00000000), ref: 01415415
                                    • ber_write_length.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000001,?,00000002,00000000), ref: 0141541D
                                    • ber_write_universal_tag.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000002,00000000), ref: 01415440
                                    • ber_write_length.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000002,?,00000002,00000000), ref: 01415448
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ber_write_lengthber_write_universal_tag
                                    • String ID:
                                    • API String ID: 1889070510-0
                                    • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction ID: 43851a396bcda07b8be62f141dcb9e3ec284a02a8ddff2e7df690d006e1b12b3
                                    • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction Fuzzy Hash: 5521F834241740AFDB225B05CD41BEA77A5EF72B01F04846EF98F5F6A6C231AE01CBA1
                                    Function 0141CB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CB79
                                    • brush_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CB86
                                    • pointer_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CB94
                                    • bitmap_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CBA2
                                    • offscreen_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CBB0
                                    • palette_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CBBE
                                    • nine_grid_cache_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CBCC
                                    • cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 0141CBDE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                    • String ID:
                                    • API String ID: 2332728789-0
                                    • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction ID: d6c7143e88a0af9eaa5ddc9da31b6b299f8a0e6c1813f8280e9605f48555b305
                                    • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction Fuzzy Hash: E2018836188B075AF3256A7BBC90D3B6BE8EF62570710443FD544DAAA4EF30D0019671
                                    Function 0143EFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_init.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0143F58A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: region16_init
                                    • String ID:
                                    • API String ID: 4140821900-0
                                    • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction ID: 77c979ba5f9c0191593a960d270cba38183b41ec182d877861772760b0e4a75c
                                    • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction Fuzzy Hash: A6516D72D0021AABDF18DFA9C8809EEBBF9FF58304F04412AF919E7250E7359945CB60
                                    Function 0143AA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CreateCompatibleDC.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000,?,?,?,0143A9C7,00000000,?,?,?,?,?,?,?,?,0143A899), ref: 0143AAE7
                                    • gdi_CreateCompatibleBitmap.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,00000000,?,?,?,0143A9C7,00000000,?,?,?,?), ref: 0143AB0E
                                    • gdi_CreateBitmapEx.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,00000000,?,?,?,0143A9C7,00000000,?,?,?,?), ref: 0143AB2A
                                    • gdi_SelectObject.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 0143AB60
                                    • gdi_CreateRectRgn.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000,00000000,00000000), ref: 0143ABA5
                                    • gdi_DeleteObject.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0143AC39
                                    • gdi_DeleteDC.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0143AC48
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                    • String ID:
                                    • API String ID: 412453062-0
                                    • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction ID: d230d50b971060d6df7e6be5a1a225b7a1332c8673857597153d0ef932bfb5ac
                                    • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction Fuzzy Hash: 3C5118752007059FD725DF29C884E96BBE1FF6C310B1545AEE9CA8BB62E771E8418F40
                                    Function 0148EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,01486939,?,?,?,?,01486A0A,?), ref: 0148EABD
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,01486939,?,?,?,?,01486A0A,?,?,00000000), ref: 0148EAE7
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,01486939,?,?,?,?,01486A0A,?,?,00000000), ref: 0148EB14
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,01486939,?,?,?,?,01486A0A,?,?,00000000), ref: 0148EB37
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                    • API String ID: 1431749950-2760771567
                                    • Opcode ID: 45bb76ab8f3598f39568f61ba0c2dbb4298912a00e83e169e8906660d2e3d121
                                    • Instruction ID: 14545867cba2417d1256815fbeb66da284cd675b77c8a6019ed3c35fff2753c0
                                    • Opcode Fuzzy Hash: 45bb76ab8f3598f39568f61ba0c2dbb4298912a00e83e169e8906660d2e3d121
                                    • Instruction Fuzzy Hash: 3731E871D04712BF9B29BFAA9859C5F7FB8FF51664310001FE505BB620DB70981587B0
                                    Function 00E78EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(016B1278,00E78C90,00E78EC0,00000000), ref: 00E78F0A
                                    • GetLastError.KERNEL32 ref: 00E78F38
                                    • TlsGetValue.KERNEL32 ref: 00E78F46
                                    • SetLastError.KERNEL32(00000000), ref: 00E78F4F
                                    • RtlAcquireSRWLockExclusive.NTDLL(016B1284), ref: 00E78F61
                                    • RtlReleaseSRWLockExclusive.NTDLL(016B1284), ref: 00E78F73
                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,00E5B080), ref: 00E78FB5
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                    • String ID:
                                    • API String ID: 389898287-0
                                    • Opcode ID: 539833b8494cdc79eb4b1849e2734442f173c4ffbe11eebc0418e2a4cbfd9069
                                    • Instruction ID: 5214210131bebe906b7ace0f3adce361d44116c49218930188d0afa42baf9a59
                                    • Opcode Fuzzy Hash: 539833b8494cdc79eb4b1849e2734442f173c4ffbe11eebc0418e2a4cbfd9069
                                    • Instruction Fuzzy Hash: AD212570740209AFDB256FA4EC5CBAE3765FF25701F01A025F819EA240DB709C94CBA1
                                    Function 0148F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0148F673
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01486921,?,?,?,?,01486A0A,?,?,00000000,?,0147E976,00000000), ref: 0148F68A
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,01486921,?,?,?,?,01486A0A,?,?,00000000,?,0147E976,00000000), ref: 0148F6AB
                                    • closesocket.WS2_32(?), ref: 0148F6E6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$closesocketsocket
                                    • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                    • API String ID: 65193492-3368084233
                                    • Opcode ID: 86352407305e6c7ae516d2122f641db04b93a692a79d3d194e3d4b983693868d
                                    • Instruction ID: 24f9b4d91f52f5ee7c43023e84720ab7ad5ad4b9868329d369cced3a8bb63b7d
                                    • Opcode Fuzzy Hash: 86352407305e6c7ae516d2122f641db04b93a692a79d3d194e3d4b983693868d
                                    • Instruction Fuzzy Hash: 4621C271544702AFE7347B769818A1F7BE0EF50718F20061FE646AE6B0EBB1A40A8750
                                    Function 0149001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(winsta.dll,?,014878D9,01737120), ref: 01490023
                                    • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0149003C
                                    • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 01490052
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                    • API String ID: 2238633743-2382846951
                                    • Opcode ID: 3ddc1f827a05b67b20f0a5c621f721295997f63e85b0d7146a35d080097c09dc
                                    • Instruction ID: d8911513acbdad175b994a6187baad0745a1b4c336522d1f588454c41497d72a
                                    • Opcode Fuzzy Hash: 3ddc1f827a05b67b20f0a5c621f721295997f63e85b0d7146a35d080097c09dc
                                    • Instruction Fuzzy Hash: 500108B49013458FDF189FB1A80DA663FE8BB04264F5684BBF44DCF226DB3180489F54
                                    Function 0141CB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0141CB1E
                                    • brush_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 0141CB26
                                    • pointer_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?), ref: 0141CB2E
                                    • bitmap_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?), ref: 0141CB36
                                    • offscreen_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?), ref: 0141CB3E
                                    • palette_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?), ref: 0141CB46
                                    • nine_grid_cache_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?), ref: 0141CB4E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                    • String ID:
                                    • API String ID: 637575458-0
                                    • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction ID: ecefbce4124ea198f13bdbc2e3f7ecf8f7ba4d11741c52ef6266224283b1979b
                                    • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction Fuzzy Hash: 6DE06D30001A12ABCA323F63DC41C4ABBB6EF30650300492FE58A25574CB32AC60AE80
                                    Function 0145DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CRgnToRect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0145E040
                                    • gdi_RgnToRect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?), ref: 0145E04F
                                    • gdi_CRgnToRect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0145E062
                                    • gdi_RgnToRect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?), ref: 0145E0A3
                                    • gdi_CRgnToRect.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,?,?,?), ref: 0145E0C8
                                    • gdi_RectToCRgn.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0145E147
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-0
                                    • Opcode ID: e0a4262a71ef59db716afe1b2f19ba255796b25e99ad26aa7aca4172d196b63b
                                    • Instruction ID: 357242d5c4572ea88f0b5cbce63d0f3e15475eae6233bd57371e99c79cdd2cec
                                    • Opcode Fuzzy Hash: e0a4262a71ef59db716afe1b2f19ba255796b25e99ad26aa7aca4172d196b63b
                                    • Instruction Fuzzy Hash: 3051C4B6E01219EFCF54CF99C8808EEFBB9FF58710B14401AE915B7261D771AA41CBA0
                                    Function 01431D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_uint32.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C0,?), ref: 01431DA2
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C8,00000001), ref: 01431DCC
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C8,00000000), ref: 01431DE8
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C9,00000000), ref: 01431DFC
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C8,00000000), ref: 01431E19
                                    • freerdp_settings_set_bool.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,000007C9,00000000), ref: 01431E2D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                    • String ID:
                                    • API String ID: 4272850885-0
                                    • Opcode ID: fad6795779e0600882673a89c48fb156f3d83e8e8ab2019e83a44d2ff3258703
                                    • Instruction ID: 91d4897ec7936cd9e41ef587db531a27e3c49790233912396993027f332837f2
                                    • Opcode Fuzzy Hash: fad6795779e0600882673a89c48fb156f3d83e8e8ab2019e83a44d2ff3258703
                                    • Instruction Fuzzy Hash: 9311A962F4521375F56020695C83F6F265C4FFAD65F04042BFF1CA62E4E976B10244B6
                                    Function 01458AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 01458C2B
                                    Strings
                                    • freerdp_image_copy_from_icon_data, xrefs: 01458DBA
                                    • com.freerdp.color, xrefs: 01458D98
                                    • 1bpp and 4bpp icons are not supported, xrefs: 01458DB5
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 01458DBF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                    • API String ID: 1523062921-332027372
                                    • Opcode ID: 2d2783207c402dc81265b37485db7ec69206263ea0f6c862562455614e3c0602
                                    • Instruction ID: a5eb14ca2ab5701b06b1c492e55af16e80b4471f390d2641a696c2877c720712
                                    • Opcode Fuzzy Hash: 2d2783207c402dc81265b37485db7ec69206263ea0f6c862562455614e3c0602
                                    • Instruction Fuzzy Hash: 9151DFB260011EAEDF549F1ACC41BFA7BE9EF54210F04816EFE14A6251D7709A85CF64
                                    Function 01478423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: kbd-lang-list$kbd-list$monitor-list
                                    • API String ID: 0-1393584692
                                    • Opcode ID: 3f77aa0a16b1e7106690082da929adaf14e4973c8c68f0a79037185f47cf70ea
                                    • Instruction ID: 1929cbb4c8c79c18a25799dad58622434963bf4bbc34cd19e291fbe06b24c346
                                    • Opcode Fuzzy Hash: 3f77aa0a16b1e7106690082da929adaf14e4973c8c68f0a79037185f47cf70ea
                                    • Instruction Fuzzy Hash: AE31877290121AABDB20EB69DD59DCFB7A8EB14710F0405ABFD18A71A1D670DA40CBE1
                                    Function 01449962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    • interleaved_compress, xrefs: 01449AF5
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 01449AFA
                                    • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 01449AF0
                                    • com.freerdp.codec, xrefs: 01449AD0
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                    • API String ID: 0-4054760794
                                    • Opcode ID: d004f2a7d88e107a9a65814aba6f4c3d6dc68e7426b1ec63ab9f239a427c21f5
                                    • Instruction ID: 570d4ad41ed72320ad78f95f30ca9429c2246682bff9825483974b1049994397
                                    • Opcode Fuzzy Hash: d004f2a7d88e107a9a65814aba6f4c3d6dc68e7426b1ec63ab9f239a427c21f5
                                    • Instruction Fuzzy Hash: B6219D72200246BFFF259E5ADC46FAB3B58EB19699F04411EFA046A270E671EC50EB50
                                    Function 0147E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483DA3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                    • API String ID: 689400697-1744466472
                                    • Opcode ID: de168c6f0476eeaf5dc0dba81cb03b07b7eabbc7c7e6ee91d8519e5b5b8aa56c
                                    • Instruction ID: 4c373e5dc97fa28b177b81264b5747b14a8e6256848ecb303bc2bf17da32734f
                                    • Opcode Fuzzy Hash: de168c6f0476eeaf5dc0dba81cb03b07b7eabbc7c7e6ee91d8519e5b5b8aa56c
                                    • Instruction Fuzzy Hash: 1E219372240206BBDF226E5AEC02EAF7F69FB59B21F044059FA04691F0DA72D961D760
                                    Function 0147E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                    • API String ID: 689400697-743139187
                                    • Opcode ID: 9d1e1546f902ac799509556b95efa220ae6718b9da277a7513f3658c98cc6d6b
                                    • Instruction ID: 89152393ddad46c520176c72bda2f13aefea22007e805a2cb1fa261995dc489f
                                    • Opcode Fuzzy Hash: 9d1e1546f902ac799509556b95efa220ae6718b9da277a7513f3658c98cc6d6b
                                    • Instruction Fuzzy Hash: 0921DB732402067BDF266F5ADC02E9F3F69FB64B61F044099FA046D1B0DA72D561D760
                                    Function 014011D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 014011FA
                                    • getChannelError.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01401248
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelDetached$freerdp
                                    • API String ID: 3987305115-436519898
                                    • Opcode ID: ac518fbc7347d4f8e1358e8cd19b9e20d7d2c78f9e4b8b82d463148eeeebaa1c
                                    • Instruction ID: 43516fc86ba1874da9037d16b11b484a3978d2d2cfe0fe380c656b59ff7541c7
                                    • Opcode Fuzzy Hash: ac518fbc7347d4f8e1358e8cd19b9e20d7d2c78f9e4b8b82d463148eeeebaa1c
                                    • Instruction Fuzzy Hash: D9212171A00209AFDB15DF99C884F9EBBF5BF18744F10446AE944E7251D770AA50DFA0
                                    Function 01400B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 01400B64
                                    • getChannelError.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01400BB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelAttached$freerdp
                                    • API String ID: 3987305115-2646891115
                                    • Opcode ID: a4593aaca9dd6037952dbc3ccc57b23d0ce3ada7a66c6d1f25f880008cc3d643
                                    • Instruction ID: f87c44ffadd719bb16273c7c745398297eea8b6a369e7de6bc91d0855cf1483d
                                    • Opcode Fuzzy Hash: a4593aaca9dd6037952dbc3ccc57b23d0ce3ada7a66c6d1f25f880008cc3d643
                                    • Instruction Fuzzy Hash: 45212171A00209EFDF15DF99C884FAEBBF5BF48344F10456AE944A7261D770AA50DFA0
                                    Function 0147E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148384E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                    • API String ID: 689400697-2008077614
                                    • Opcode ID: a5876cf4a14d47fb09daf80a208a9e4f8b0b5cce4bb4db58a40027b4facdad56
                                    • Instruction ID: b0ad380e5574b7025681e28d1fc59e2fc48dd1c3e36cd02b8473b1d025eecd76
                                    • Opcode Fuzzy Hash: a5876cf4a14d47fb09daf80a208a9e4f8b0b5cce4bb4db58a40027b4facdad56
                                    • Instruction Fuzzy Hash: 1C1184762402067BEF256E5BAC06EAB7F69FB65F20F00405AFA00691A0D672C961D7A0
                                    Function 0147E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014832F9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                    • API String ID: 689400697-1172745827
                                    • Opcode ID: 6c92e12e80308200eb9380a37c6e99866e7f156e1783e4214022e0ca05e61d50
                                    • Instruction ID: b1f74a9e9f073c17975ca6143263ab4362b48aa54efcce8d3b983e4534ecc8f4
                                    • Opcode Fuzzy Hash: 6c92e12e80308200eb9380a37c6e99866e7f156e1783e4214022e0ca05e61d50
                                    • Instruction Fuzzy Hash: 7711B7762402067BEB352E5B9C06E9F7F69FB95B20F00409AFA04691A0DA72D560D760
                                    Function 0147E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483227
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                    • API String ID: 689400697-2657764935
                                    • Opcode ID: 721fbbff861b596db261a64504e65a4ff65e190112532ec23e405188544ab2ec
                                    • Instruction ID: bbd71cc9b810d9e101a84ae9734727d918c9ffe5fcbb0c0a48cd0c598e55bed9
                                    • Opcode Fuzzy Hash: 721fbbff861b596db261a64504e65a4ff65e190112532ec23e405188544ab2ec
                                    • Instruction Fuzzy Hash: 8911B7722402067BDF352F5BEC06EAF7F69FB64B24F004099FE04691A0D572C960D760
                                    Function 0147E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014833CB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                    • API String ID: 689400697-3640258815
                                    • Opcode ID: b09cbdd4c146478d3b8a51e4faa30fc8430c37266287ba57aa0cadbd4237820e
                                    • Instruction ID: db7a494f42384c6dc3d696b4f308be0bebddd9cc18b1cd33cc3ce6ca9dc503d1
                                    • Opcode Fuzzy Hash: b09cbdd4c146478d3b8a51e4faa30fc8430c37266287ba57aa0cadbd4237820e
                                    • Instruction Fuzzy Hash: AF11AB763802067AEA352A5FEC06F6F7E58FBA1E21F00405EFA00AE1E0D971C551D770
                                    Function 0147E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148360B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                    • API String ID: 689400697-848437295
                                    • Opcode ID: 1278b6eb2df96570e49808964b689d472fa6f9681ddc1f2a78048e2d14a1f503
                                    • Instruction ID: e7dc3063d48398ad7b65288d9634686958f1d51227e7a60bca19f0b149df9536
                                    • Opcode Fuzzy Hash: 1278b6eb2df96570e49808964b689d472fa6f9681ddc1f2a78048e2d14a1f503
                                    • Instruction Fuzzy Hash: D911CB753402027AEA356A5FEC07F6F7B5CF761A24F00015AFA047D1E0DA71C950D764
                                    Function 0147E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483548
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                    • API String ID: 689400697-3257054040
                                    • Opcode ID: 969858b93507d3382de72f2286cd85cd7459cf2a1055e09aaabf90247e9757a3
                                    • Instruction ID: 1a68c3a920be9104737ce6b6eb4781ba061f6b0e305db64440ae6bbd5080ab07
                                    • Opcode Fuzzy Hash: 969858b93507d3382de72f2286cd85cd7459cf2a1055e09aaabf90247e9757a3
                                    • Instruction Fuzzy Hash: A011AB763402067AE6352E5BAC06F5B7E5CF761E60F00409EFA00AE1E0DA71D950D770
                                    Function 0147E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148417E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                    • API String ID: 689400697-1164902870
                                    • Opcode ID: 4997d4339563cdf64d50d941f78725c8c36ab248081d6ba9199abe1bc5aa39ce
                                    • Instruction ID: c061d7095502df6b2fb73067f83ef77c3f32539a2cade12a0d5886fe3ebf0cb8
                                    • Opcode Fuzzy Hash: 4997d4339563cdf64d50d941f78725c8c36ab248081d6ba9199abe1bc5aa39ce
                                    • Instruction Fuzzy Hash: FB11EB763443037BE6316A5BAC06F5B7E6CE7A1A61F04409EFA00AD1E0D971DA50D770
                                    Function 0147E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014840BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                    • API String ID: 689400697-247170817
                                    • Opcode ID: 3216ab41540848135b529247e0cef89730eb7d56cad5965b5077338eed4de3e3
                                    • Instruction ID: 4e3601cc3390fd52e6f3d0a0276f4ed4f8e759184d94e9874198cae12109ebe2
                                    • Opcode Fuzzy Hash: 3216ab41540848135b529247e0cef89730eb7d56cad5965b5077338eed4de3e3
                                    • Instruction Fuzzy Hash: B511E7B63802077AEA317A5BEC06F6B7E6CEBA1B21F04405EFA00AD1E0D971C950D770
                                    Function 0147E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01484544
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                    • API String ID: 689400697-1495805676
                                    • Opcode ID: fc2e2e855ceaffaa671ef15979f13cf551817b9b23e0ab4e58bc86b921756942
                                    • Instruction ID: b187387422c3382135bb8cf801fb7e7ba45c5689509d0563a645d8acfb5b2cd3
                                    • Opcode Fuzzy Hash: fc2e2e855ceaffaa671ef15979f13cf551817b9b23e0ab4e58bc86b921756942
                                    • Instruction Fuzzy Hash: 8311EBB63802077AEA316A5BAC06F5F7F58E761B20F04405EFB00AD5E0D971C951D774
                                    Function 0147E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01484481
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                    • API String ID: 689400697-3834539683
                                    • Opcode ID: 80e999fcee2278f8699a3a884698c5836ddfd18911021d0f4c63b32a6693c496
                                    • Instruction ID: c00cfd17ff18ad3da156996b11cc4232bca09e25e6fd6ecffcd485a269ebf892
                                    • Opcode Fuzzy Hash: 80e999fcee2278f8699a3a884698c5836ddfd18911021d0f4c63b32a6693c496
                                    • Instruction Fuzzy Hash: B511EBB63402077AE6312A5FAD02F5F7F58E791B21F04405AFA00AD5E1D9B1CA50D770
                                    Function 01451A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • ncrush_context_reset.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000), ref: 01451B36
                                    Strings
                                    • ncrush_context_new, xrefs: 01451B14
                                    • ncrush_context_new: failed to initialize tables, xrefs: 01451B0F
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 01451B19
                                    • com.freerdp.codec, xrefs: 01451AF1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ncrush_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                    • API String ID: 2838332675-904927664
                                    • Opcode ID: 73eceef60ebf6be7c5ef17e0eb4c9e2d8fb270a2a2bbf5e7ba15193cba29e010
                                    • Instruction ID: 1f0032eed5a4fff379602b1598a65c67af3376cbfe56022af8677e9c3ae946f8
                                    • Opcode Fuzzy Hash: 73eceef60ebf6be7c5ef17e0eb4c9e2d8fb270a2a2bbf5e7ba15193cba29e010
                                    • Instruction Fuzzy Hash: 5811E9B22007033AE714AF57DC41F977768EB60B54F00411FF5185A695EBB1995187A1
                                    Function 0147E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483F3E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                    • API String ID: 689400697-3211427146
                                    • Opcode ID: 4359e0193b0a61bf80ad60b0eac42481c7e647b7b5c4bb63245a9bffed26ab35
                                    • Instruction ID: 12b5377eeb05dc7a820c8eb1754124e6c380ddda635d68294139ca449ebe5250
                                    • Opcode Fuzzy Hash: 4359e0193b0a61bf80ad60b0eac42481c7e647b7b5c4bb63245a9bffed26ab35
                                    • Instruction Fuzzy Hash: B51198753442027AE6353A5BEC02E6B7E6DF7A5A21F00409EFA40AE1E0D9B1C550D7A0
                                    Function 0147E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483E7E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                    • API String ID: 689400697-2578917824
                                    • Opcode ID: 547f12cfbb370de4b3d87ede5970d069e88b8aedf38b3fda14285a4cbc479037
                                    • Instruction ID: 89d5de8b42de528f7cbc6468c9fa01efd752926ff033a024572f8aaa71a29a4e
                                    • Opcode Fuzzy Hash: 547f12cfbb370de4b3d87ede5970d069e88b8aedf38b3fda14285a4cbc479037
                                    • Instruction Fuzzy Hash: 7311A7B63842027BEA356A5BEC02E6F7A6CF7A5E31F00415EFA04AD1E0D972C551D7A0
                                    Function 0147E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148378E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                    • API String ID: 689400697-3754301720
                                    • Opcode ID: 60871431bb35e26cb52907742a8e966cb3a80e72eabbca36ff8006bf7d4ed82b
                                    • Instruction ID: 8680a11d93e8bab379dae30a8068ec98c246dc18d361b70ec5570aa0b430dbd3
                                    • Opcode Fuzzy Hash: 60871431bb35e26cb52907742a8e966cb3a80e72eabbca36ff8006bf7d4ed82b
                                    • Instruction Fuzzy Hash: 2D11C4B63803027AEA313A5BEC06E6B7A9CF7A1E61F00405AFE10AD1E0D971C950D760
                                    Function 0147E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014836CE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                    • API String ID: 689400697-3413647607
                                    • Opcode ID: bbbe980218e4d928118a401235b56f7e88243c4ddcabd75f41950388c4e7d76d
                                    • Instruction ID: 2d58e05f8f2511fa30496a561dfe8697b8e2816e455acd3242cb260e16183212
                                    • Opcode Fuzzy Hash: bbbe980218e4d928118a401235b56f7e88243c4ddcabd75f41950388c4e7d76d
                                    • Instruction Fuzzy Hash: 2B11A7B63803427AEA353A5FEC46E6B7A5CFBA1E21F00405EFA00AD1E0DA71C951D760
                                    Function 0145954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 014595B5
                                    Strings
                                    • com.freerdp.color, xrefs: 014595C8
                                    • freerdp_image_scale, xrefs: 014595EB
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 014595F0
                                    • SmartScaling requested but compiled without libcairo support!, xrefs: 014595E6
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                    • API String ID: 1523062921-212429655
                                    • Opcode ID: b3aa595445d9040a0db564caa541627fed6ba5eb44b97ce69b2f7d7defbe1173
                                    • Instruction ID: 610cf7c495b88b2c0cce14228d98ba378f88b068a880bb0f6f52c8df884178b0
                                    • Opcode Fuzzy Hash: b3aa595445d9040a0db564caa541627fed6ba5eb44b97ce69b2f7d7defbe1173
                                    • Instruction Fuzzy Hash: 7B21C07224020EBBDF199E55CC02FAA3BA5EB54B08F14810AFD045A261E371EA21DF40
                                    Function 0147E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01482FF0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                    • API String ID: 689400697-1149382491
                                    • Opcode ID: 57f9387189758fa291e1a2eada64f281db0f2c316e75edcf9e44cca7aed99886
                                    • Instruction ID: 5e527fab2ce84f29ad6c426ed4c6d7a870cb885aee73c38742763b524a7f5db0
                                    • Opcode Fuzzy Hash: 57f9387189758fa291e1a2eada64f281db0f2c316e75edcf9e44cca7aed99886
                                    • Instruction Fuzzy Hash: 5E11A7B53442027AE6352A2BAC06E6F7F5CFBA2F65F00409AFA04AD1E0D971C951D760
                                    Function 0147E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01482F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                    • API String ID: 689400697-255015424
                                    • Opcode ID: 0613963b6d8d2eac64562f6653a7eec467246b81ecf09f6dba27acf47e5e644e
                                    • Instruction ID: 0f3fa905f158267336f838da0985e1c513d8dde21dd717fde3177ad26aa3ac2c
                                    • Opcode Fuzzy Hash: 0613963b6d8d2eac64562f6653a7eec467246b81ecf09f6dba27acf47e5e644e
                                    • Instruction Fuzzy Hash: D611E7B53843023AE635265BAC16E5B7E5CE7A5A20F00405AFB04AD1E0D9B1C940E360
                                    Function 0147E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483920
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                    • API String ID: 689400697-2845897268
                                    • Opcode ID: 31acfa5e97003a4d5aa9e495fd7fab2696ef8e16c278560b3715427db43ef49f
                                    • Instruction ID: f1117e620401dd2a721e3e883c21ba4fe26a1f82ce611cf942d36526fb20ff06
                                    • Opcode Fuzzy Hash: 31acfa5e97003a4d5aa9e495fd7fab2696ef8e16c278560b3715427db43ef49f
                                    • Instruction Fuzzy Hash: F711CAB53802027AE6353A1FAC06F6B7E5CF7A1F60F00405EF900AE1E0D971C951D7A0
                                    Function 0147E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014839DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                    • API String ID: 689400697-1972714555
                                    • Opcode ID: 68a56b7002a940b0f0f46231ac8c129e9d34fb8df15d738bbcdb09010c8988ea
                                    • Instruction ID: a11d503f751acaf4ac96f355f75f2923e14d81a524a03a01a121f4f1b9fdd405
                                    • Opcode Fuzzy Hash: 68a56b7002a940b0f0f46231ac8c129e9d34fb8df15d738bbcdb09010c8988ea
                                    • Instruction Fuzzy Hash: 39118D753802027AE5356A5FAC06E6BBE5DF7A1E60F00419EF600AE1E0D971C551D760
                                    Function 0147E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483FFE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                    • API String ID: 689400697-2156878011
                                    • Opcode ID: aa5b570e7b4cf51545bc408ff9158218b5c0dc8c5779fe7e04990142347cc20f
                                    • Instruction ID: 8453be39e00fcc162af1a7576c3606bb0c47f26a966b07e35616c29ff713d783
                                    • Opcode Fuzzy Hash: aa5b570e7b4cf51545bc408ff9158218b5c0dc8c5779fe7e04990142347cc20f
                                    • Instruction Fuzzy Hash: 4B11CAB53803077AE635365BAC06F6B7E5CE7A1B24F04405EFA04AE1E1D9A1C551C3B0
                                    Function 0147E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148316A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                    • API String ID: 689400697-3351603741
                                    • Opcode ID: bb2ca9a58cfae4ca16f39e417a82194bcc9e226f343fc233ee667619a1d7031a
                                    • Instruction ID: ca4f54aefd0c97c2013fb27092d0113fe113ca37c3924ca000f1b985dee34206
                                    • Opcode Fuzzy Hash: bb2ca9a58cfae4ca16f39e417a82194bcc9e226f343fc233ee667619a1d7031a
                                    • Instruction Fuzzy Hash: 8311CA753842033AE6353B5BAC06E6F7E6CF7A5F20F00409AFA10AD1E1DA71D951C760
                                    Function 0147E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 014830AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                    • API String ID: 689400697-2261828479
                                    • Opcode ID: abd232a8b8fd2432e80aed812907498ac4f6b419690dd35ad7cea2a5be8af4f2
                                    • Instruction ID: 08b1309661dd0b59a6f1eb06247fe4179ceed08a00c916f84b38e7452f3e5294
                                    • Opcode Fuzzy Hash: abd232a8b8fd2432e80aed812907498ac4f6b419690dd35ad7cea2a5be8af4f2
                                    • Instruction Fuzzy Hash: 8D11CAB53843027AE6352A1BAC07E6B7E6CF7A5E24F00409ABA14AE1E1D9A1C951C370
                                    Function 0147E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483A9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                    • API String ID: 689400697-4185332897
                                    • Opcode ID: 0e2f9c3ba75c1017561d4bc8f1ac2c46ca1942d94bfe4fd6fbd3c702be6c12fc
                                    • Instruction ID: 1522681fa8ccbdf11f7cf3f4ef257514310a5b4de0988cfa9d7c44c2c5d1d4d4
                                    • Opcode Fuzzy Hash: 0e2f9c3ba75c1017561d4bc8f1ac2c46ca1942d94bfe4fd6fbd3c702be6c12fc
                                    • Instruction Fuzzy Hash: E611E9B53803027AE6356A1FAC07F6B7A5CF7A1E21F00005EFA04AE1E0D9A1D901C7B0
                                    Function 0147E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 0148348E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                    • API String ID: 689400697-3116451197
                                    • Opcode ID: 49c0ee1c3da5c932a2c9779519cf1cf3a2efb84e44bcc4fed08ce9d51712f7e3
                                    • Instruction ID: 94652c86f29058b9911ccde44e0deef6fdf1c4b8d024ccbf6f7155b534da2e56
                                    • Opcode Fuzzy Hash: 49c0ee1c3da5c932a2c9779519cf1cf3a2efb84e44bcc4fed08ce9d51712f7e3
                                    • Instruction Fuzzy Hash: DD11AC753443027AE5357A2FAC07F5B7A5CF7A1E60F0440AEFA00AE1E0D961D951C774
                                    Function 0147E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483B54
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                    • API String ID: 689400697-1791514552
                                    • Opcode ID: 6d959a8dd5fcfc5da3b6a4c324e5eaa3e1fb9de55eabf12886ac143e3bc6e3f0
                                    • Instruction ID: d938d703a79987d78449688f6e8578afc0ce3b6901e89cdebd1a81092e501ca8
                                    • Opcode Fuzzy Hash: 6d959a8dd5fcfc5da3b6a4c324e5eaa3e1fb9de55eabf12886ac143e3bc6e3f0
                                    • Instruction Fuzzy Hash: 1B11ACB53842027AE5352A5FAC07E6B7E5CF7A1F61F0040DEFA00AE1E1D961CA51D7B4
                                    Function 0147E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01483C0E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                    • API String ID: 689400697-4242683877
                                    • Opcode ID: ccbbee5d90031ebe6eb12245f0c53b3bd2a8a519a4feb8de35515498f1bdabe7
                                    • Instruction ID: a6dae4c6b1718c0f26c57b0da235de5db14c1b1b1165d1d277ff939e2b3af7aa
                                    • Opcode Fuzzy Hash: ccbbee5d90031ebe6eb12245f0c53b3bd2a8a519a4feb8de35515498f1bdabe7
                                    • Instruction Fuzzy Hash: E3118AB63402027AE5353A1FAD46F5B7E5CF7A1E60F00409EF904AE1E1D9A1CA51D360
                                    Function 0147E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(017370C8,01484AA1,00000000,00000000), ref: 01484241
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                    • API String ID: 689400697-954186549
                                    • Opcode ID: cf0466bbbf1f2da269fe89aea51813260d5e1f666064c03fe0295decf26f5194
                                    • Instruction ID: 2c8ca4972ecb9b76f0187cd2f2526fedb2bea1a9ab8e43624bd4e32ee4578cf5
                                    • Opcode Fuzzy Hash: cf0466bbbf1f2da269fe89aea51813260d5e1f666064c03fe0295decf26f5194
                                    • Instruction Fuzzy Hash: BB11C6B53842033AE635675FBC07F6B7E5CE7A1A61F04009AFA00AE1E1D9A1CA50C764
                                    Function 015065C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE ref: 015065CB
                                    Strings
                                    • yuv_process_work_callback, xrefs: 0150662E
                                    • com.freerdp.codec, xrefs: 0150660B
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 01506633
                                    • error when decoding lines, xrefs: 01506629
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: primitives_get
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                    • API String ID: 2017034601-2620645302
                                    • Opcode ID: 7ab7fb370c1dbc0454cd695d3413f8f32e470494c09be53b24ab3e602d057284
                                    • Instruction ID: 8a07e3093f5cf040fff39a288f7344eda53c5679f5dc9ee2802b522c7dd33b40
                                    • Opcode Fuzzy Hash: 7ab7fb370c1dbc0454cd695d3413f8f32e470494c09be53b24ab3e602d057284
                                    • Instruction Fuzzy Hash: 430126B5600307AFD714DF59DC01F9ABBA8FF18214F04419EFA059B281EBB1E540CB94
                                    Function 01501D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %zd;NAME=%s%zd;PASS=%s
                                    • API String ID: 4218353326-3114484625
                                    • Opcode ID: 278cb855755d9aa6e648084cae2ccb761e6ef4b84b824ca0dfc33efd272d9bea
                                    • Instruction ID: b1f8474ad45555f06af5321baa36bb96105c6de92ee9b28f1e789416da62deb0
                                    • Opcode Fuzzy Hash: 278cb855755d9aa6e648084cae2ccb761e6ef4b84b824ca0dfc33efd272d9bea
                                    • Instruction Fuzzy Hash: 87016172E00208BBDF16AFF4CD8469D7BF4EF14304F0588ADE9059A251E6758650DB41
                                    Function 01459EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_extents.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01459F06
                                    • region16_extents.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?), ref: 01459F12
                                    • region16_n_rects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?), ref: 01459F1D
                                    • region16_n_rects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01459F7D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: region16_extentsregion16_n_rects
                                    • String ID:
                                    • API String ID: 2062899502-0
                                    • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction ID: 57e2103262875d8feaf61ab565028654609b267f1c4998474e4550da42a85b5a
                                    • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction Fuzzy Hash: 69511875A0012AAFCB54DF99C8408AEF7F5FF18750B15816AE859E7361E334AE40CBA0
                                    Function 0150408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strncpy
                                    • String ID:
                                    • API String ID: 2961919466-0
                                    • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction ID: 9844c24ba8c3525d4fd39089907a58b7d97dce720727a59dd1c7ccce773e2db0
                                    • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction Fuzzy Hash: CF11B9B9400707AEDB329F54D848B96FBFCFF24208F04492AE6A947561F331B568C7A1
                                    Function 00E78E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(016B1278,00E78C90,00E78EC0,00000000), ref: 00E78E6A
                                    • GetLastError.KERNEL32 ref: 00E78E7F
                                    • TlsGetValue.KERNEL32 ref: 00E78E8D
                                    • SetLastError.KERNEL32(00000000), ref: 00E78E96
                                    • TlsAlloc.KERNEL32 ref: 00E78EC3
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ErrorLastOnce$AllocExecuteInitValue
                                    • String ID:
                                    • API String ID: 2822033501-0
                                    • Opcode ID: 16afbf56527d4ffe4b8c2591cab5cc6a42ad1ea0c275ed203bc536dbd6c3e386
                                    • Instruction ID: 472b6f4247b1ea499c68d934af8fe576610cde4dbc854e7a239ccb425ea7dd7e
                                    • Opcode Fuzzy Hash: 16afbf56527d4ffe4b8c2591cab5cc6a42ad1ea0c275ed203bc536dbd6c3e386
                                    • Instruction Fuzzy Hash: D6012B75640208AFCB219FB5FC48A6B77B8FB45710B01A12AF819E7344EB305C948B51
                                    Function 00E5A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                    • API String ID: 4218353326-3992632484
                                    • Opcode ID: 6eb16b34e6230b241cd66968d952aac66651f0450edc18a7893829d40fe8b426
                                    • Instruction ID: c98cfc1053682e804314788beb8c6af8cd42cf71865f0efd2c0bf51263c4476f
                                    • Opcode Fuzzy Hash: 6eb16b34e6230b241cd66968d952aac66651f0450edc18a7893829d40fe8b426
                                    • Instruction Fuzzy Hash: 6E416672F0031616EB245B60DC45FBE7329BBE5749F185B38ED58B6281FB708A49C292
                                    Function 015049E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_print.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?), ref: 01504A72
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: audio_format_print
                                    • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                    • API String ID: 2744001552-3527835062
                                    • Opcode ID: 64fdf31526f2c99741c4f4d617a46d3f568d818cab37ffa88e15aad6f8b10a8c
                                    • Instruction ID: 0616915e4aaa630a63231b70ef05609ad35eb7847c72ee22d89e098e02608444
                                    • Opcode Fuzzy Hash: 64fdf31526f2c99741c4f4d617a46d3f568d818cab37ffa88e15aad6f8b10a8c
                                    • Instruction Fuzzy Hash: 9111D67628031737DB22AD5B9C42FEF2A9CAF71A60F08414EFA04750C5EAF1D651C2A9
                                    Function 0147783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: audin$rdpsnd
                                    • API String ID: 0-930729200
                                    • Opcode ID: b8ef54572a7afd74f1364b81076fdb967fe44f2dad059d8e4cd41fb1d8494faa
                                    • Instruction ID: f2887101619d8050bd76111ee2dcf2c993c6a01682ac6fa745606dba135230dc
                                    • Opcode Fuzzy Hash: b8ef54572a7afd74f1364b81076fdb967fe44f2dad059d8e4cd41fb1d8494faa
                                    • Instruction Fuzzy Hash: FC119031A01A16ABEB25DF69C8847EBF7A4BB04B42F95822FE15856210D7706590CBD1
                                    Function 01434029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 0143403A
                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 01434060
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 01434076
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: File$CreatePointer_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 4211031630-2916857029
                                    • Opcode ID: 736d44e753915157176618180e686077c74e3fddc9636f3f556c2e4d3811649c
                                    • Instruction ID: 2dd979a3bd331403f8a86c0c2fd7ebbbb1d3894072494f62c2b1a5e45e4f016c
                                    • Opcode Fuzzy Hash: 736d44e753915157176618180e686077c74e3fddc9636f3f556c2e4d3811649c
                                    • Instruction Fuzzy Hash: 6A01A232201120BBDB222B66DC4EEA77F29EF46774F148159FA189D1E2D732C856D7A0
                                    Function 01504701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,?,?,?,?), ref: 01504737
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 01504748
                                    • audio_format_print, xrefs: 01504743
                                    • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 0150473E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string
                                    • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                    • API String ID: 2866491501-3564663344
                                    • Opcode ID: f86d5148e36ee09b96bf10ab184c3d827b2711728120cbef4938fa1e6c536aeb
                                    • Instruction ID: 80e4d6d8123f8bb1321b5f3323e642460226a24a3970500ae30b4a155a4132ee
                                    • Opcode Fuzzy Hash: f86d5148e36ee09b96bf10ab184c3d827b2711728120cbef4938fa1e6c536aeb
                                    • Instruction Fuzzy Hash: 84F03675140205BADB411F52CC01E75376DEB54A14B24808DFD1C9C0A1E6B7D9A3E764
                                    Function 013F2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_get_last_error.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 013F2725
                                    • freerdp_set_last_error_ex.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 013F2745
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 013F2734
                                    • freerdp_abort_connect, xrefs: 013F2739
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                    • API String ID: 3690923134-629580617
                                    • Opcode ID: 0f8399b3b95be1c2d15053bae1d24930eb10efe91738f529ff5c9d58075d965b
                                    • Instruction ID: 27828d5ec1105f93cc7b6ee73125d4f08b74e37311c5e7aa9a4541d535551b44
                                    • Opcode Fuzzy Hash: 0f8399b3b95be1c2d15053bae1d24930eb10efe91738f529ff5c9d58075d965b
                                    • Instruction Fuzzy Hash: E5E08035644216EFEB322D59DC02F5BF794BF10B98F10042DE7C47A4A3E7719554D581
                                    Function 0150632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE ref: 0150633F
                                    • primitives_flags.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 01506353
                                    • TpWaitForWork.NTDLL(00000000,00000000), ref: 015064A9
                                    • TpReleaseWork.NTDLL(00000000), ref: 015064B2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                    • String ID:
                                    • API String ID: 704174238-0
                                    • Opcode ID: 53edc72928f8f18bb34a235b4a59faec6eb63e085bcc94f96d881613fedb6163
                                    • Instruction ID: dff1ecfe62fa95518171b2e3ab8fbdc48b45221b23a4ba787d7780a03254cbe3
                                    • Opcode Fuzzy Hash: 53edc72928f8f18bb34a235b4a59faec6eb63e085bcc94f96d881613fedb6163
                                    • Instruction Fuzzy Hash: A86138B5A0060ADFCB05CFA8C8819AEBBF5FF58310B15856AE919EB350D730E951CF90
                                    Function 0145C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_SetRgn.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?,?,00000000,00000001,?,?), ref: 0145C324
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: gdi_
                                    • String ID:
                                    • API String ID: 2273374161-0
                                    • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction ID: 4308ec1638de66e18ff4ad1f0b68dc91b46cf036a8f0bd3eb508bc5e6e3eda7a
                                    • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction Fuzzy Hash: E431EB71900209EFDB50DF99C9849AEBBF9FF58214F14806AE905E7221D334EA45CFA0
                                    Function 01485C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 01485C16
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 01485C34
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 01485C54
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 01485C9A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Leave$Enter
                                    • String ID:
                                    • API String ID: 2978645861-0
                                    • Opcode ID: 79a4c5933cf751eff424ddbc45b59de0c45f92b75a14d1377a0e8d2934bf5435
                                    • Instruction ID: 1fd935b56a5e233cfb2eb1e3b81a280908d525a5bd222e5f6901fe3e42f3bdfc
                                    • Opcode Fuzzy Hash: 79a4c5933cf751eff424ddbc45b59de0c45f92b75a14d1377a0e8d2934bf5435
                                    • Instruction Fuzzy Hash: 0C21AC75200605EFDB219F18C984AAEBBF4FB45321F11466EE992AF260D770A981CF50
                                    Function 01459BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000), ref: 01459BDC
                                    • region16_extents.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01459BEC
                                    • rectangles_intersects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,?), ref: 01459BF7
                                      • Part of subcall function 014597FD: rectangles_intersection.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,?,?), ref: 0145980C
                                    • rectangles_intersects.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,?), ref: 01459C1A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                    • String ID:
                                    • API String ID: 3854534691-0
                                    • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction ID: e5f05933bb55c636ccc93d27bab1f5be0a93d83f6ec0d58dd7ec2a35a50c9e1d
                                    • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction Fuzzy Hash: DB01D63311421AE9EF76DF59D880ABBB7DCDB5056CF14401FED1896262EB35EC81C1A4
                                    Function 01471F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE ref: 01471F56
                                    • freerdp_context_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000,00000000,?,?), ref: 01471FA4
                                    • freerdp_register_addin_provider.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?,00000000), ref: 01471FC7
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                    • String ID:
                                    • API String ID: 3731710698-0
                                    • Opcode ID: d50c50230f37f6caedb82bb36e664c7d52d49eb2da6af29123eaea31f23fff57
                                    • Instruction ID: 942b23457d2cadff9906a5ebff1773f3110efdca30fb447da24800aba796279d
                                    • Opcode Fuzzy Hash: d50c50230f37f6caedb82bb36e664c7d52d49eb2da6af29123eaea31f23fff57
                                    • Instruction Fuzzy Hash: E911A331604B036BD725AF7AD820BD7BBA5BF70A24F10441FE95987360EB70E450C690
                                    Function 0150621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID:
                                    • API String ID: 733272558-0
                                    • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction ID: a7de361b2818601de4aae8c57d01132f5f867ae2d01932fbe08842971a82d9f6
                                    • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction Fuzzy Hash: E6E04F31401B157FCE727FA6CD04D5BBBE9BF30606704045EF54A5B530CA71A8519BC0
                                    Function 0145D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-3916222277
                                    • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction ID: 427bd3a241f4157692b72679c898eea4aa102d52c6e47de5a392a4ef351b1977
                                    • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction Fuzzy Hash: A151B3B340014ABBDF42DE94CD40DEB7BAEBF18244F09425AFF1991122E732E5659BA1
                                    Function 014868CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,01486A0A,?,?,00000000,?,0147E976,00000000), ref: 0148697B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpin
                                    • String ID: %s: unknown handler type %u$WLog_Appender_New
                                    • API String ID: 2593887523-3466059274
                                    • Opcode ID: 5aca22c3ee35e406ed48c11aca54ad28f584c6c8ac1c1fcac44c80571729da74
                                    • Instruction ID: a40821a1bddb71c785a69efe320fda2952e7bdf5867ad726783bf702bddbb0bc
                                    • Opcode Fuzzy Hash: 5aca22c3ee35e406ed48c11aca54ad28f584c6c8ac1c1fcac44c80571729da74
                                    • Instruction Fuzzy Hash: 28110C3350820266A5777A7E9C48EFF7F6DAB63930B16401FF905B63F5EA31D4025261
                                    Function 013F3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%s-client.%s$DeviceServiceEntry
                                    • API String ID: 0-2733899524
                                    • Opcode ID: a86783248d5383dbaa6fb827b29341115cd12d9a5b8eacdb7669d37fc3230683
                                    • Instruction ID: e283381ef0d9b38a2dbb5057cdd8440b1f441bbd46b2d225a6ca401814f1e0f4
                                    • Opcode Fuzzy Hash: a86783248d5383dbaa6fb827b29341115cd12d9a5b8eacdb7669d37fc3230683
                                    • Instruction Fuzzy Hash: 33118F72A0021AABFB119E9DC880ABF7BACEF50A58F04402EFF14D7240D775DA018B90
                                    Function 0147EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0147E987), ref: 0147EBF6
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0147E987), ref: 0147EC1A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILTER
                                    • API String ID: 1431749950-2006202657
                                    • Opcode ID: e99a8c4afa3adef7d5a19bcc4ab7c49395ef71b8670cbe9643f061182e0436e7
                                    • Instruction ID: 5cbe550ee5175904f12753d622e46772c1f65ce9914beeccd9c84d374131ff87
                                    • Opcode Fuzzy Hash: e99a8c4afa3adef7d5a19bcc4ab7c49395ef71b8670cbe9643f061182e0436e7
                                    • Instruction Fuzzy Hash: 9BF022762042267E5630276BBC48C6B3FACEAA56B9350006FF108CF118EA700D0283A2
                                    Function 0147BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: .msrcIncident$.rdp
                                    • API String ID: 4218353326-1437571178
                                    • Opcode ID: 543c07d4d487ef47cf4192403e14f2bb92d1ce943dffc9b7719ba85613eef0a7
                                    • Instruction ID: b1f9847517c86266e335aac20865a321ce9bdf985316c11e94633b92d64c7f76
                                    • Opcode Fuzzy Hash: 543c07d4d487ef47cf4192403e14f2bb92d1ce943dffc9b7719ba85613eef0a7
                                    • Instruction Fuzzy Hash: 9CF04C73A14A176F99349A7EDC058A77344EA11074310832FF47AD72F0DE35E41187D0
                                    Function 01484BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01484AE3), ref: 01484BCC
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,01484AE3), ref: 01484BEC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WINPR_NATIVE_SSPI
                                    • API String ID: 1431749950-1020623567
                                    • Opcode ID: 9c23db068d230b1fcd1a344c10d4a64c19781980bddabb7c2d11ae2aff89a414
                                    • Instruction ID: 317645f6b426ac928c616c1dea7dfd66b7bf88b14d0112eb947d7fd49c46a346
                                    • Opcode Fuzzy Hash: 9c23db068d230b1fcd1a344c10d4a64c19781980bddabb7c2d11ae2aff89a414
                                    • Instruction Fuzzy Hash: 0FF0273229513326E536326E6C14F2F6EA8DB96F25B1A011FF601DB194DE60480342E5
                                    Function 0144A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • rfx_context_new.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 0144A2ED
                                      • Part of subcall function 0143E4DD: GetVersionExA.KERNEL32(?), ref: 0143E5CD
                                      • Part of subcall function 0143E4DD: GetNativeSystemInfo.KERNEL32(?), ref: 0143E5E7
                                      • Part of subcall function 0143E4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 0143E612
                                    • progressive_context_free.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 0144A36D
                                    Strings
                                    • com.freerdp.codec.progressive, xrefs: 0144A2CA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                    • String ID: com.freerdp.codec.progressive
                                    • API String ID: 2699998398-3622116780
                                    • Opcode ID: 557e6558ceca6ec6d9f9fbb50222b780bff2b0b74e66d40cc2a041eb2053b6a9
                                    • Instruction ID: badf7a043c2499682638a9788ff884e755eb7674095cf6605fa94ab4d7c54430
                                    • Opcode Fuzzy Hash: 557e6558ceca6ec6d9f9fbb50222b780bff2b0b74e66d40cc2a041eb2053b6a9
                                    • Instruction Fuzzy Hash: D7F0E0325457035BF320BB779800F4BBBD8DFB2970F24002FF205AB690E97094018260
                                    Function 01431ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_get_key_for_name.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(?), ref: 01431EEF
                                    • freerdp_settings_get_type_for_key.WTPGBJXOPBTGKQVMZYOYJECSGTFBYPC-ELEVATE(00000000), ref: 01431F51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                    • String ID: TRUE
                                    • API String ID: 1888880752-3412697401
                                    • Opcode ID: c35fd43b51b9cca0cc8f56afed0f723888e0c550dd4b6ca41331c72ff1c60967
                                    • Instruction ID: a4c99af0ba8c5bc25c810b0d7bd56f07b2cc380fac82aa50d0065a5f89306e5b
                                    • Opcode Fuzzy Hash: c35fd43b51b9cca0cc8f56afed0f723888e0c550dd4b6ca41331c72ff1c60967
                                    • Instruction Fuzzy Hash: E3E0E5323042156BEA119A9FEC91D9F365CEBE9DA1B21002BFA045A260AB70D90046A0
                                    Function 014315BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 3e18a0995fc0310140fe860fc94c35bc023e6384b6a1a485afeb757647bef629
                                    • Instruction ID: a5aefcd46d7968cf6b74d2fcf86d7bd6a953b90943b44ac716e4effd31c9fa7f
                                    • Opcode Fuzzy Hash: 3e18a0995fc0310140fe860fc94c35bc023e6384b6a1a485afeb757647bef629
                                    • Instruction Fuzzy Hash: CFF0BEB240020A7BDF212FAA8C80D9B7AACEF28154B050029FD0846221EA35D9208AE0
                                    Function 01431493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 181ef68dddcf4124741d5c0a9c1c35a0a7a24944b0b271f7032eba34f10918ec
                                    • Instruction ID: 4f99456328c007179f4efec3fc2ff64c11b5ab3e4d689adf546d5ed9f12252af
                                    • Opcode Fuzzy Hash: 181ef68dddcf4124741d5c0a9c1c35a0a7a24944b0b271f7032eba34f10918ec
                                    • Instruction Fuzzy Hash: B9F0BEB240020A7BDF216FAACC80D9B3AADEF38244B050029FD0456321EA35D8218AE0
                                    Function 0148717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,01487163), ref: 01487190
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,01487163), ref: 014871B1
                                      • Part of subcall function 01487310: LoadLibraryA.KERNEL32(?,?,014871C4,00000000,?,?,01487163), ref: 01487316
                                      • Part of subcall function 01487310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0148732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                    • String ID: WTSAPI_LIBRARY
                                    • API String ID: 3590464466-1122459656
                                    • Opcode ID: 0df8d259fb14bb279043d90880849372032a7fcbaeb46bbe54ea56dc6571eded
                                    • Instruction ID: 6d1028c5c96f8527a6da9502f23ee5a445c08b86fa866990ecc9d44bd6c09053
                                    • Opcode Fuzzy Hash: 0df8d259fb14bb279043d90880849372032a7fcbaeb46bbe54ea56dc6571eded
                                    • Instruction Fuzzy Hash: 68E0E53210511369E532325DAC29F5F3E25DBD1A66F30004EF4005E294EF70040182A2
                                    Function 01487310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(?,?,014871C4,00000000,?,?,01487163), ref: 01487316
                                    • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0148732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitWtsApi
                                    • API String ID: 2574300362-3428673357
                                    • Opcode ID: fca3c79d13d6db21b88903384822b6d0998b6d76a39300cf3d937b2fe8e5ddfc
                                    • Instruction ID: 15faa9293b8ccb68e2740de5eaf67fb66299774aefb1fe7944a31ab8cc12aa79
                                    • Opcode Fuzzy Hash: fca3c79d13d6db21b88903384822b6d0998b6d76a39300cf3d937b2fe8e5ddfc
                                    • Instruction Fuzzy Hash: 41D02B715403055B9F26BFF6AC064173FDDF7406523005833AC2CC5100EB30C040D751
                                    Function 014EF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,014DB650,01630388,0000000C), ref: 014EF430
                                    • SetLastError.KERNEL32(00000000), ref: 014EF4D2
                                    • GetLastError.KERNEL32(00000000,?,014D5FDD,014EF0E3,?,?,0147F77A,0000000C,?,?,?,?,013F27D2,?,?,?), ref: 014EF581
                                    • SetLastError.KERNEL32(00000000,00000006), ref: 014EF623
                                      • Part of subcall function 014EF717: RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 014EF758
                                      • Part of subcall function 014EF066: HeapFree.KERNEL32(00000000,00000000,?,014FB935,?,00000000,?,?,014FBBD6,?,00000007,?,?,014FBF89,?,?), ref: 014EF07C
                                      • Part of subcall function 014EF066: GetLastError.KERNEL32(?,?,014FB935,?,00000000,?,?,014FBBD6,?,00000007,?,?,014FBF89,?,?), ref: 014EF087
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.2021470337.0000000000E11000.00000040.00000001.01000000.00000006.sdmp, Offset: 00E10000, based on PE: true
                                    • Associated: 00000003.00000002.2021454527.0000000000E10000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001594000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000159C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000163B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000164E000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000165F000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.00000000016AC000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001748000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000192C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000001931000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.0000000002333000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000249A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2021470337.000000000253D000.00000040.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000003.00000002.2022449830.0000000002563000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_2_e10000_wtpgbjxopbtgkqvmzyoyjecsgtfbypc-elevate.jbxd
                                    Similarity
                                    • API ID: ErrorLast$Heap$AllocateFree
                                    • String ID:
                                    • API String ID: 2037364846-0
                                    • Opcode ID: 7f81a212d7fb319a6cb461a2635c23219abfc0006e7ae8a7791d16e411e7b182
                                    • Instruction ID: 3fee919de855bdd3e54f7b147c4051eec86f24c9e4e0734bc45f7f0e02201a0e
                                    • Opcode Fuzzy Hash: 7f81a212d7fb319a6cb461a2635c23219abfc0006e7ae8a7791d16e411e7b182
                                    • Instruction Fuzzy Hash: 11410BB96062126FD7213A7DAD8CD2B36C89F35A72B14023FF7109A6F5DB34891E8350

                                    Execution Graph

                                    Execution Coverage:0.5%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:0%
                                    Total number of Nodes:77
                                    Total number of Limit Nodes:6
                                    execution_graph 12891 99b62b 12892 99b637 12891->12892 12893 99b64b 12892->12893 12894 99b63e GetLastError RtlExitUserThread 12892->12894 12897 9af42c GetLastError 12893->12897 12894->12893 12896 99b650 12898 9af442 12897->12898 12908 9af44c SetLastError 12898->12908 12924 9af717 12898->12924 12901 9af4dc 12901->12896 12902 9af479 12903 9af4b9 12902->12903 12904 9af481 12902->12904 12932 9af25a 12903->12932 12928 9af066 12904->12928 12905 9af4e1 12911 9af717 RtlAllocateHeap 12905->12911 12912 9af4fe 12905->12912 12908->12901 12908->12905 12910 9af066 __aligned_free 2 API calls 12910->12908 12916 9af522 12911->12916 12914 9af57d GetLastError 12912->12914 12923 9af503 12912->12923 12913 9af52a 12920 9af066 __aligned_free 2 API calls 12913->12920 12915 9af593 12914->12915 12919 9af622 SetLastError 12915->12919 12916->12913 12917 9af55e 12916->12917 12918 9af25a 2 API calls 12917->12918 12921 9af569 12918->12921 12919->12896 12920->12912 12922 9af066 __aligned_free 2 API calls 12921->12922 12922->12923 12923->12896 12927 9af730 12924->12927 12925 9af74f RtlAllocateHeap 12926 9af764 12925->12926 12925->12927 12926->12902 12927->12925 12927->12926 12929 9af071 HeapFree 12928->12929 12931 9af093 __aligned_free 12928->12931 12930 9af086 GetLastError 12929->12930 12929->12931 12930->12931 12931->12908 12937 9af0ee 12932->12937 12938 9af0fa 12937->12938 12949 99f2a5 RtlEnterCriticalSection 12938->12949 12940 9af104 12950 9af134 12940->12950 12943 9af200 12944 9af20c 12943->12944 12954 99f2a5 RtlEnterCriticalSection 12944->12954 12946 9af216 12955 9af24e 12946->12955 12949->12940 12953 99f2ed RtlLeaveCriticalSection 12950->12953 12952 9af122 12952->12943 12953->12952 12954->12946 12958 99f2ed RtlLeaveCriticalSection 12955->12958 12957 9af23c 12957->12910 12958->12957 12959 1a229e0 12961 1a229f8 12959->12961 12960 1a22b03 LoadLibraryA 12960->12961 12961->12960 12963 1a22b48 VirtualProtect VirtualProtect 12961->12963 12964 1a22b2c GetProcAddress 12961->12964 12965 1a22bc0 12963->12965 12964->12961 12966 1a22b42 ExitProcess 12964->12966 12967 99b6e0 12968 99b6eb 12967->12968 12969 99b72d RtlExitUserThread 12968->12969 12972 99b717 12968->12972 12974 99b710 CloseHandle 12968->12974 12970 9af717 RtlAllocateHeap 12969->12970 12971 99b748 12970->12971 12973 9af066 __aligned_free 2 API calls 12971->12973 12972->12969 12976 99b723 FreeLibraryAndExitThread 12972->12976 12975 99b755 12973->12975 12974->12972 12977 99b779 12975->12977 12978 99b75c GetModuleHandleExW 12975->12978 12976->12969 12981 99b6a9 12977->12981 12978->12977 12982 99b6d9 12981->12982 12983 99b6b5 12981->12983 12984 99b6bb CloseHandle 12983->12984 12985 99b6c4 12983->12985 12984->12985 12986 99b6ca FreeLibrary 12985->12986 12987 99b6d3 12985->12987 12986->12987 12988 9af066 __aligned_free 2 API calls 12987->12988 12988->12982

                                    Executed Functions

                                    Function 01A229E0 Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 1a229e0-1a229f0 1 1a22a02-1a22a07 0->1 2 1a22a09 1->2 3 1a22a0b 2->3 4 1a229f8-1a229fd 2->4 5 1a22a10-1a22a12 3->5 6 1a229fe-1a22a00 4->6 7 1a22a14-1a22a19 5->7 8 1a22a1b-1a22a1f 5->8 6->1 6->2 7->8 9 1a22a21 8->9 10 1a22a2c-1a22a2f 8->10 11 1a22a23-1a22a2a 9->11 12 1a22a4b-1a22a50 9->12 13 1a22a31-1a22a36 10->13 14 1a22a38-1a22a3a 10->14 11->10 11->12 15 1a22a52-1a22a5b 12->15 16 1a22a63-1a22a65 12->16 13->14 14->5 19 1a22ad2-1a22ad5 15->19 20 1a22a5d-1a22a61 15->20 17 1a22a67-1a22a6c 16->17 18 1a22a6e 16->18 17->18 22 1a22a70-1a22a73 18->22 23 1a22a3c-1a22a3e 18->23 21 1a22ada 19->21 20->18 24 1a22adc-1a22ade 21->24 25 1a22a75-1a22a7a 22->25 26 1a22a7c 22->26 27 1a22a40-1a22a45 23->27 28 1a22a47-1a22a49 23->28 29 1a22ae0-1a22ae3 24->29 30 1a22af7 24->30 25->26 26->23 31 1a22a7e-1a22a80 26->31 27->28 32 1a22a9d-1a22aac 28->32 29->24 33 1a22ae5-1a22af5 29->33 34 1a22afd-1a22b01 30->34 35 1a22a82-1a22a87 31->35 36 1a22a89-1a22a8d 31->36 37 1a22aae-1a22ab5 32->37 38 1a22abc-1a22ac9 32->38 33->21 40 1a22b03-1a22b19 LoadLibraryA 34->40 41 1a22b48-1a22b4b 34->41 35->36 36->31 42 1a22a8f 36->42 37->37 43 1a22ab7 37->43 38->38 39 1a22acb-1a22acd 38->39 39->6 45 1a22b1a-1a22b1f 40->45 44 1a22b4e-1a22b55 41->44 46 1a22a91-1a22a98 42->46 47 1a22a9a 42->47 43->6 48 1a22b57-1a22b59 44->48 49 1a22b79-1a22bbd VirtualProtect * 2 44->49 45->34 50 1a22b21-1a22b23 45->50 46->31 46->47 47->32 51 1a22b5b-1a22b6a 48->51 52 1a22b6c-1a22b77 48->52 55 1a22bc0-1a22bc1 49->55 53 1a22b25-1a22b2b 50->53 54 1a22b2c-1a22b39 GetProcAddress 50->54 51->44 52->51 53->54 56 1a22b42 ExitProcess 54->56 57 1a22b3b-1a22b40 54->57 58 1a22bc5-1a22bc9 55->58 57->45 58->58 59 1a22bcb 58->59
                                    APIs
                                    • LoadLibraryA.KERNEL32(?), ref: 01A22B13
                                    • GetProcAddress.KERNELBASE(?,019FCFF9), ref: 01A22B31
                                    • ExitProcess.KERNEL32(?,019FCFF9), ref: 01A22B42
                                    • VirtualProtect.KERNELBASE(002D0000,00001000,00000004,?,00000000), ref: 01A22B90
                                    • VirtualProtect.KERNELBASE(002D0000,00001000), ref: 01A22BA5
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                    • String ID:
                                    • API String ID: 1996367037-0
                                    • Opcode ID: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction ID: be29c2174ffe7544937d72a3112bbd0ba001cc5a42c24fc44e68134560e3ac71
                                    • Opcode Fuzzy Hash: 7e2376533f3956e57493e658a4c8f4564e7175610ab1e4299428b40b4a8ea847
                                    • Instruction Fuzzy Hash: EF51F472A507225AD7318EBCCCC0774BBA5EB45230B5C073ADAE2DB6C6E7A458068760
                                    Function 0099B6E0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 009AF42C: GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                      • Part of subcall function 009AF42C: SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                    • CloseHandle.KERNEL32(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B711
                                    • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B727
                                    • RtlExitUserThread.NTDLL(?,?,?,0099B817,?,?,0099B689,00000000), ref: 0099B730
                                    • GetModuleHandleExW.KERNEL32(00000004,?,0000000C), ref: 0099B76E
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitHandleLastThread$CloseFreeLibraryModuleUser
                                    • String ID:
                                    • API String ID: 1062721995-0
                                    • Opcode ID: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction ID: 721a3f6bf69051d1b4c7b058edb06068184d1c69afd0f992557d910c6859ee9a
                                    • Opcode Fuzzy Hash: 87048e4c42ac1a0df50e4c3a627314e16d73ad20d790b2cfe86378904a75488c
                                    • Instruction Fuzzy Hash: BB11B671501204BBCB209FA9EE09FAA7BECDFC1760F148225F915D76A1DB74DD41CAA0
                                    Function 0099B62B Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • GetLastError.KERNEL32(00AF0388,0000000C), ref: 0099B63E
                                    • RtlExitUserThread.NTDLL(00000000), ref: 0099B645
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExitLastThreadUser
                                    • String ID:
                                    • API String ID: 1750398979-0
                                    • Opcode ID: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction ID: 05963f88b7a16fd2dfc2522daf8275ae33fa3a17c366f650bee3415995dc072d
                                    • Opcode Fuzzy Hash: 85f0dc38bf360a5d03e053273d16493a5ca3ccba588fe6b9f613e30e082ca3ea
                                    • Instruction Fuzzy Hash: 9EF0C871940204AFDF10AFB4D90AB6E7775FF84710F104155F00197262CB346941DFA1

                                    Non-executed Functions

                                    Function 0093E437 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009443BE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EncryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EncryptMessage
                                    • API String ID: 689400697-3976766517
                                    • Opcode ID: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction ID: 343f2e26b8ac709d4e87701eb2b70399a12e0979d4f41f944bce9d385257261c
                                    • Opcode Fuzzy Hash: d92338d62897c77f6f41f8e772ab80dc08237c50e6d56a2414ae1831d0bb1d60
                                    • Instruction Fuzzy Hash: 581191313C82057BEB216E66EC07F6B3AACEB81B50F0004A5F900A70E1DDA59A10DAA4
                                    Function 0093E42E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009442FB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DecryptMessage: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DecryptMessage
                                    • API String ID: 689400697-3301108232
                                    • Opcode ID: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction ID: 4ad498c404c95604263d475349eba517935530950f0f3ab872caa95e6a094709
                                    • Opcode Fuzzy Hash: 7887c57058d5ea384ac09e3451406da3fb90ead11c52b54de38cf55be87a2089
                                    • Instruction Fuzzy Hash: 7E1194313C83057BDA215A66ED47F6B3AACEBC5B50F000495FA00A71E1DD96DE10D6A4
                                    Function 008E5E14 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                    Download Yara Rule
                                    APIs
                                    • crypto_cert_fingerprint.GETSCREEN-941605629-X86(?), ref: 008E5E1C
                                      • Part of subcall function 008E576E: crypto_cert_fingerprint_by_hash.GETSCREEN-941605629-X86(?,sha256), ref: 008E5779
                                    • crypto_cert_issuer.GETSCREEN-941605629-X86(?), ref: 008E5E30
                                    • crypto_cert_subject.GETSCREEN-941605629-X86(?,?), ref: 008E5E3A
                                    • certificate_data_new.GETSCREEN-941605629-X86(?,?,00000000,00000000,00000000,?,?), ref: 008E5E4A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: certificate_data_newcrypto_cert_fingerprintcrypto_cert_fingerprint_by_hashcrypto_cert_issuercrypto_cert_subject
                                    • String ID:
                                    • API String ID: 1865246629-0
                                    • Opcode ID: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction ID: c04658d280f9daed0f6bcbf9dc62e9c71040a234a6e564548503094c203a38cb
                                    • Opcode Fuzzy Hash: b22f0af09afbb53f47c67a66392b01df666bde5d5b51faeba4ef9e6157e0229e
                                    • Instruction Fuzzy Hash: 15E01A75500648BACF112F6ADC06CAF7EADEF867E8B144124B9189A121DA718E1096A1
                                    Function 00947449 Relevance: 224.3, APIs: 64, Strings: 64, Instructions: 269libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 631 947449-94745b LoadLibraryA 632 94745d 631->632 633 94745e-9478e4 GetProcAddress * 63 call 95001b 631->633
                                    APIs
                                    • LoadLibraryA.KERNEL32(wtsapi32.dll,00947168), ref: 0094744E
                                    • GetProcAddress.KERNEL32(00000000,WTSStopRemoteControlSession), ref: 0094746B
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionW), ref: 0094747D
                                    • GetProcAddress.KERNEL32(WTSStartRemoteControlSessionA), ref: 0094748F
                                    • GetProcAddress.KERNEL32(WTSConnectSessionW), ref: 009474A1
                                    • GetProcAddress.KERNEL32(WTSConnectSessionA), ref: 009474B3
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersW), ref: 009474C5
                                    • GetProcAddress.KERNEL32(WTSEnumerateServersA), ref: 009474D7
                                    • GetProcAddress.KERNEL32(WTSOpenServerW), ref: 009474E9
                                    • GetProcAddress.KERNEL32(WTSOpenServerA), ref: 009474FB
                                    • GetProcAddress.KERNEL32(WTSOpenServerExW), ref: 0094750D
                                    • GetProcAddress.KERNEL32(WTSOpenServerExA), ref: 0094751F
                                    • GetProcAddress.KERNEL32(WTSCloseServer), ref: 00947531
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsW), ref: 00947543
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsA), ref: 00947555
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExW), ref: 00947567
                                    • GetProcAddress.KERNEL32(WTSEnumerateSessionsExA), ref: 00947579
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesW), ref: 0094758B
                                    • GetProcAddress.KERNEL32(WTSEnumerateProcessesA), ref: 0094759D
                                    • GetProcAddress.KERNEL32(WTSTerminateProcess), ref: 009475AF
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationW), ref: 009475C1
                                    • GetProcAddress.KERNEL32(WTSQuerySessionInformationA), ref: 009475D3
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigW), ref: 009475E5
                                    • GetProcAddress.KERNEL32(WTSQueryUserConfigA), ref: 009475F7
                                    • GetProcAddress.KERNEL32(WTSSetUserConfigW), ref: 00947609
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WTSCloseServer$WTSConnectSessionA$WTSConnectSessionW$WTSCreateListenerA$WTSCreateListenerW$WTSDisconnectSession$WTSEnableChildSessions$WTSEnumerateListenersA$WTSEnumerateListenersW$WTSEnumerateProcessesA$WTSEnumerateProcessesExA$WTSEnumerateProcessesExW$WTSEnumerateProcessesW$WTSEnumerateServersA$WTSEnumerateServersW$WTSEnumerateSessionsA$WTSEnumerateSessionsExA$WTSEnumerateSessionsExW$WTSEnumerateSessionsW$WTSFreeMemory$WTSFreeMemoryExA$WTSFreeMemoryExW$WTSGetActiveConsoleSessionId$WTSGetChildSessionId$WTSGetListenerSecurityA$WTSGetListenerSecurityW$WTSIsChildSessionsEnabled$WTSLogoffSession$WTSOpenServerA$WTSOpenServerExA$WTSOpenServerExW$WTSOpenServerW$WTSQueryListenerConfigA$WTSQueryListenerConfigW$WTSQuerySessionInformationA$WTSQuerySessionInformationW$WTSQueryUserConfigA$WTSQueryUserConfigW$WTSQueryUserToken$WTSRegisterSessionNotification$WTSRegisterSessionNotificationEx$WTSSendMessageA$WTSSendMessageW$WTSSetListenerSecurityA$WTSSetListenerSecurityW$WTSSetUserConfigA$WTSSetUserConfigW$WTSShutdownSystem$WTSStartRemoteControlSessionA$WTSStartRemoteControlSessionW$WTSStopRemoteControlSession$WTSTerminateProcess$WTSUnRegisterSessionNotification$WTSUnRegisterSessionNotificationEx$WTSVirtualChannelClose$WTSVirtualChannelOpen$WTSVirtualChannelOpenEx$WTSVirtualChannelPurgeInput$WTSVirtualChannelPurgeOutput$WTSVirtualChannelQuery$WTSVirtualChannelRead$WTSVirtualChannelWrite$WTSWaitSystemEvent$wtsapi32.dll
                                    • API String ID: 2238633743-2998606599
                                    • Opcode ID: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction ID: 01890786a5cc9c84123f1660955e1ce2065128ce0f8d144bce487c53b416ef49
                                    • Opcode Fuzzy Hash: bf86211137e586d1a193f25cf3ec2ab72d80a0096b85ae2583470175e24149e5
                                    • Instruction Fuzzy Hash: 7BB129B4ED9314BADF119F76AD4A8663EA5F7097703008C9AE80477270DFB64268DE90
                                    Function 009314E3 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 194sleepCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 738 9314e3-9314fb 739 931501-931509 738->739 740 9316dd 738->740 739->740 742 93150f-931523 freerdp_error_info 739->742 741 9316df-9316e3 740->741 743 9316e4-9316f0 742->743 744 931529-93152f 742->744 746 9316f2-9316f9 call 93e717 743->746 747 9316fe-93170a call 93e9a3 743->747 744->740 745 931535-93153c 744->745 748 93154e-93155a call 93e9a3 745->748 749 93153e-931549 call 93e717 745->749 746->747 758 931710-931736 call 93ed82 747->758 759 93158e-931595 747->759 761 931589 748->761 762 93155c-931586 freerdp_get_error_info_string call 93ed82 748->762 749->748 758->759 759->740 763 93159b-9315a3 759->763 761->759 762->761 766 9315b3-9315ba 763->766 767 9315a5-9315ad 763->767 769 9315c8-9315d4 call 93e9a3 766->769 770 9315bc-9315c3 call 93e717 766->770 767->740 767->766 775 931600-931609 freerdp_reconnect 769->775 776 9315d6-9315fd call 93ed82 769->776 770->769 778 93173b-93173e 775->778 779 93160f-93161c freerdp_get_last_error 775->779 776->775 778->741 781 93166b 779->781 782 93161e-931625 779->782 783 93166d-931671 781->783 784 931633-93163f call 93e9a3 782->784 785 931627-93162e call 93e717 782->785 786 931673-93167a 783->786 787 93167c-931688 Sleep 783->787 793 931641-931664 call 93ed82 784->793 794 931667 784->794 785->784 786->740 786->787 787->783 791 93168a-93168e 787->791 791->763 796 931694-93169b 791->796 793->794 794->781 798 9316a9-9316b5 call 93e9a3 796->798 799 93169d-9316a4 call 93e717 796->799 798->740 805 9316b7-9316da call 93ed82 798->805 799->798 805->740
                                    APIs
                                    • freerdp_error_info.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931519
                                    • freerdp_get_error_info_string.GETSCREEN-941605629-X86(00000000,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093155D
                                    • freerdp_reconnect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931601
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,009314DF,?,00000000), ref: 00931611
                                    • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,009314DF,?,00000000), ref: 0093167E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Sleepfreerdp_error_infofreerdp_get_error_info_stringfreerdp_get_last_errorfreerdp_reconnect
                                    • String ID: Attempting reconnect (%u of %u)$Autoreconnect aborted by user$C:\Project\agent-windows\freerdp\FreeRDP\client\common\client.c$Disconnected by server hitting a bug or resource limit [%s]$Maximum reconnect retries exceeded$Network disconnect!$client_auto_reconnect_ex$com.freerdp.client.common
                                    • API String ID: 968149013-2963753137
                                    • Opcode ID: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction ID: 0ae16ba41c324963bd10ffdf1a04a4162996fa99853b354ac10486811896f3e6
                                    • Opcode Fuzzy Hash: 85dcda2f478e2c1cf53991a2d4eab9e8baad21d377af7c8c49d75f89701a9ff4
                                    • Instruction Fuzzy Hash: AD51D675B80305BBEB207B65EC43FAA27ACAB50B54F14443AF901EB1E2EB7099408F55
                                    Function 008FA89E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 127COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • gdi_get_pixel_format.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FA8B3
                                    • gdi_free.GETSCREEN-941605629-X86(?,?,?,?,?,008FA899,?,?,00000000,00000000,Function_006DAA7A), ref: 008FAA40
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_freegdi_get_pixel_format
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\gdi\gdi.c$com.freerdp.gdi$failed to initialize gdi$gdi_init_ex
                                    • API String ID: 1251975138-534786182
                                    • Opcode ID: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction ID: 6731901582a6301185719cb33873c23558d4847fba7641c96c5b99e6c1c01256
                                    • Opcode Fuzzy Hash: 84c8194bce7aff5feadf02f83053cb4684a4e5178954e795cadbd10cc2a20d62
                                    • Instruction Fuzzy Hash: 4D4150B5200706AFD715BF38DC42B6A77A5FF44320F148429FA58DB292EF72A851CB52
                                    Function 00936C86 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 337COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 864 936c86-936ca5 call 9a35f0 867 936ca7-936caa 864->867 868 936cdf-936cef call 9a35f0 864->868 869 936d43 867->869 870 936cb0-936cc5 867->870 877 936da3-936db3 call 9a35f0 868->877 878 936cf5-936cfa 868->878 874 936d45-936d49 869->874 872 936cc7 870->872 873 936cca-936cdd call 93706d 870->873 872->873 873->874 885 936db9-936dbe 877->885 886 936e3d-936e4d call 9a35f0 877->886 878->869 881 936cfc-936d0b 878->881 883 936d11-936d20 call 995feb 881->883 884 937066-937068 881->884 883->869 892 936d22-936d3a call 995ff6 883->892 884->874 885->869 888 936dc0-936de0 call 995feb 885->888 894 936e53-936e58 886->894 895 936faf-936fbf call 9a35f0 886->895 888->869 898 936de6-936def 888->898 904 936d4a-936d4d 892->904 905 936d3c-936d3d call 995f15 892->905 894->869 900 936e5e-936e7e call 995feb 894->900 895->869 911 936fc5-936fca 895->911 902 936df1-936dfc call 9a3680 898->902 903 936e19-936e26 freerdp_device_collection_add 898->903 900->869 918 936e84-936e89 900->918 923 936e16 902->923 924 936dfe-936e0f call 995ff6 902->924 903->884 914 936e2c-936e32 call 995f15 903->914 912 936d73 904->912 913 936d4f-936d60 call 995ff6 904->913 917 936d42 905->917 911->869 919 936fd0-936ff0 call 995feb 911->919 915 936d75-936d82 freerdp_device_collection_add 912->915 913->915 935 936d62-936d6a call 995f15 913->935 929 936e37-936e38 914->929 915->884 922 936d88-936da1 call 995f15 * 3 915->922 917->869 925 936f5f-936f62 918->925 926 936e8f-936ea5 call 995ff6 918->926 919->869 941 936ff6-936fff 919->941 922->869 923->903 924->903 945 936e11 924->945 933 936f65-936f78 freerdp_device_collection_add 925->933 926->905 946 936eab-936eae 926->946 936 936d6b-936d71 call 995f15 929->936 933->884 940 936f7e-936faa call 995f15 * 5 933->940 935->936 936->917 940->869 948 937001-937017 call 995ff6 941->948 949 93703d-93704d freerdp_device_collection_add 941->949 945->905 946->925 954 936eb4-936eca call 995ff6 946->954 948->905 966 93701d-937020 948->966 949->884 952 93704f-937061 call 995f15 * 2 949->952 952->884 968 936ede-936ee1 954->968 969 936ecc-936ed9 call 995f15 954->969 966->949 971 937022-937033 call 995ff6 966->971 968->925 972 936ee3-936ef9 call 995ff6 968->972 969->929 971->949 983 937035 971->983 985 936efb-936f12 call 995f15 * 2 972->985 986 936f18-936f1b 972->986 983->949 985->986 986->933 989 936f1d-936f2e call 995ff6 986->989 989->933 995 936f30-936f5a call 995f15 * 4 989->995 995->869
                                    APIs
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,?), ref: 00936D79
                                    • _strlen.LIBCMT ref: 00936DF4
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936E1D
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00936F6F
                                    • freerdp_device_collection_add.GETSCREEN-941605629-X86(?,00000000), ref: 00937044
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_device_collection_add$_strlen
                                    • String ID: drive$parallel$printer$serial$smartcard
                                    • API String ID: 2230162058-807955808
                                    • Opcode ID: a862b92b1c99d0e25375171c214af895efa5c5787c3ed8231d69c8a2341a0c7c
                                    • Instruction ID: cd88d004155b4c449fd57c8f12a564ff4e06dc6ae07178283b6a7863356fed87
                                    • Opcode Fuzzy Hash: a862b92b1c99d0e25375171c214af895efa5c5787c3ed8231d69c8a2341a0c7c
                                    • Instruction Fuzzy Hash: 69B1DF32604602ABDF16AF1CDC41B6E7BA5FF45320B158469F8189F292EF32DD518F90
                                    Function 008C0E1F Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1004 8c0e1f-8c0e32 1005 8c0e34-8c0e3b 1004->1005 1006 8c0e82-8c0e8f call 8c1585 1004->1006 1008 8c0e4d-8c0e59 call 93e9a3 1005->1008 1009 8c0e3d-8c0e48 call 93e717 1005->1009 1015 8c0ee4-8c0f8c call 9929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1006->1015 1016 8c0e91-8c0e98 1006->1016 1017 8c0fdf-8c0fe2 1008->1017 1018 8c0e5f-8c0e7d 1008->1018 1009->1008 1030 8c0ede 1015->1030 1035 8c0f92-8c0f99 1015->1035 1020 8c0eaa-8c0eb6 call 93e9a3 1016->1020 1021 8c0e9a-8c0ea5 call 93e717 1016->1021 1022 8c0ee0-8c0ee3 1017->1022 1023 8c0fd7-8c0fdc call 93ed82 1018->1023 1020->1030 1031 8c0eb8-8c0edb call 93ed82 1020->1031 1021->1020 1023->1017 1030->1022 1031->1030 1037 8c0fab-8c0fb7 call 93e9a3 1035->1037 1038 8c0f9b-8c0fa6 call 93e717 1035->1038 1037->1017 1043 8c0fb9-8c0fd1 1037->1043 1038->1037 1043->1023
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0F64
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0F79
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: ,$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load_ex
                                    • API String ID: 3168844106-1571615648
                                    • Opcode ID: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction ID: f0082c08295352f182a68c739b2fbdb6a6ec42f0bdf33fa01cd042b995023f97
                                    • Opcode Fuzzy Hash: 7280205139d7d0b0e91149c13468b4425c20170e46c617a0a0c459adfcfdce2d
                                    • Instruction Fuzzy Hash: D3415A71A84309ABEB149F68DC46FA977B4FB48754F108419F618EB2D1DB70E9408F98
                                    Function 008F42E5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1087 8f42e5-8f43dd call 9a3680 call 94010e CreateFileA GetFileSize call 995f30 1097 8f4507-8f4514 CloseHandle 1087->1097 1098 8f43e3-8f43f4 ReadFile 1087->1098 1099 8f43fa-8f43fd 1098->1099 1100 8f4500-8f4506 call 995f15 1098->1100 1099->1100 1102 8f4403-8f4408 1099->1102 1100->1097 1102->1100 1104 8f440e-8f448f SetFilePointer SetEndOfFile 1102->1104 1104->1100 1106 8f4515-8f451e 1104->1106 1107 8f469c-8f46b0 call 94536b 1106->1107 1110 8f4523-8f452c call 9a3680 1107->1110 1111 8f47b3-8f47d8 call 93e9a3 1107->1111 1110->1107 1116 8f4532-8f454e call 8f484b 1110->1116 1111->1100 1119 8f47de-8f47ed call 995fd8 * 2 call 9a3e39 1111->1119 1116->1107 1122 8f4554-8f4624 call 8f4878 call 9a35f0 call 8b8b2e 1116->1122 1122->1100 1135 8f462a-8f463c call 995f30 1122->1135 1135->1107 1135->1111
                                    APIs
                                    • _strlen.LIBCMT ref: 008F42FA
                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4320
                                    • GetFileSize.KERNEL32(00000000,?), ref: 008F433A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreateSize_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 2645226956-2916857029
                                    • Opcode ID: f7d1c25d3c2beb035f2a911ae2741d5308d018af173036cb50d72e646d1d1966
                                    • Instruction ID: 9db898e1064cd5029083c85e12b2ce03a9a3fc3e8dc85a42484c4198fec2f7a8
                                    • Opcode Fuzzy Hash: f7d1c25d3c2beb035f2a911ae2741d5308d018af173036cb50d72e646d1d1966
                                    • Instruction Fuzzy Hash: 7A5161B1904219AFEB11ABB4DC45ABF77BCFF59724F10412BFA01E6191EB309D408B64
                                    Function 008C0C4D Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1138 8c0c4d-8c0c61 1139 8c0cb1-8c0cbf call 8c155c 1138->1139 1140 8c0c63-8c0c6a 1138->1140 1148 8c0d15-8c0dc4 call 9929c0 RtlEnterCriticalSection RtlLeaveCriticalSection 1139->1148 1149 8c0cc1-8c0cc8 1139->1149 1142 8c0c7c-8c0c88 call 93e9a3 1140->1142 1143 8c0c6c-8c0c77 call 93e717 1140->1143 1151 8c0c8e-8c0cac 1142->1151 1152 8c0e17-8c0e1a 1142->1152 1143->1142 1166 8c0d0e 1148->1166 1168 8c0dca-8c0dd1 1148->1168 1154 8c0cda-8c0ce6 call 93e9a3 1149->1154 1155 8c0cca-8c0cd5 call 93e717 1149->1155 1156 8c0e0f-8c0e14 call 93ed82 1151->1156 1157 8c0d10-8c0d14 1152->1157 1154->1166 1167 8c0ce8-8c0d0b call 93ed82 1154->1167 1155->1154 1156->1152 1166->1157 1167->1166 1170 8c0de3-8c0def call 93e9a3 1168->1170 1171 8c0dd3-8c0dde call 93e717 1168->1171 1170->1152 1177 8c0df1-8c0e09 1170->1177 1171->1170 1177->1156
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 008C0D92
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 008C0DB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\client.c$PDRF$Skipping, channel already loaded$com.freerdp.core.client$error: channel export function call failed$error: too many channels$freerdp_channels_client_load
                                    • API String ID: 3168844106-4217659166
                                    • Opcode ID: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction ID: 8565790384e5fed5b9d6ceb7bbf63195b971b3dc4a69720169146947dc6a25fb
                                    • Opcode Fuzzy Hash: c7bca7570345e85cb1c863e7ed05c18c1d2a63c605185121824aa10ce252bd69
                                    • Instruction Fuzzy Hash: 69516C71A40305ABDB109F65ED46FA97BB4FB48754F108429FA08EB291EB74E900CF54
                                    Function 009C5E43 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • YUV buffer not initialized! check your decoder settings, xrefs: 009C5F1A
                                    • avc444_ensure_buffer, xrefs: 009C5F1F
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c, xrefs: 009C5F24
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\h264.c$YUV buffer not initialized! check your decoder settings$avc444_ensure_buffer
                                    • API String ID: 733272558-18228272
                                    • Opcode ID: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction ID: a6e15c08fef856697b28219784dd2e474c47cc3c5bd4e9be78b09697b4e1b793
                                    • Opcode Fuzzy Hash: f53733c5c0bcae0fdba24975dd9c3793251cef4d8cc8ac5746bdca7f90964421
                                    • Instruction Fuzzy Hash: F8419A71A00B06AFDB249F25C882B5AB7E5FB45314F14883EF586CA661D371F990CB82
                                    Function 009C3B76 Relevance: 15.1, APIs: 10, Instructions: 134COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,00000400,00000001), ref: 009C3B87
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000401,00000000), ref: 009C3BB7
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000404,?), ref: 009C3BDB
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000402,00000000), ref: 009C3BFA
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000014,?), ref: 009C3C12
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,000006C1,?), ref: 009C3C2B
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000403,?), ref: 009C3C44
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000015,00000000), ref: 009C3C60
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,00000013,?), ref: 009C3C82
                                    • freerdp_target_net_addresses_free.GETSCREEN-941605629-X86(?), ref: 009C3C93
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$freerdp_settings_set_boolfreerdp_settings_set_uint32freerdp_target_net_addresses_free
                                    • String ID:
                                    • API String ID: 949014189-0
                                    • Opcode ID: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction ID: 5e7fa2fdeaa10955a72c758e7e2d670652118f1795242c6590350bc158e46c8c
                                    • Opcode Fuzzy Hash: 12f87a41451c66bc5c8156e90c5a793ed94ff3185f274a213cefdbc36b09d4f7
                                    • Instruction Fuzzy Hash: F5418371A00A16BBE7215F39DC45F9A7398FF05310F04C029FA06966D2E773EA61CB96
                                    Function 00971612 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 220COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00945CD5: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,?,00971701,00000001), ref: 00945CF9
                                    • zgfx_context_new.GETSCREEN-941605629-X86(00000000), ref: 00971874
                                      • Part of subcall function 009C693A: zgfx_context_reset.GETSCREEN-941605629-X86(00000000,00000000,00000000,?,00971879,00000000), ref: 009C6964
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpinzgfx_context_newzgfx_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\channels\rdpgfx\client\rdpgfx_main.c$Failed to acquire reference to WLog %s$HashTable_New failed!$calloc failed!$com.freerdp.channels.rdpgfx.client$rdpgfx_client_context_new$zgfx_context_new failed!
                                    • API String ID: 3732774510-3243565116
                                    • Opcode ID: 49051416b43992debb303e43d2ff0887be333a0885452c221ecb0c6432260e03
                                    • Instruction ID: 39b129f77322450d156c06d0cf39d3f34d61db2c9cbfd9d292a9eb69b726fca1
                                    • Opcode Fuzzy Hash: 49051416b43992debb303e43d2ff0887be333a0885452c221ecb0c6432260e03
                                    • Instruction Fuzzy Hash: 4571EB72A887027FD3249F299C42B9677E8FF59724F104529F5499BAC2DBB4E440CF84
                                    Function 008FE4DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 138registrythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00946B05: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,00000000,00000000,00000000,?,008FE59B,00000001,00006060,00000010), ref: 00946B3E
                                    • GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                    • GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 008FE6DC
                                    • CreateThreadpool.KERNEL32(00000000), ref: 008FE6E2
                                    Strings
                                    • Software\FreeRDP\FreeRDP\RemoteFX, xrefs: 008FE605
                                    • com.freerdp.codec.rfx, xrefs: 008FE530
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCreateCriticalInfoInitializeNativeOpenSectionSpinSystemThreadpoolVersionprimitives_get
                                    • String ID: Software\FreeRDP\FreeRDP\RemoteFX$com.freerdp.codec.rfx
                                    • API String ID: 3882483829-2530424157
                                    • Opcode ID: a603b9d7d9709af83a0ccca068e3b0f11948883704ae846dbdf472fc7dfd79fe
                                    • Instruction ID: 3aef38b37b1e84aa6498f4bdbee37917d84adf5e9e78688e4adffa4368bab0a3
                                    • Opcode Fuzzy Hash: a603b9d7d9709af83a0ccca068e3b0f11948883704ae846dbdf472fc7dfd79fe
                                    • Instruction Fuzzy Hash: BD41AFB1A00719AFEB20AFB8DC85B66B7E8FF45304F10447EF649D6252DB70E9548B50
                                    Function 0093E889 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8B2
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_APPENDER,00000000,00000000), ref: 0093E8D6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: %s environment variable modified in my back$BINARY$CONSOLE$FILE$UDP$WLOG_APPENDER
                                    • API String ID: 1431749950-225596728
                                    • Opcode ID: f0c103d3622fc256058ae409064f9d251d5f909ef9e5afad4e2f4bbfd6e38d2a
                                    • Instruction ID: d0768d85262d8f9b9e4a70d6ee11c2371d0708746a696899ce8a45174e21902b
                                    • Opcode Fuzzy Hash: f0c103d3622fc256058ae409064f9d251d5f909ef9e5afad4e2f4bbfd6e38d2a
                                    • Instruction Fuzzy Hash: 9021C83235835679AE557369BC4BF3B179CDFC2BB4B20052AF405A60C2EE909C418BA1
                                    Function 008B3971 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,?,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000015B), ref: 008C48D9
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,rdp_set_error_info,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c,0000016A), ref: 008C498F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_set_last_error_ex
                                    • String ID: %s missing context=%p$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\rdp.c$ErrorInfo$com.freerdp.core.rdp$freerdp$rdp_set_error_info
                                    • API String ID: 270715978-29603548
                                    • Opcode ID: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction ID: 2dda067885571cce08f1c51629fb2b466f5129645566d50e4a3feda198c9029d
                                    • Opcode Fuzzy Hash: 82edb192874ec47b6fb325348c72a9fb8181a5819bfa1cee7d18ec8de959ebd2
                                    • Instruction Fuzzy Hash: 4E21F972A40315B6D7106B58DC02FEB7F78FB51B14F10906AF90CEB2D2E6B09680CBA1
                                    Function 009C58B8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C58FA
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(00000001,00000000,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C5902
                                    • audio_format_compatible.GETSCREEN-941605629-X86(009C5425,?,?,?,?,009C5425,?,?,?,?,00000000,?), ref: 009C594D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string$audio_format_compatible
                                    • String ID: %s requires %s for sample input, got %s$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\dsp.c$Missing resample support, recompile -DWITH_SOXR=ON or -DWITH_DSP_FFMPEG=ON$com.freerdp.dsp$freerdp_dsp_resample
                                    • API String ID: 204136587-155179076
                                    • Opcode ID: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction ID: 81f5b1bba8379f57279ad716c0e207b1c42a8eda9b6b1b2649ff24ab49c1ebc7
                                    • Opcode Fuzzy Hash: d804e87c09393131fc2ebd95d36b9a196743e2a9083e2f972c93d7f91ac37bfe
                                    • Instruction Fuzzy Hash: 5121C9B1B443057AE7146BA4AC83FBA33ACDB50724F51041FF645EA2C1E9B1A981866A
                                    Function 00944B0C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(secur32.dll,?,00944AEC), ref: 00944B18
                                    • LoadLibraryA.KERNEL32(security.dll,?,00944AEC), ref: 00944B28
                                    • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceW), ref: 00944B42
                                    • GetProcAddress.KERNEL32(InitSecurityInterfaceA), ref: 00944B51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitSecurityInterfaceA$InitSecurityInterfaceW$secur32.dll$security.dll
                                    • API String ID: 2574300362-4081094439
                                    • Opcode ID: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction ID: 2010c1b7fac7c6f4984db987f25739ce7e1cb5b1511fbaf3aa8074a52d3ac849
                                    • Opcode Fuzzy Hash: 91cabff83001136ecc5fa643269b0543b594b0bbfd1c5c86a037baa11ff1b0ad
                                    • Instruction Fuzzy Hash: A0F01972DA9726678B11ABBDBC04E6E6AECEE847503064597D804D3110EFB0C8418FA1
                                    Function 008D501B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 140COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_read_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D502A
                                    • ber_read_length.GETSCREEN-941605629-X86(?,?), ref: 008D503F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_read_lengthber_read_universal_tag
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\crypto\ber.c$ber_read_integer$com.freerdp.crypto$should implement reading an 8 bytes integer$should implement reading an integer with length=%d
                                    • API String ID: 3186670568-2454464461
                                    • Opcode ID: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction ID: 9771df8a3274ea0fea1c14afcfd07d627a17d5f8fd49db3699dbfa6412fda48d
                                    • Opcode Fuzzy Hash: 5b570f1dfc44325e6c1abf7dc5d019afd22ca74b725d4628ee5158ab351d70ec
                                    • Instruction Fuzzy Hash: 6E4125B1B44F116BDB208F24CC42B2937E5FBA1725F14866BE559CB3C5EA34DA00CB60
                                    Function 00919C5D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,?), ref: 00919C6E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_rects
                                    • String ID: (%hu,%hu-%hu,%hu)$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\region.c$band %d: $com.freerdp.codec$nrects=%u$region16_print
                                    • API String ID: 844131241-2640574824
                                    • Opcode ID: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction ID: 1bbcc0dacf8359dd107ca2fa9ee667a76c41a09c1020a2011d667daf9fd8570c
                                    • Opcode Fuzzy Hash: 8c10825787acbce294a44e81f3bcf6994cb29fd1d36da582e275777a67261fc2
                                    • Instruction Fuzzy Hash: 5F31BF76780306BAF620BB65AC93FB637DCEB59B11F100425F954EB1C1FEA19D8087A1
                                    Function 008B2BCF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C14
                                    • clearChannelError.GETSCREEN-941605629-X86(?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008B2C1B
                                      • Part of subcall function 008B26E1: ResetEvent.KERNEL32(?), ref: 008B270A
                                      • Part of subcall function 008C8142: ResetEvent.KERNEL32(?,?,008B2C27,?,?,?,00000000,freerdp_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,000000AA), ref: 008C814E
                                    Strings
                                    • ConnectionResult, xrefs: 008B3077
                                    • freerdp_connect, xrefs: 008B2C01
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 008B2BFC
                                    • freerdp, xrefs: 008B3062
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EventReset$ChannelErrorclearfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$ConnectionResult$freerdp$freerdp_connect
                                    • API String ID: 3632380314-3564821047
                                    • Opcode ID: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction ID: c813ff696e37b02b52812fb96a3596cb93c0c0c0818a20b24347dbfc41194bad
                                    • Opcode Fuzzy Hash: a6840a4455806022e786ffe193cf595ae67adefc8afa2555432a51cc2c5dbb65
                                    • Instruction Fuzzy Hash: 09316D75600605AFEB14EF79D885BEAB7F8FF18350F140179E808E7391EB719A508B50
                                    Function 008D53FD Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5415
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000001,?,00000002,00000000), ref: 008D541D
                                    • ber_write_universal_tag.GETSCREEN-941605629-X86(?,00000002,00000000), ref: 008D5440
                                    • ber_write_length.GETSCREEN-941605629-X86(?,00000002,?,00000002,00000000), ref: 008D5448
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ber_write_lengthber_write_universal_tag
                                    • String ID:
                                    • API String ID: 1889070510-0
                                    • Opcode ID: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction ID: 0067f79c901b216a141f70fede5b06ed2b49d0fe35da5dda4549c32518eb49af
                                    • Opcode Fuzzy Hash: 18ef3f9f5ae11241768caf1c4dc31a824dec3e3bd5586f49f269dacf6024e569
                                    • Instruction Fuzzy Hash: 9921FB70101F44AFDB126B09DD52BAB7766FF11B01F00455BF94A9F782C621BA41CBA7
                                    Function 008DCB5F Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB79
                                    • brush_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB86
                                    • pointer_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCB94
                                    • bitmap_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBA2
                                    • offscreen_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBB0
                                    • palette_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBBE
                                    • nine_grid_cache_new.GETSCREEN-941605629-X86(?), ref: 008DCBCC
                                    • cache_free.GETSCREEN-941605629-X86(00000000), ref: 008DCBDE
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_newbrush_cache_newcache_freeglyph_cache_newnine_grid_cache_newoffscreen_cache_newpalette_cache_newpointer_cache_new
                                    • String ID:
                                    • API String ID: 2332728789-0
                                    • Opcode ID: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction ID: 6ee5cac63c32ace225eecfbcb44f2f60bda2553ea5fe761cb457ec2c9e17e28a
                                    • Opcode Fuzzy Hash: 42906154869710506a0c67ebba1e6bbb42983877cc0118c6e46d3c0bd67e0258
                                    • Instruction Fuzzy Hash: 34018436148B0B5AE7256EB99842D3B67E8FF42B70710463FE481D6B81EF20D401C672
                                    Function 008FEFD0 Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_init.GETSCREEN-941605629-X86(?), ref: 008FF58A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_init
                                    • String ID:
                                    • API String ID: 4140821900-0
                                    • Opcode ID: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction ID: 9167258e75f8a1d82103209f33e43f90cd9b3296c114be7d65fe1906ea9d95a5
                                    • Opcode Fuzzy Hash: 3e8d829aa97f6b1ed1f2f2cf94f42bc771981313d169c183af5fd76dbc63c424
                                    • Instruction Fuzzy Hash: 31514CB2D0021D9BDB18DFA5C881AEEBBF9FF48304F14452AF619E7241E7359945CB60
                                    Function 008FAA9A Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CreateCompatibleDC.GETSCREEN-941605629-X86(?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?,?,?,?,?,008FA899), ref: 008FAAE7
                                    • gdi_CreateCompatibleBitmap.GETSCREEN-941605629-X86(?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB0E
                                    • gdi_CreateBitmapEx.GETSCREEN-941605629-X86(?,?,?,?,?,?,00000000,?,?,?,008FA9C7,00000000,?,?,?,?), ref: 008FAB2A
                                    • gdi_SelectObject.GETSCREEN-941605629-X86(?,?), ref: 008FAB60
                                    • gdi_CreateRectRgn.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000), ref: 008FABA5
                                    • gdi_DeleteObject.GETSCREEN-941605629-X86(?), ref: 008FAC39
                                    • gdi_DeleteDC.GETSCREEN-941605629-X86(?), ref: 008FAC48
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_$Create$BitmapCompatibleDeleteObject$RectSelect
                                    • String ID:
                                    • API String ID: 412453062-0
                                    • Opcode ID: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction ID: 722f303549af0a5b36e4b3c4f4afc7871c2c3cec97e3460b7a11ee6e12813f98
                                    • Opcode Fuzzy Hash: 63bcb7db3704573387d602035f9edcf4ce94fd8292c8b1d92a53da2faae9183a
                                    • Instruction Fuzzy Hash: 485108B92007099FC729DF29C885EA6B7E1FF5C320B05456DE98A8B762E771E841CF40
                                    Function 0094EA62 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,00000000,00000000,?,?,?,?,?,00946939,?,?,?,?,00946A0A,?), ref: 0094EABD
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_PATH,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EAE7
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,00000000,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB14
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILEAPPENDER_OUTPUT_FILE_NAME,00000000,?,?,?,?,00946939,?,?,?,?,00946A0A,?,?,00000000), ref: 0094EB37
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILEAPPENDER_OUTPUT_FILE_NAME$WLOG_FILEAPPENDER_OUTPUT_FILE_PATH
                                    • API String ID: 1431749950-2760771567
                                    • Opcode ID: c5a90d79e956e96865f4231e3e39b9dea1762b7bb02ad7f2ceddefc5f9daa6eb
                                    • Instruction ID: fc4c0e72271cbff368cbc4fe9cb681207bc7b7fc105c2eebe4c61662fbecf514
                                    • Opcode Fuzzy Hash: c5a90d79e956e96865f4231e3e39b9dea1762b7bb02ad7f2ceddefc5f9daa6eb
                                    • Instruction Fuzzy Hash: 5131D571905B16BF9B255FA69C89E6F7BACFF817B83100019F40593680DB709D50C7E1
                                    Function 00338EE0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,Function_00068C90,00338EC0,00000000), ref: 00338F0A
                                    • GetLastError.KERNEL32 ref: 00338F38
                                    • TlsGetValue.KERNEL32 ref: 00338F46
                                    • SetLastError.KERNEL32(00000000), ref: 00338F4F
                                    • RtlAcquireSRWLockExclusive.NTDLL(00B71284), ref: 00338F61
                                    • RtlReleaseSRWLockExclusive.NTDLL(00B71284), ref: 00338F73
                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,0031B080), ref: 00338FB5
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                    • String ID:
                                    • API String ID: 389898287-0
                                    • Opcode ID: a0b191f6423be71c481b38f40161cb3cd41391c8c72ce84410aea7798011daa9
                                    • Instruction ID: 13212bdafb4b25feae6b34a114b3e64fdb72b638411769ab64e0e4a0ef963654
                                    • Opcode Fuzzy Hash: a0b191f6423be71c481b38f40161cb3cd41391c8c72ce84410aea7798011daa9
                                    • Instruction Fuzzy Hash: 2221D134650305AFDB016FACFC89BAE7BA9FB44711F010421F909D72A1EF7199909BB1
                                    Function 0094F61C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • socket.WS2_32(00000002,00000002,00000011), ref: 0094F673
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F68A
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_UDP_TARGET,00000000,00000000,?,00946921,?,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094F6AB
                                    • closesocket.WS2_32(?), ref: 0094F6E6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$closesocketsocket
                                    • String ID: 127.0.0.1:20000$WLOG_UDP_TARGET
                                    • API String ID: 65193492-3368084233
                                    • Opcode ID: 93cfbfc782929a041f3a9ade4e46d9211b99ed9df7583b6e6b97e507cf9f3855
                                    • Instruction ID: d9e0eb1496f092aad389b6394bcc444f7e690d667ebd7759c50171b0a9abea42
                                    • Opcode Fuzzy Hash: 93cfbfc782929a041f3a9ade4e46d9211b99ed9df7583b6e6b97e507cf9f3855
                                    • Instruction Fuzzy Hash: 9921D131154B076BD3305F659C29F177BE4FB80768F21092DF1429AAE1DBB1A4418750
                                    Function 0095001B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(winsta.dll,?,009478D9,00BF7120), ref: 00950023
                                    • GetProcAddress.KERNEL32(00000000,WinStationVirtualOpen), ref: 0095003C
                                    • GetProcAddress.KERNEL32(WinStationVirtualOpenEx), ref: 00950052
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad
                                    • String ID: WinStationVirtualOpen$WinStationVirtualOpenEx$winsta.dll
                                    • API String ID: 2238633743-2382846951
                                    • Opcode ID: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction ID: fb29f60d676437bf14e7bf645aa4915a726107801921e73f020557d68173f9bf
                                    • Opcode Fuzzy Hash: 08dc7a7c22e257a05511633e2c7e41788f762ad444557595099098d3381a5c54
                                    • Instruction Fuzzy Hash: 560192705593009FD714DF729D0DBA53BE4BB85316F0644B9D909CB262EBB09048DF10
                                    Function 008DCB11 Relevance: 10.5, APIs: 7, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • glyph_cache_free.GETSCREEN-941605629-X86(?), ref: 008DCB1E
                                    • brush_cache_free.GETSCREEN-941605629-X86(?,?), ref: 008DCB26
                                    • pointer_cache_free.GETSCREEN-941605629-X86(?,?,?), ref: 008DCB2E
                                    • bitmap_cache_free.GETSCREEN-941605629-X86(?,?,?,?), ref: 008DCB36
                                    • offscreen_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 008DCB3E
                                    • palette_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?), ref: 008DCB46
                                    • nine_grid_cache_free.GETSCREEN-941605629-X86(?,?,?,?,?,?,?), ref: 008DCB4E
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: bitmap_cache_freebrush_cache_freeglyph_cache_freenine_grid_cache_freeoffscreen_cache_freepalette_cache_freepointer_cache_free
                                    • String ID:
                                    • API String ID: 637575458-0
                                    • Opcode ID: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction ID: 942c526e9a41e56c46184c417a70a51a0d3712e80741303537c91e8b895e0357
                                    • Opcode Fuzzy Hash: 7ad28be861358ee9bde9c91c788d2f392276a4a1cd27f1ec8984fa40b200d7dc
                                    • Instruction Fuzzy Hash: 1AE09B31411A14ABCE323F69DC03D1EBB65FF007603014639F595A1573CB22AC609B83
                                    Function 0091DFDE Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0091E040
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E04F
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0091E062
                                    • gdi_RgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?), ref: 0091E0A3
                                    • gdi_CRgnToRect.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?), ref: 0091E0C8
                                    • gdi_RectToCRgn.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0091E147
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-0
                                    • Opcode ID: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction ID: c970457fd17f9f929ef4652aac787311bb3c6759ada2ece3a1346dae2589b3da
                                    • Opcode Fuzzy Hash: 9c5743fac900af220358b33166c8fa2d03d6322790ba642dd1e6c45b649f5aed
                                    • Instruction Fuzzy Hash: 1751C471E0521DEFCF14DF98C9809EEBBB9FF88710B14441AE915A7250D770AA81CFA0
                                    Function 008F1D8F Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_set_uint32.GETSCREEN-941605629-X86(?,000007C0,?), ref: 008F1DA2
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000001), ref: 008F1DCC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1DE8
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1DFC
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C8,00000000), ref: 008F1E19
                                    • freerdp_settings_set_bool.GETSCREEN-941605629-X86(?,000007C9,00000000), ref: 008F1E2D
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_bool$freerdp_settings_set_uint32
                                    • String ID:
                                    • API String ID: 4272850885-0
                                    • Opcode ID: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction ID: 9ce53094d298ca4a5f871c21e8af4c31daf3666aa8d82bf4215be8f2160f422d
                                    • Opcode Fuzzy Hash: 3ea0a0162d7e9506aea58fcc0c8a3655e8c344f224c799a42870156a752d33d1
                                    • Instruction Fuzzy Hash: 85118262B8520EF5FD6020798C86F7B175CFF61B54F140525FF08E51C1F995AA0084A7
                                    Function 00918AF6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,08008000,00000000,00000000,00000000,?,00000001,?,?), ref: 00918C2B
                                    Strings
                                    • com.freerdp.color, xrefs: 00918D98
                                    • freerdp_image_copy_from_icon_data, xrefs: 00918DBA
                                    • 1bpp and 4bpp icons are not supported, xrefs: 00918DB5
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 00918DBF
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: 1bpp and 4bpp icons are not supported$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$com.freerdp.color$freerdp_image_copy_from_icon_data
                                    • API String ID: 1523062921-332027372
                                    • Opcode ID: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction ID: ff1207c7c8ae53c65d8ed5413b23e59d5ef2468ed3a2aa385dffdc15578e0b34
                                    • Opcode Fuzzy Hash: af5f630205dbbeff69a83ce7ba6da50bddeeb21d292cd1c277a1ef6fa83f4bba
                                    • Instruction Fuzzy Hash: 3251C4B6B0021DAADF149F14DC41BFA77A8EB58300F0481A9FE14A21D1DB709EC1DF64
                                    Function 00938423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: kbd-lang-list$kbd-list$monitor-list
                                    • API String ID: 0-1393584692
                                    • Opcode ID: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction ID: 09dc973c295c32f3d5a0352183e99183002f3fe8866e71cca4cb017f38c64773
                                    • Opcode Fuzzy Hash: 5de69f9380561da61453cc94a9fc4f1c19c9b87581705c68e2d02074cebb86e8
                                    • Instruction Fuzzy Hash: 3F318932A11319AACF209B68DD46EDBB7ECEB44754F0405A5F914A71E2DB70DA408ED0
                                    Function 00909962 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 82COMMON
                                    Download Yara Rule
                                    Strings
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c, xrefs: 00909AFA
                                    • interleaved_compress, xrefs: 00909AF5
                                    • com.freerdp.codec, xrefs: 00909AD0
                                    • interleaved_compress: width (%u) or height (%u) is greater than 64, xrefs: 00909AF0
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\interleaved.c$com.freerdp.codec$interleaved_compress$interleaved_compress: width (%u) or height (%u) is greater than 64
                                    • API String ID: 0-4054760794
                                    • Opcode ID: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction ID: 9165c68135b529b37d0ecef290e420466dd3894ecc6cc57898b7752dd8a14bbf
                                    • Opcode Fuzzy Hash: a8acfd2b6b52492beb34c9a1b74dea83e7a5e822f7290ad54cd3f988fad8f883
                                    • Instruction Fuzzy Hash: C8216F72700209BFEF255E6AEC46FAB3B6CEF45768F084118F904561E2E671EC50DB50
                                    Function 0093E492 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943CC8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextW
                                    • API String ID: 689400697-743139187
                                    • Opcode ID: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction ID: 363503faa4baa5d66f5b29c30e31861b0026d4e30115a22a58fe4078149e44ea
                                    • Opcode Fuzzy Hash: 161553587604e3bb8e9b3fc63eff3c7060bcc6f636c089ce2e235877fed6cc17
                                    • Instruction Fuzzy Hash: 20219632384244BBDF125F65EC06FAB3F69EF95B54F044095FA04660E1CE62D960DB60
                                    Function 0093E489 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943DA3
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$InitializeSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_InitializeSecurityContextA
                                    • API String ID: 689400697-1744466472
                                    • Opcode ID: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction ID: f44026e69fc8d8f4018d3a6fbe322531fbf31c138842e4c9648239eb13a55b57
                                    • Opcode Fuzzy Hash: d3b34479498018f67442aa81d4ccf17828413016aa407471ab2a9041fb330b76
                                    • Instruction Fuzzy Hash: 43217832384208BBDF125E65EC06FAB3F6DFF89B54F004095FA04660E1DE66DA60DB60
                                    Function 008C11D7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C11FA
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C1248
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelDetached$freerdp
                                    • API String ID: 3987305115-436519898
                                    • Opcode ID: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction ID: 35e5e51394404870ed931a03d5759ee0d19c5efeb272739f3de3b3dcea02f132
                                    • Opcode Fuzzy Hash: a0c9671d39644aa387ba28c0a9352e0cfb6bd1defaa0278d88a4a2f5cb60a588
                                    • Instruction Fuzzy Hash: 7C212B75A00209AFDF10DF98C885FAEBBF9FF09344F108469E944E7252D771AA509BA0
                                    Function 008C0B41 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008C0B64
                                    • getChannelError.GETSCREEN-941605629-X86(?), ref: 008C0BB2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ChannelError_strlen
                                    • String ID: ($ChannelAttached$freerdp
                                    • API String ID: 3987305115-2646891115
                                    • Opcode ID: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction ID: eb20bd82911d1183cd7e70c81e8a35291a9eb5a34f22a8d37e83f4edac7710d7
                                    • Opcode Fuzzy Hash: bbccb5bf0c4c79ae7195e214d46bedc83615a756c0bf494a8b22bd5286997c6d
                                    • Instruction Fuzzy Hash: 60211971A00209EFDB00DF98C885FAEBBF8FF48354F104569E948E7252D771AA509FA0
                                    Function 0093E413 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943227
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleW: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleW
                                    • API String ID: 689400697-2657764935
                                    • Opcode ID: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction ID: 687582f5948835eda31ab68a6278577f4e92f6222bb5aa76e8f14934a0ae7036
                                    • Opcode Fuzzy Hash: a160751e486ce7ffc5d49cc414692adb71bc29ec5ac8bc7ce791ece417bba57e
                                    • Instruction Fuzzy Hash: E71187323982057BDF115E65EC0BFAB3BA9EF94714F004095FA14660E1DDA2CA20DB74
                                    Function 0093E401 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094384E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcceptSecurityContext: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcceptSecurityContext
                                    • API String ID: 689400697-2008077614
                                    • Opcode ID: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction ID: b048e1936a8ca34311e4ba9efddaabcb94576ba861845b2a86800b1759eb0c06
                                    • Opcode Fuzzy Hash: 35ab1be5b81e7fad90217187fc7c711bd361851872140e1745af4a3196246d5a
                                    • Instruction Fuzzy Hash: 8D1187323842047BDF115F65EC06FAB3FA9EF95B14F004095FA04A61E1DD66DA20DB64
                                    Function 0093E40A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009432F9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: AcquireCredentialsHandleA: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_AcquireCredentialsHandleA
                                    • API String ID: 689400697-1172745827
                                    • Opcode ID: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction ID: d8b4a1f6f838c42f25635a7358de6d375bc8d858633bbc7820536aabc55b646b
                                    • Opcode Fuzzy Hash: b160a731ece6859505912ebea106bbe211232079d935513da63177cdaff98016
                                    • Instruction Fuzzy Hash: 671157323882057BDF111E65EC07F6B3FADEF95754F004095FA04661E1DE62D960DB64
                                    Function 0093E49B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944481
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$MakeSignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_MakeSignature
                                    • API String ID: 689400697-3834539683
                                    • Opcode ID: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction ID: dd8b8ee7cb089f47787be9e34e1516ba9f4cce3d95e03f527b992c4e011149b5
                                    • Opcode Fuzzy Hash: 0fa583f885f1bd7ca10dc594688dad1e5b81eff0f6fdfefed0aa3502be9f8072
                                    • Instruction Fuzzy Hash: 5311A3353C42047BEE211A66AC07F6B3BACEB81B10F1044A5FA00A71E1DDA5DE50DAB5
                                    Function 0093E4F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009440BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesW
                                    • API String ID: 689400697-247170817
                                    • Opcode ID: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction ID: 4ac8d426ac9f85e0b640da6d2b38242e0facfc880450a35e3c3e77f9c77ecf5c
                                    • Opcode Fuzzy Hash: edf580a4c5d59c2c4df8fcfb006c17a70fa6df42abfe8e6d3633ef38bc3fda6f
                                    • Instruction Fuzzy Hash: 9E11C4323C82057BDA112A66EC07F2B3AACEFE5B10F004495FA00A70E1DD55CD50D661
                                    Function 0093E4FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944544
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$VerifySignature: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_VerifySignature
                                    • API String ID: 689400697-1495805676
                                    • Opcode ID: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction ID: b6aecd7349adf5bf6eddaeb10b74a65e5617c7fbb3e400437ee5983be6d3e4d5
                                    • Opcode Fuzzy Hash: ba3debb358abdd274ff6667aac79d63ac6b4b2c5e3b0b920bf253c326e23f949
                                    • Instruction Fuzzy Hash: 5A11A7713C83047BDF116A66EC0BF673BACEB81B50F004095FA00A71E1DD91D910D669
                                    Function 0093E4EC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094417E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$SetContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_SetContextAttributesA
                                    • API String ID: 689400697-1164902870
                                    • Opcode ID: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction ID: 8f80b9bbd00c311b3ac68980c252a9adf8e0fe0a44643ba257e40bca0abe96be
                                    • Opcode Fuzzy Hash: b30c18502d4c266fca9663ea94b36651e741bc0248d88bed131e438c361cdbbe
                                    • Instruction Fuzzy Hash: 8E11A7353C83057BDA215A66AC07F673EACEFD5B10F0004A5F900A71E1DDA1DA50D774
                                    Function 0093E452 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009433CB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ExportSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ExportSecurityContext
                                    • API String ID: 689400697-3640258815
                                    • Opcode ID: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction ID: 4003ff50f4a277aa2f4aed69e4879d1d7a857388fad3482a641c3734b7b1243e
                                    • Opcode Fuzzy Hash: 50749667d750ae82cff88efa3a09bdd8d7dae46f14e0f8dae6596a7034c60be0
                                    • Instruction Fuzzy Hash: AE1194313C42047ADE211A65AC0BF6B3AADEF91B24F004495FA00A70E1DD659A50D774
                                    Function 0093E476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943548
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextW
                                    • API String ID: 689400697-3257054040
                                    • Opcode ID: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction ID: 4837b383b614fcd19f7b009b90ff38e726ddf1845a9199ab89610a07d2211d34
                                    • Opcode Fuzzy Hash: 7607d8ba0b20aaeb16a9d1a5c21f353886f050db3dbe4ddac64ea24200049dcf
                                    • Instruction Fuzzy Hash: 3E11A7313C43057BEB215A65EC0BF6B3AACEB81B54F004495F904A71E1DD55DA10DB65
                                    Function 0093E46D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094360B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImportSecurityContextA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImportSecurityContextA
                                    • API String ID: 689400697-848437295
                                    • Opcode ID: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction ID: 54442880d850abc711d1cffb15fcbbeef861293494649afba4e837930ac7fc40
                                    • Opcode Fuzzy Hash: 1c3851d834633c3a46418c61937febca032871a39303009f24a71c23b11e9727
                                    • Instruction Fuzzy Hash: 6B1191313C43057ADA215A66AC0BF7B3BACEB91B24F004095F904A71E1DEA59A50DAA4
                                    Function 00911A7D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • ncrush_context_reset.GETSCREEN-941605629-X86(00000000,00000000), ref: 00911B36
                                    Strings
                                    • ncrush_context_new: failed to initialize tables, xrefs: 00911B0F
                                    • com.freerdp.codec, xrefs: 00911AF1
                                    • ncrush_context_new, xrefs: 00911B14
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c, xrefs: 00911B19
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ncrush_context_reset
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\ncrush.c$com.freerdp.codec$ncrush_context_new$ncrush_context_new: failed to initialize tables
                                    • API String ID: 2838332675-904927664
                                    • Opcode ID: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction ID: 1ba2a4d8631383a8042c435f8079f271a8dd0993764107c3d5f1d58fa16ae474
                                    • Opcode Fuzzy Hash: ac2213e3b29d9e49299324440bb3f6bf05947b075075ed2854da4ad65b588175
                                    • Instruction Fuzzy Hash: 5F1108B234470A3AE704AB15EC42FE773ACEB80760F004119F518972C1EFB2AD908BB0
                                    Function 0093E4B6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094378E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesA
                                    • API String ID: 689400697-3754301720
                                    • Opcode ID: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction ID: c6aea201acea0a92b952e585c1385d25df6d189ff9677526c364ed029e586df9
                                    • Opcode Fuzzy Hash: f2812eb42fadfa8bcf340887f2445a8c0d7848c5e27efb77ca6ec541adb1bfa9
                                    • Instruction Fuzzy Hash: 3911C6713C43057AEA111766EC4BF7B3BACEB91B60F004095FA04A71E1DD66DA50D764
                                    Function 0093E4BF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009436CE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryCredentialsAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryCredentialsAttributesW
                                    • API String ID: 689400697-3413647607
                                    • Opcode ID: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction ID: 5324a257bcc8c61541e7a06650878ca7b6241e7fd1e45be43216d8b162926e89
                                    • Opcode Fuzzy Hash: 47d81250096bf4077f496a5903bd4ff61b1a1a7f36b245797caa81d36e8bf928
                                    • Instruction Fuzzy Hash: 6611A3B13C43447AEA111676EC4BF3B3BACEB91B10F004095F900A71E1DEA59A10D765
                                    Function 0093E4A4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943F3E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesA
                                    • API String ID: 689400697-3211427146
                                    • Opcode ID: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction ID: e6a49e54f89a2b70012ff9870f80cc9b9d0efec5885cf17faeb05dcadd2d7002
                                    • Opcode Fuzzy Hash: 43cd6a325bc7b07a79799d06b91450f281bd4aa726a9627fa7c83e17bf0e6916
                                    • Instruction Fuzzy Hash: 3C118F353C82057BEA112B76AC07F2B3AADEF95B20F0080D5F900A61E1DDA28A108660
                                    Function 0093E4AD Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943E7E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QueryContextAttributesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QueryContextAttributesW
                                    • API String ID: 689400697-2578917824
                                    • Opcode ID: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction ID: 0dd7bd44bd0a65d5f6ce0a61ee69bc0fe087fc565a6e4cdd865ad43f7279024a
                                    • Opcode Fuzzy Hash: 4e41efede020720982d68ed8a0804bf4f06e6d8e434c55868cf281785d763e7a
                                    • Instruction Fuzzy Hash: E311A3323C82047BEA215A76EC07F3B3AACEB95B24F004095F904A71E1DD629A10C6A4
                                    Function 0093E4D1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094316A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoA
                                    • API String ID: 689400697-3351603741
                                    • Opcode ID: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction ID: 7c2dc5d8424235c90117d6c54b2d35ff2e6b7f892ae71290dde8c8b1ae7ce61d
                                    • Opcode Fuzzy Hash: 2073bb1420f8d6b18ab14e773fbcbc1594a27109c0e8045b561dac3888d77c02
                                    • Instruction Fuzzy Hash: 571186313CC2047ADE212666AC4BF6B3EACEB95B10F004495FA10A71D1DE92DA10C674
                                    Function 0093E4DA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009430AD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityPackageInfoW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityPackageInfoW
                                    • API String ID: 689400697-2261828479
                                    • Opcode ID: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction ID: 603a29285d2be7846efbc55d6ea6e13e30b9ea87754e13cd059e3413f91950fa
                                    • Opcode Fuzzy Hash: f5667bebf0b9a877bf458212aa7a96010a147ab5b23327f542a461ba6b0e15ed
                                    • Instruction Fuzzy Hash: 371182313CC3047AEE211666EC0BF7B3AACEB95B24F004495F904A71E1DD91DE50C6B4
                                    Function 0093E4C8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943FFE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$QuerySecurityContextToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_QuerySecurityContextToken
                                    • API String ID: 689400697-2156878011
                                    • Opcode ID: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction ID: bfba532d9ddf2464ba0e415bfd2874d37d940418ab2622f78c27f184d8c709f8
                                    • Opcode Fuzzy Hash: 1eeb7a56916aea0b4e87034768100105cc68436907236e4389bfb9257ae211fb
                                    • Instruction Fuzzy Hash: 5E1173353C83057BEB212666AC0BF2B3BACEFD1B14F004095FA04AB1E1DD96D95086A4
                                    Function 0093E41C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943920
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: ApplyControlToken: %s (0x%08X)$C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$[%s]: Security module does not provide an implementation$sspi_ApplyControlToken
                                    • API String ID: 689400697-2845897268
                                    • Opcode ID: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction ID: 6721db2a15ad8fc80937245fba9064e80e947d81bd5d981f8b2b4f71fa859367
                                    • Opcode Fuzzy Hash: e0edf9d2209560213dccaa5189a5bcc6123df6c35979d3ff15c450ceb752299a
                                    • Instruction Fuzzy Hash: EF11C2313C8204BAEA251736AC0BF7B3AACEBD1B64F0040A5F900A70E1DDA18E10C6A4
                                    Function 0093E425 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 009439DD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$CompleteAuthToken: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_CompleteAuthToken
                                    • API String ID: 689400697-1972714555
                                    • Opcode ID: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction ID: b8a29783b7eeb3051e7e4f364520fd6559cff261c2979a6a0072f754fc95fba5
                                    • Opcode Fuzzy Hash: 48c13dedf47b9de613ff25a9a5e778a7f698fda2e2ca7e67aeb475397baedff0
                                    • Instruction Fuzzy Hash: BD1182353C82047BEA216676EC0BF7B3BACEFD1B64F0044A5F900A71E1DE959A10C6A4
                                    Function 0093E440 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942FF0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesA: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesA
                                    • API String ID: 689400697-1149382491
                                    • Opcode ID: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction ID: 30702d8a0b1d6ee5852479955fac12e06265ffdf79af9bdf2164d06a0aeee027
                                    • Opcode Fuzzy Hash: 14914ee92fb363be299ea9345e41a64288ca63a96839e09ebe0a7bafca458ff8
                                    • Instruction Fuzzy Hash: 56115E353882047BEA255A66EC0BF6B3BACAF81B64F0040D5FA04A71E1DD919E50D6B4
                                    Function 0093E449 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00942F33
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$EnumerateSecurityPackagesW: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_EnumerateSecurityPackagesW
                                    • API String ID: 689400697-255015424
                                    • Opcode ID: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction ID: 8b2a90f4994bb95b06b48d9bad930e51a9e9ee0c6035d6caeaf9054a832e9056
                                    • Opcode Fuzzy Hash: cbebbb80e3ec2e88cc9a1224175f6e7818dab77dd1b10e6e5c2a167241c15c58
                                    • Instruction Fuzzy Hash: B911A0353CC3053AEA216766AC0BF6B3AACFB91B20F4000D5FA04A70E1DD919D50C6B5
                                    Function 0091954D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_image_copy.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009195B5
                                    Strings
                                    • com.freerdp.color, xrefs: 009195C8
                                    • SmartScaling requested but compiled without libcairo support!, xrefs: 009195E6
                                    • freerdp_image_scale, xrefs: 009195EB
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c, xrefs: 009195F0
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_image_copy
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\color.c$SmartScaling requested but compiled without libcairo support!$com.freerdp.color$freerdp_image_scale
                                    • API String ID: 1523062921-212429655
                                    • Opcode ID: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction ID: a2bb4ca6fa92f7552b0b5c7134c6a17c68973793be97e528b12869f62d7f358c
                                    • Opcode Fuzzy Hash: a64d8f472b7605d7cf4fdb29e297f78beb1e0141d7bce6dd8c803c03562441d4
                                    • Instruction Fuzzy Hash: F9216A7274020DBBDF15EF54DC52FEA3BAAEB58700F044119FD19AA190E671E991DB80
                                    Function 0093E4E3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00944241
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$RevertSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_RevertSecurityContext
                                    • API String ID: 689400697-954186549
                                    • Opcode ID: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction ID: 8ab195d688232da72a15c4bf26c0ab4737d1365fa3e87fac20cf473ac47c796a
                                    • Opcode Fuzzy Hash: 14b099e0b37f51649f8e0c0d8254082b3b664ead231f8385c50eae77a5d8796f
                                    • Instruction Fuzzy Hash: 291182613C82057BEA212666BC0BF373AACEB91B50F0000A6F910A71D1DDD59E50C6A4
                                    Function 0093E45B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943B54
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeContextBuffer: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeContextBuffer
                                    • API String ID: 689400697-1791514552
                                    • Opcode ID: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction ID: 8f712852d1acd26c19c8e572125c569ee435462c15d7e8646496ebee4e6d0d0a
                                    • Opcode Fuzzy Hash: 4574cfeeee8613a6fd4f3d993261790b8540237044cb34e8760496a3b6f9a6c7
                                    • Instruction Fuzzy Hash: CB11A1313C83047BEA211666AC0BF7B3AACEB91B60F0040E5F900EB1E1DD959E10C6B4
                                    Function 0093E464 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943C0E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$ImpersonateSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_ImpersonateSecurityContext
                                    • API String ID: 689400697-4242683877
                                    • Opcode ID: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction ID: 887912cf9307299392ae23d5f1725a213ee2b3d5dfe54b8adae43f09a39fa4f2
                                    • Opcode Fuzzy Hash: a6b21565d6ff625643669af94a2e0eb9d6a5b5b748b0477173ac189eb6725383
                                    • Instruction Fuzzy Hash: 031182213C82057AEA112A36AD4BF673AACEBD1B51F008095F900AB1E1DD95DB50C6A4
                                    Function 0093E510 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 0094348E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$FreeCredentialsHandle: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_FreeCredentialsHandle
                                    • API String ID: 689400697-3116451197
                                    • Opcode ID: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction ID: 7151f3adf17784770e83c67796cac1541225b968330d13070af57facef64b71e
                                    • Opcode Fuzzy Hash: 6044b6c0d50702ad4b87e2a3b99d47036914d3bffb4458641549927eef1b2a2e
                                    • Instruction Fuzzy Hash: 9611A5353C83047AEA212636AC0BF673AACEB91B50F008095FA04A71E1DD95DE50C6B4
                                    Function 0093E507 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00BF70C8,00944AA1,00000000,00000000), ref: 00943A9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Once$ExecuteInit
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\winpr\libwinpr\sspi\sspi.c$DeleteSecurityContext: %s (0x%08X)$[%s]: Security module does not provide an implementation$sspi_DeleteSecurityContext
                                    • API String ID: 689400697-4185332897
                                    • Opcode ID: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction ID: 3c313dc3ac48107fd8f7f55d8ad763e38ea769cd67165269f263a42a036aa71c
                                    • Opcode Fuzzy Hash: 9b88ae8b0c7bb8a16795d3093f2a5bec3ab5cfc30abff5bb52c58962fb868808
                                    • Instruction Fuzzy Hash: 9011A5313C83047AEA215766AD0BF773AACEBD1B54F0040A5F904A71E1DD959A10C6B5
                                    Function 009C65C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C65CB
                                    Strings
                                    • yuv_process_work_callback, xrefs: 009C662E
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c, xrefs: 009C6633
                                    • com.freerdp.codec, xrefs: 009C660B
                                    • error when decoding lines, xrefs: 009C6629
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: primitives_get
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\yuv.c$com.freerdp.codec$error when decoding lines$yuv_process_work_callback
                                    • API String ID: 2017034601-2620645302
                                    • Opcode ID: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction ID: 55838f15e5b7e9edf265caef9d6506f0886716b3487919998ebcd95c22564c4f
                                    • Opcode Fuzzy Hash: 8a0e480a7b660b2f3160bea9cc455b14cd2aeb71c2e4ab01aa1341d2f4a729df
                                    • Instruction Fuzzy Hash: DB0192B2A0030ABFD714DF54DC42F5AB7A8FF48714F00459AF9099A2C2EA71E940CBA4
                                    Function 009C1D26 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %zd;NAME=%s%zd;PASS=%s
                                    • API String ID: 4218353326-3114484625
                                    • Opcode ID: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction ID: 8da01bfbe33f44697a20e03e5bbb32f2d7cc5eb965e72dffc92b7e6b86061fa5
                                    • Opcode Fuzzy Hash: d038edde26316c56d16e3aec19b086ae36755cc99f6f4dd066efd2c314392bcb
                                    • Instruction Fuzzy Hash: 51012D75E00208BBDF01AFA4CC82B9DBBB8EF04304F01886DF90696242E6759B50DB85
                                    Function 00919EF7 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919F06
                                    • region16_extents.GETSCREEN-941605629-X86(?,?), ref: 00919F12
                                    • region16_n_rects.GETSCREEN-941605629-X86(?,?,?), ref: 00919F1D
                                    • region16_n_rects.GETSCREEN-941605629-X86(?), ref: 00919F7D
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: region16_extentsregion16_n_rects
                                    • String ID:
                                    • API String ID: 2062899502-0
                                    • Opcode ID: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction ID: dbe08a14cda45b775ec98a62ad6c8455fd5a905ad65117dd52a681ad563040f8
                                    • Opcode Fuzzy Hash: a777aa3e440b79e1151d2e5a78892d79e860e14bb9abc1479bfd8844a7d2d6d9
                                    • Instruction Fuzzy Hash: 98511B75A0012AABCB14DF99C8409EEF7F5FF58750B51816AE859E7350E334AD80CBA1
                                    Function 009C408D Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strncpy
                                    • String ID:
                                    • API String ID: 2961919466-0
                                    • Opcode ID: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction ID: bad2d96f90b45955fde5ed5ba453edbc87561fded4697cd871ff5088a2b24138
                                    • Opcode Fuzzy Hash: 2d341b4b56b2fae085f249864da89d41485a1a8b53a75372cc07a97df222270a
                                    • Instruction Fuzzy Hash: 861184B9900606AFDB315E50D845B96F7FCEF14308F04492AF59943512F331A958C7E2
                                    Function 00338E40 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • InitOnceExecuteOnce.KERNELBASE(00B71278,00338C90,00338EC0,00000000), ref: 00338E6A
                                    • GetLastError.KERNEL32 ref: 00338E7F
                                    • TlsGetValue.KERNEL32 ref: 00338E8D
                                    • SetLastError.KERNEL32(00000000), ref: 00338E96
                                    • TlsAlloc.KERNEL32 ref: 00338EC3
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLastOnce$AllocExecuteInitValue
                                    • String ID:
                                    • API String ID: 2822033501-0
                                    • Opcode ID: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction ID: ea0a9fc2c0fbd6f6c58edc85f36a6f88222f7e74e071cabfac7dcefcb1587e26
                                    • Opcode Fuzzy Hash: 343c701d1fe0a494410aa9a3c4ff3ab97203e9d1d2136fd4c45d14c8488e39df
                                    • Instruction Fuzzy Hash: 8201D6356553089FCB019FBCEC49A6ABBB8FB48720F010526F919D3261EF3099508F70
                                    Function 0031A790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 135COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: error:%08x:%s:OPENSSL_internal:%s$lib(%u)$reason(%u)
                                    • API String ID: 4218353326-3992632484
                                    • Opcode ID: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction ID: 9e9e32d2ba7154ac36df14caad16b4458c06a26f8703b5684fe149ef803e3893
                                    • Opcode Fuzzy Hash: b4505398df9f3e18fbfb3cb4149f7b5bf0135616d1a13bc773d52def2ccafb8f
                                    • Instruction Fuzzy Hash: EB414872F4071A16EB256B648C41BFE7329BBD9345F154224FD44D6282FB709AC1C2D2
                                    Function 009C49E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_print.GETSCREEN-941605629-X86(?,?,?), ref: 009C4A72
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_print
                                    • String ID: AUDIO_FORMATS (%hu) ={$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_formats_print
                                    • API String ID: 2744001552-3527835062
                                    • Opcode ID: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction ID: 9a314bc1ec2f7912368e018ee85ccfb2371be1dc6ab3fc0e32e31ad3c3c0b3ea
                                    • Opcode Fuzzy Hash: 079ab13e65f72b8af663dec7c2bc7718f8797520652087bd4ce98646bf97097f
                                    • Instruction Fuzzy Hash: A311E9727C031637DB11AD159C46FAF3B5CBFA5B60F40040AFD14651C1E7A1DA4086BA
                                    Function 0093783A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: audin$rdpsnd
                                    • API String ID: 0-930729200
                                    • Opcode ID: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction ID: b7a3f1dc2fcab78ba47db59b5b3a1515b3fcdcb596164e01ef37c23feb6db751
                                    • Opcode Fuzzy Hash: 00bc5cd90d9f11aecc960ef8dcc49019bc5070aaa808f9e8bdccf1c71fdad07c
                                    • Instruction Fuzzy Hash: 7D116071A09A1AEBDB34CFB488807AAF3F8FB04B51F14422AE45893140DB306950CFD1
                                    Function 008F4029 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 008F403A
                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 008F4060
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 008F4076
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: File$CreatePointer_strlen
                                    • String ID: %s %hu %s %s %s
                                    • API String ID: 4211031630-2916857029
                                    • Opcode ID: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction ID: 98862c76c4a64712265125e054efc63e465d9f901f3bcc1bcbd1d64a871dd7ad
                                    • Opcode Fuzzy Hash: d67bd47f2014274dd50a0e3d8fed0740c0ec69c24d2f9f0eb074ef8ddfb506e6
                                    • Instruction Fuzzy Hash: EA01A235101110BBDB212B66DC4AEA77F2DEF86774F148215FA18990E2D732C862D7A0
                                    Function 009C4701 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • audio_format_get_tag_string.GETSCREEN-941605629-X86(?,?,?,?,?,?,?,?), ref: 009C4737
                                    Strings
                                    • %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu, xrefs: 009C473E
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c, xrefs: 009C4748
                                    • audio_format_print, xrefs: 009C4743
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: audio_format_get_tag_string
                                    • String ID: %s: wFormatTag: 0x%04hX nChannels: %hu nSamplesPerSec: %u nAvgBytesPerSec: %u nBlockAlign: %hu wBitsPerSample: %hu cbSize: %hu$C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\codec\audio.c$audio_format_print
                                    • API String ID: 2866491501-3564663344
                                    • Opcode ID: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction ID: 3007d91b9cf68b480e0fb73c8a8e5417e0eac60ccca317133ce62d0e6ea869b4
                                    • Opcode Fuzzy Hash: 487b3e298f10d5ae2fd2b58b1d9811ce57382346ad7ba360321249fff398e23f
                                    • Instruction Fuzzy Hash: 00F03AB6140208BADB411F51DC02F76376EEB48B14F24848AFD1C8C1E2E677E9A2E764
                                    Function 008B2713 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_get_last_error.GETSCREEN-941605629-X86(?), ref: 008B2725
                                    • freerdp_set_last_error_ex.GETSCREEN-941605629-X86(?,0002000B,freerdp_abort_connect,C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c,0000013A), ref: 008B2745
                                    Strings
                                    • freerdp_abort_connect, xrefs: 008B2739
                                    • C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c, xrefs: 008B2734
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_get_last_errorfreerdp_set_last_error_ex
                                    • String ID: C:\Project\agent-windows\freerdp\FreeRDP\libfreerdp\core\freerdp.c$freerdp_abort_connect
                                    • API String ID: 3690923134-629580617
                                    • Opcode ID: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction ID: 756444b15e491840d84b0c363f568dfae2d117cb027a613073a4807e0f6f807b
                                    • Opcode Fuzzy Hash: 98ea09b6155ca7e0216ba456faba45781cc2581b1401ba346b60dd7a705ba7a4
                                    • Instruction Fuzzy Hash: 2AE04835240215FAEA312D58DC02FD5B7A4FF11B90F140819B584F5291EE6169509589
                                    Function 009C632D Relevance: 6.2, APIs: 4, Instructions: 174COMMON
                                    Download Yara Rule
                                    APIs
                                    • primitives_get.GETSCREEN-941605629-X86 ref: 009C633F
                                    • primitives_flags.GETSCREEN-941605629-X86(00000000), ref: 009C6353
                                    • TpWaitForWork.NTDLL(00000000,00000000), ref: 009C64A9
                                    • TpReleaseWork.NTDLL(00000000), ref: 009C64B2
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Work$ReleaseWaitprimitives_flagsprimitives_get
                                    • String ID:
                                    • API String ID: 704174238-0
                                    • Opcode ID: 19f2e8746672e2e7502b880dca3575608e01c1cd4cc6442b3b5da2e2d7279051
                                    • Instruction ID: 8423a48d097877b11e7fc9de70363f6e0533e6de2dee72fd32e86cbe86a1aecc
                                    • Opcode Fuzzy Hash: 19f2e8746672e2e7502b880dca3575608e01c1cd4cc6442b3b5da2e2d7279051
                                    • Instruction Fuzzy Hash: 4D6119B5A0060ADFCB08CF68D981A9EBBF5FF48310B14856AE819E7351D730E951CF91
                                    Function 0091C297 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • gdi_SetRgn.GETSCREEN-941605629-X86(?,?,?,?,00000000,00000001,?,?), ref: 0091C324
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: gdi_
                                    • String ID:
                                    • API String ID: 2273374161-0
                                    • Opcode ID: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction ID: aee28cc5ccf41747b50cb6c0dbe8a0769ad2479a82f79652b34566ee92de18fe
                                    • Opcode Fuzzy Hash: 2ead09a44aba127efa6001147bae376ec00e50ab3ae76740fbfd5d3136eef1b6
                                    • Instruction Fuzzy Hash: 2831B9B1A00209EFCB10DF98C985AEEB7F9FF48310F14806AE915E7211D334E985CBA1
                                    Function 00945C02 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlEnterCriticalSection.NTDLL(?), ref: 00945C16
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C34
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C54
                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00945C9A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Leave$Enter
                                    • String ID:
                                    • API String ID: 2978645861-0
                                    • Opcode ID: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction ID: 33f7aab79843fbd523cdf436352725df290e2e1145c0f03cdb31d95edb14749c
                                    • Opcode Fuzzy Hash: 2219128f484eecffab6d41226de0a18d05e1cc227ba9e80a349d9a82d308a46e
                                    • Instruction Fuzzy Hash: A521AC31210B05EFDB248F98C9C0B6AB7F8FB95322F124529F8C2A7252D770AD81DB50
                                    Function 00919BBD Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • region16_rects.GETSCREEN-941605629-X86(?,00000000), ref: 00919BDC
                                    • region16_extents.GETSCREEN-941605629-X86(?), ref: 00919BEC
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919BF7
                                      • Part of subcall function 009197FD: rectangles_intersection.GETSCREEN-941605629-X86(?,?,?), ref: 0091980C
                                    • rectangles_intersects.GETSCREEN-941605629-X86(00000000,?), ref: 00919C1A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: rectangles_intersects$rectangles_intersectionregion16_extentsregion16_rects
                                    • String ID:
                                    • API String ID: 3854534691-0
                                    • Opcode ID: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction ID: a26f26767f6e540c1cad97a559c1fd0923c0e64b511a609bb9cc78caf380a113
                                    • Opcode Fuzzy Hash: 3ae0e6e2282d69f6a29daa640538588f82f3507cb970e478017c8bd43d05d967
                                    • Instruction Fuzzy Hash: 9501C43331421DAAAB249A55D8A2AFB63DDDF81764F14401AF8DC96040EB35EEC1C1E4
                                    Function 00931F3D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_new.GETSCREEN-941605629-X86 ref: 00931F56
                                    • freerdp_context_new.GETSCREEN-941605629-X86(00000000,00000000,?,?), ref: 00931FA4
                                    • freerdp_register_addin_provider.GETSCREEN-941605629-X86(?,00000000), ref: 00931FC7
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_context_newfreerdp_newfreerdp_register_addin_provider
                                    • String ID:
                                    • API String ID: 3731710698-0
                                    • Opcode ID: cef9ecc08df75dc542a51327be6a0a93ff4bc3106e67f01a3eb74383bdf39f49
                                    • Instruction ID: e1eb2a65991abc23ab27902e0612d5ced3f5a1fe782962144a2dcb34c495ddef
                                    • Opcode Fuzzy Hash: cef9ecc08df75dc542a51327be6a0a93ff4bc3106e67f01a3eb74383bdf39f49
                                    • Instruction Fuzzy Hash: 7E119E31604B02ABC725AB6AD801B96BBA9FF94320F10441DF85887361EB71E850CBA1
                                    Function 009C621F Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: __aligned_free
                                    • String ID:
                                    • API String ID: 733272558-0
                                    • Opcode ID: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction ID: 1fad9e371693e47671e7e192eddbc3f7d21cdb2b88d484cfe7c8ed96900ee513
                                    • Opcode Fuzzy Hash: 254bed5d9787a4bdefe2cbdb03466911907357d768dd25451b919924920986fb
                                    • Instruction Fuzzy Hash: EAE04F31401B147FCE727B64CD02F5BB7DABF527157040414F44696532C761AC51DBC2
                                    Function 008C6AF2 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_free.GETSCREEN-941605629-X86(00000000), ref: 008C7326
                                      • Part of subcall function 008C7F9B: GetComputerNameExA.KERNEL32(00000000,?,?,00000000), ref: 008C7FCC
                                      • Part of subcall function 008C7F9B: freerdp_settings_set_string.GETSCREEN-941605629-X86(?,00000680,?), ref: 008C7FFC
                                    • freerdp_settings_set_string.GETSCREEN-941605629-X86(00000000,00000086,?), ref: 008C6D8C
                                    Strings
                                    • C:\Windows\System32\mstscax.dll, xrefs: 008C6F3F
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_set_string$ComputerNamefreerdp_settings_free
                                    • String ID: C:\Windows\System32\mstscax.dll
                                    • API String ID: 2334115954-183970058
                                    • Opcode ID: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction ID: 1380eb10b847e7b4de4ba7b834a33637cf1b10ec1b657125f458d28021143da9
                                    • Opcode Fuzzy Hash: 8a90d7cea03925f775fe05356fc23708c393b216a3d6c029ba1a97fb57dead65
                                    • Instruction Fuzzy Hash: F3E1B4B1504B009EE324DF38D885B93BBE4FF08321F51992EE5AEC7391D7B1A5848B58
                                    Function 0091D99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: Rectgdi_
                                    • String ID:
                                    • API String ID: 2404991910-3916222277
                                    • Opcode ID: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction ID: 581fed10761d278462d32a89a313a8e68e4953deab1a57d2abe6b0c459b0052c
                                    • Opcode Fuzzy Hash: 8ba7598446483d01aacccd95e18fab9370839817ab0e812389b110f6684f8608
                                    • Instruction Fuzzy Hash: EB51A67310110EBBCF02DE94CD41EEB7BAEBF48344B064256FE1A95021E732E965DBA1
                                    Function 009468CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00000FA0,?,?,?,00946A0A,?,?,00000000,?,0093E976,00000000), ref: 0094697B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: CountCriticalInitializeSectionSpin
                                    • String ID: %s: unknown handler type %u$WLog_Appender_New
                                    • API String ID: 2593887523-3466059274
                                    • Opcode ID: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction ID: 793ef64c232cf61c373ad968dabcfb13b4af3b2df36f2ebfdc1f3faccd852a0c
                                    • Opcode Fuzzy Hash: 2a3491989bc6017bb6a3ba9123c3672a8315cbe653669e49b9a82df4ce510e10
                                    • Instruction Fuzzy Hash: 33116FF310C2127696363A7C9C4AF7F5B6CEBC3F30B140819F405A6141DEB8D8016163
                                    Function 008B3FD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%s-client.%s$DeviceServiceEntry
                                    • API String ID: 0-2733899524
                                    • Opcode ID: ab6cdb53677e77bfe8f461571828b278981fb74294dcaa2121da64c119fa8abf
                                    • Instruction ID: 44efaec087a37b613e87c21db29c7001be37172d707e2d3a7cafdf484c38c41f
                                    • Opcode Fuzzy Hash: ab6cdb53677e77bfe8f461571828b278981fb74294dcaa2121da64c119fa8abf
                                    • Instruction Fuzzy Hash: FB113D72A00619ABAB119E9D8882AEF77BCFF94B50F14401AFD14D6342D771DE418B91
                                    Function 0093EBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,00000000,?,0093E987), ref: 0093EBF6
                                    • GetEnvironmentVariableA.KERNEL32(WLOG_FILTER,00000000,00000000,?,?,0093E987), ref: 0093EC1A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WLOG_FILTER
                                    • API String ID: 1431749950-2006202657
                                    • Opcode ID: b570e68e730d0948c19e4da74c4f43dc735b3bbdaeafb56f109e2f0c8ee5a93b
                                    • Instruction ID: 3fec0e709d2c3bcfc6025df241d567c9e0c8bb6f7be00c33bffba8ca5f039c87
                                    • Opcode Fuzzy Hash: b570e68e730d0948c19e4da74c4f43dc735b3bbdaeafb56f109e2f0c8ee5a93b
                                    • Instruction Fuzzy Hash: 41F02B332152153B4A122765BC49E2F7FBDEAC57F8311002AF408C3150EE754C81CBE5
                                    Function 0093BC26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: .msrcIncident$.rdp
                                    • API String ID: 4218353326-1437571178
                                    • Opcode ID: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction ID: f07e7c7f1c68fbe5b57b3f94243d901e38104666f4676f69934f89d0ee7849ed
                                    • Opcode Fuzzy Hash: 98d7b70101829d96a3b18f1c66afdf404e134bc808179f180f619114315caf52
                                    • Instruction Fuzzy Hash: F5F04C72A1491A6B8D34A57DDC02E277788EA42374B241B2AF67AC31D0DF35DC108ED0
                                    Function 00944BC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BCC
                                    • GetEnvironmentVariableA.KERNEL32(WINPR_NATIVE_SSPI,00000000,00000000,?,?,00944AE3), ref: 00944BEC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable
                                    • String ID: WINPR_NATIVE_SSPI
                                    • API String ID: 1431749950-1020623567
                                    • Opcode ID: f62dc3ca3c2d19c46bfe42be6b7d6bab040256932c1b18d7fbcb910c16196d3e
                                    • Instruction ID: b882acdbe92ef9bd373d47b47473bc123626f93fc9e752451f07ca53644d108c
                                    • Opcode Fuzzy Hash: f62dc3ca3c2d19c46bfe42be6b7d6bab040256932c1b18d7fbcb910c16196d3e
                                    • Instruction Fuzzy Hash: 86F027376AA13226D93521687C45F6F4EA8DBC2F32B260519F405D3082C950488399E1
                                    Function 0090A2AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • rfx_context_new.GETSCREEN-941605629-X86(?), ref: 0090A2ED
                                      • Part of subcall function 008FE4DD: GetVersionExA.KERNEL32(?), ref: 008FE5CD
                                      • Part of subcall function 008FE4DD: GetNativeSystemInfo.KERNEL32(?), ref: 008FE5E7
                                      • Part of subcall function 008FE4DD: RegOpenKeyExA.ADVAPI32(80000002,Software\FreeRDP\FreeRDP\RemoteFX,00000000,00020119,?), ref: 008FE612
                                    • progressive_context_free.GETSCREEN-941605629-X86(00000000), ref: 0090A36D
                                    Strings
                                    • com.freerdp.codec.progressive, xrefs: 0090A2CA
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: InfoNativeOpenSystemVersionprogressive_context_freerfx_context_new
                                    • String ID: com.freerdp.codec.progressive
                                    • API String ID: 2699998398-3622116780
                                    • Opcode ID: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction ID: 6b1d29391764bc9a3df84ea5430f2b138f2f82a8e1090d3d8a057c610b73b72c
                                    • Opcode Fuzzy Hash: 18559faaedd7055d4b9b44b63d308c6d07116ca5d76b8dcf96d47b3d9519b392
                                    • Instruction Fuzzy Hash: 2CF08932A05B022EE2247B799C02F5F7BDCEFC2B70F14442EF649A65C1EA70944187A6
                                    Function 008F1ED8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • freerdp_settings_get_key_for_name.GETSCREEN-941605629-X86(?), ref: 008F1EEF
                                    • freerdp_settings_get_type_for_key.GETSCREEN-941605629-X86(00000000), ref: 008F1F51
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: freerdp_settings_get_key_for_namefreerdp_settings_get_type_for_key
                                    • String ID: TRUE
                                    • API String ID: 1888880752-3412697401
                                    • Opcode ID: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction ID: 56860d286779eccbdba50569e3e1004151d1605e965b2dc86ae87e97d2d470fe
                                    • Opcode Fuzzy Hash: fb72cbc0c18c493876752cc48ca65fa4ff87482f758229033082a115f0fec9ae
                                    • Instruction Fuzzy Hash: F9E0E53230021CBB9E155ABEDC86DBB325CFB85BA1B014065F704E6141BB60E91045A0
                                    Function 008F1493 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 39769dbc4e3bc64ea4028b8367593c5396817458cfaaee2caae953db0f25a51f
                                    • Instruction ID: 22d6c54afc185ab337739a79b4da8272e632066f334204f5f48733732755bf45
                                    • Opcode Fuzzy Hash: 39769dbc4e3bc64ea4028b8367593c5396817458cfaaee2caae953db0f25a51f
                                    • Instruction Fuzzy Hash: 34F0E2B240021ABBCF116FA4DC43EAB7A9DFF55394B060520FE0492212E736DD21C7E5
                                    Function 008F15BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s:%s
                                    • API String ID: 4218353326-3196766268
                                    • Opcode ID: 57709d556c5ec73e2ca0679771487ee0c3e157e607546f1ee6980b6c1631fe56
                                    • Instruction ID: cd4d545b7d61e29f43a69f0f1e0d323813bc28cd40525783a99ae42c553bc90f
                                    • Opcode Fuzzy Hash: 57709d556c5ec73e2ca0679771487ee0c3e157e607546f1ee6980b6c1631fe56
                                    • Instruction Fuzzy Hash: 8EF082B1400219BBDF116F658C87E9B7B5DFF55394B064520FD0492212E736DE21C7E0
                                    Function 0094717D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,00947163), ref: 00947190
                                    • GetEnvironmentVariableA.KERNEL32(WTSAPI_LIBRARY,00000000,00000000,?,?,00947163), ref: 009471B1
                                      • Part of subcall function 00947310: LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                      • Part of subcall function 00947310: GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: EnvironmentVariable$AddressLibraryLoadProc
                                    • String ID: WTSAPI_LIBRARY
                                    • API String ID: 3590464466-1122459656
                                    • Opcode ID: ef0431a406c52e39789352168ad718afd4412e6531d98c1488ed13628fa9baec
                                    • Instruction ID: 1e339f983606ef080ca03f5e97ab75c097d9bc8f98914d957f7828117d48cd4b
                                    • Opcode Fuzzy Hash: ef0431a406c52e39789352168ad718afd4412e6531d98c1488ed13628fa9baec
                                    • Instruction Fuzzy Hash: 60E09B3215E5263ED53127D8BC5AF5F9B5CDBC5B75F210519F401A70C49F60588181E6
                                    Function 00947310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryA.KERNEL32(?,?,009471C4,00000000,?,?,00947163), ref: 00947316
                                    • GetProcAddress.KERNEL32(00000000,InitWtsApi), ref: 0094732B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: AddressLibraryLoadProc
                                    • String ID: InitWtsApi
                                    • API String ID: 2574300362-3428673357
                                    • Opcode ID: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction ID: 70aeca8830329790fe53f48c1c03e0f15435140fe0fd5dcd134788a9b0524c82
                                    • Opcode Fuzzy Hash: a052fe070d378882fc0d654c0d1a0ba9f5d1038dd1441bdfd65ea0838f48b649
                                    • Instruction Fuzzy Hash: E7D012316AC6096B9F10AFFABC05926BBDCA7406403044866A819D7150EF71C950E551
                                    Function 009AF42C Relevance: 5.2, APIs: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,0099B650,00AF0388,0000000C), ref: 009AF430
                                    • SetLastError.KERNEL32(00000000), ref: 009AF4D2
                                    • GetLastError.KERNEL32(00000000,?,00995FDD,009AF0E3,?,?,0093F77A,0000000C,?,?,?,?,008B27D2,?,?,?), ref: 009AF581
                                    • SetLastError.KERNEL32(00000000,00000006), ref: 009AF623
                                      • Part of subcall function 009AF066: HeapFree.KERNEL32(00000000,00000000,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF07C
                                      • Part of subcall function 009AF066: GetLastError.KERNEL32(?,?,00995F2D,?,?,?,0093FA9A,?,?,?,?,?,008B293F,?,?), ref: 009AF087
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.2193936002.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                    • Associated: 00000005.00000002.2193915775.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000A5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000000DF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000017F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.0000000001949000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.000000000195A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2193936002.00000000019FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000005.00000002.2200361525.0000000001A23000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_2d0000_getscreen-941605629-x86.jbxd
                                    Similarity
                                    • API ID: ErrorLast$FreeHeap
                                    • String ID:
                                    • API String ID: 3197834085-0
                                    • Opcode ID: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction ID: 1eee97cffb49e4f63dd9129b61362a57dc34bac9da4a4a89ef630f573c7e5e9f
                                    • Opcode Fuzzy Hash: 2076ce3624d0a8cf1e50c8a4d00dbae0b7d0f896a142bf61ef67f3346ce95ad3
                                    • Instruction Fuzzy Hash: E241C435A4D2117FDA103BFCADAAFAB668C9F96374B100770F610971E1EF649D058290